Signed into law by the governor of New York in July 2019, the SHIELD Act goes into effect on March 21, 2020. The law covers all employers, individuals, or organizations, regardless of size or location, that collect private information on New York State residents. Failure to implement a compliant information security program is subject to enforcement by the New York State Attorney General. It may result in injunctive relief and civil penalties of up to $5,000 imposed against an organization and/or individual employees for "each violation."
Reasonable Safeguards
"Reasonable Safeguards" under the SHIELD Act are classified as Administrative, Technical, or Physical. Exigent Technologies is engaging with clients to help them meet the requirements in the following ways.
| SHIELD Act Requirement | Type of Safeguard | Our Service Offering(s) |
| Designate one or more employees to coordinate the security program | Administrative | Stakeholder Education |
| Identify reasonably foreseeable internal & external risks and assess the sufficiency of safeguards in place to control the risks | Administrative | Risk Assessment |
| Train and manage employees in the security program practices and procedures | Administrative | Cybersecurity Awareness Training |
| Select Service Providers capable of maintaining appropriate safeguards and require those safeguards by contract | Administrative | Third Party Service Provider Management Policy |
| Assess risks in network and software design | Technical | Risk Assessment, Network Assessment Remediation Work |
| Assess risks in information processing, transmission, and storage | Technical | Risk Assessment, Network Assessment Remediation Work |
| Detects, Prevents, and Responds to attacks or system failures | Technical | Managed IT Services Incident Response Policy, Incident Response Plan, Firewall, IDS, IPS, Anti-Virus / Anti-Malware |
| Regularly tests and monitors the effectiveness of key controls | Technical | Vulnerability Assessment, Penetration Testing |
| Protects against unauthorized access to or use of private information | Physical | Access Control, Multi-Factor Authentication, Password Manager, Encryption |
