Written by: Daniel Haurey on 09/13/19

A Gavel

Signed into law by the governor of New York in July 2019, the SHIELD Act goes into effect on March 21, 2020.  The law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.  Failure to implement a compliant information security program is subject to enforcement by the New York State Attorney General and may result in injunctive relief and civil penalties of up to $5,000 imposed against an organization and/or individual employees for “each violation.”

Reasonable Safeguards:

“Reasonable Safeguards” under the SHIELD Act are classified as Administrative, Technical or Physical.  Exigent Technologies and our sister firm, Partners in Regulatory Compliance is engaging with clients to help them meet the requirements in the following ways.

SHIELD Act Requirement Type of Safeguard Our Service Offering(s)
Designate one or more employees to coordinate the security program Administrative Stakeholder Education
Identify reasonably foreseeable internal & external risks and assess the sufficiency of safeguards in place to control the risks Administrative Risk Assessment*
Train and manage employees in the security program practices and procedures Administrative Cybersecurity Awareness Training*
Select Service Provides capable of maintaining appropriate safeguards and require those safeguards by contract Administrative Third Party Service Provider Management Policy
Assess risks in network and software design Technical Risk Assessment*
Network Assessment
Remediation Work
Assess risks in information processing, transmission and storage Technical Risk Assessment*
Network Assessment
Remediation Work
Detects, Prevents and Responds to attacks or system failures Technical Managed IT Services
Incident Response Policy*
Incident Response Plan*
Firewall, IDS, IPS
Anti-Virus / Anti Malware
Regularly tests and monitors the effectiveness of key controls Technical Vulnerability Assessment*
Penetration Testing*
Protects against unauthorized access to or use of private information Physical Access Control
Multi-Factor Authentication
Password Manager
Encryption

*Offered through our sister entity, Partners in Regulatory Compliance