ARTICLE
10 November 2017

New York Introduces New Data Protection Legislation

FP
Fisher Phillips LLP

Contributor

Fisher Phillips LLP logo
Fisher Phillips LLP is a national law firm committed to providing practical business solutions for employers’ workplace legal problems. Labor and employment law is all the firm does, offering deep and broad knowledge and experience in the area of the law the attorneys know best. Fisher Phillips attorneys help clients avoid legal problems, are dedicated to providing exceptional client service, and are there when you need them. The firm has over 400 attorneys in 34 offices with 33 locations. Learn more at www.fisherphillips.com.
Citing a sixty percent increase in data breach notifications from 2015 to 2016, New York Attorney General Eric Schneiderman recently introduced the Stop Hacks and Improve Data Electronic...
United States Employment and HR

Citing a sixty percent increase in data breach notifications from 2015 to 2016, New York Attorney General Eric Schneiderman recently introduced the Stop Hacks and Improve Data Electronic Security Act (SHIELD) bill.  The legislation would require companies that handle sensitive date of New York residents to adopt "reasonable administrative, technical and physical protections for data."

The proposed legislation would impose penalties of up to $5,000 per violation or $20 per each instance of failed notification, up to a maximum of $250,000.   Small businesses would have less rigorous requirements, and there is a proposed safe harbor for employers of all sizes who obtain independent certification that their data protection measures meet the highest standards.

Currently, New York only requires that businesses safeguards personal information if that information contains a social security number, and to be held liable under the law, businesses must conduct business in New York.  SHIELD would require that individuals be notified if sensitive personal information, such as social security number, biometric data, username/password combinations, and protected health data protected under HIPAA, is breached or stolen.  Failure to comply with the legislation could result in a civil suit and penalties under the General Business Law.  SHIELD will apply to companies operating outside the state if they handle the sensitive, personal data of New York residents.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More