Signed into law by the governor of New York in July 2019, the SHIELD Act goes into effect on March 21, 2020. The law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents. Failure to implement a compliant information security program is subject to enforcement by the New York State Attorney General and may result in injunctive relief and civil penalties of up to $5,000 imposed against an organization and/or individual employees for “each violation.”
Reasonable Safeguards:
“Reasonable Safeguards” under the SHIELD Act are classified as Administrative, Technical or Physical. Exigent Technologies and our sister firm, Partners in Regulatory Compliance is engaging with clients to help them meet the requirements in the following ways.
SHIELD Act Requirement | Type of Safeguard | Our Service Offering(s) |
Designate one or more employees to coordinate the security program | Administrative | Stakeholder Education |
Identify reasonably foreseeable internal & external risks and assess the sufficiency of safeguards in place to control the risks | Administrative | Risk Assessment* |
Train and manage employees in the security program practices and procedures | Administrative | Cybersecurity Awareness Training* |
Select Service Provides capable of maintaining appropriate safeguards and require those safeguards by contract | Administrative | Third Party Service Provider Management Policy |
Assess risks in network and software design | Technical | Risk Assessment* Network Assessment Remediation Work |
Assess risks in information processing, transmission and storage | Technical | Risk Assessment* Network Assessment Remediation Work |
Detects, Prevents and Responds to attacks or system failures | Technical | Managed IT Services Incident Response Policy* Incident Response Plan* Firewall, IDS, IPS Anti-Virus / Anti Malware |
Regularly tests and monitors the effectiveness of key controls | Technical | Vulnerability Assessment* Penetration Testing* |
Protects against unauthorized access to or use of private information | Physical | Access Control Multi-Factor Authentication Password Manager Encryption |
*Offered through our sister entity, Partners in Regulatory Compliance
Daniel Haurey Jr. is the president and founder of managed IT services provider Exigent Technologies, which he founded in 1997. Under his leadership, the MSP has earned accolades ranging from Channel Futures MSP 501 to being named SonicWall’s 2024 MSP Growth Partner of the Year. Dan is a true entrepreneur, dedicated to growing, investing in, and mentoring small businesses. You can find him on LinkedIn, where he regularly posts about technology, business, leadership, and community.