New York Shield Act: Compliance Services

Risk Cognizance has designed a suite of Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) readiness services that will help your organization meet the new requirements of this regulation, support you in your compliance efforts, and evolve your program with your organization. Our service model helps organizations assess, mature, and manage their data privacy programs, including Shield Act compliance.

Shield Act compliance is a consumer privacy law that will be coming into effect on October 1, 2020. The bill – which is aggressive for American privacy policy standards – will put guidelines on personal information collection and post-data-acquisition data usage by businesses.

Come 2020, the Stop Hacks and Improve Electronic Data Security Act (“Shield Act”) may significantly impact businesses’ data practices, with new and burdensome compliance obligations such as “sale” opt-out requirements and, in certain circumstances, restrictions on tiered pricing and service levels. The breadth of personal information covered by the Shield Act, going beyond what is typically covered by U.S. privacy laws, will complicate compliance and business operations.

Risk Cognizance Shield Act, CCPA and GDPR privacy compliance consultants incorporates your Shield Act, CCPA wth your GDPR compliance requirements, powered by a unique combination of deep privacy expertise developed over two decades, proven methodologies refined through tens of thousands of engagements, and powerful technology operating at scale for 20 years.

Who need to comply with shield

BILL NUMBER: S5575B New York’s data breach notification law requires an organization to implement necessary safeguards to protect data and provide notification in the event of a breach. This bill broadens the scope of information covered under the notification law and updates the notification requirements when there has been a breach of data. It also broadens the definition of a data breach to include an unauthorized person gaining access to information. It also requires reasonable data security, provides standards tailored to the size of a business, and provides protection from liability for certain entities. This act shall be known and may be cited as the “Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)”


 The SHIELD Act substantially changes the definition of a breach. Prior to the SHIELD Act, the definition of a breach was restricted to the unauthorized acquisition of private information. The SHIELD Act expands the definition to also include unauthorized access to private information. The inclusion of unauthorized access to private information will result in a substantial increase in the number of businesses that will be required to report a breach.


 Should a breach occur, you will need to notify the impacted individuals as well as: the New York State Attorney General, the Department of State, and the Division of State Police. If the breach impacts more than 5,000 New York residents, consumer reporting agencies must also be notified. If you are already subject to HIPAA, GLBA, or the NY DFS 500 Cyber Regulation, duplicate notifications to the individual is not required.

The SHIELD Act significantly amends New York’s data breach notification law and data protection requirements. On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) amending New York’s data breach notification law.

SHIELD Act Privacy Compliance Oversight

Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security — both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.