Does Your Business Have Employees or Customers In New York?

Does Your Business Have Employees or Customers In New York?

Businesses that have employees or customers in the state of New York are now subject to new regulations for data security. That’s right, New York state now has the Stop Hacks And Improve Electronic Data Security (SHIELD) Act, with the goal of securing the personal information of individuals in New York state.

Businesses with employees or customers in New York are required to take steps to provide safeguard the personal information of New York residents and prevent this data from being part of a breach. Given the population and the number of businesses operating in New York or with employees in New York, the SHIELD Act has a pretty large-scale impact.

What Does the SHIELD Act Protect?

More than just an operational mandate, the SHIELD Act requires businesses handling the private data of any person, which includes information like names and Social Security numbers, to exercise minimum data security protocols for this information.

What does “handling” mean?

Any person or business that accesses, stores, shares, or basically uses this sensitive information in computerized data format, including:

• Names
• Social Security numbers
• Driver’s license number
• Credit and debit card numbers, with or without PIN codes
• Financial account numbers or information
• Biometric information
• Account user names or email addresses – with or without passwords

How Do You Know If Your Business Is Compliant with the SHIELD Act?

In the case of the SHIELD Act and compliance, businesses are classified into two categories:

Small Businesses

• Less than 50 employees
• Less than $3 million in annual revenue in each of the past three fiscal years

Small businesses have slightly more leverage and flexibility to avoid the most costly of security measures, though small businesses are still required to take reasonable administrative technical and physical safeguards to protect your data in electronic format. What does “reasonable” mean? Reasonable safeguards are those measures considered appropriate for:

• The size and operational complexity of the small business
• The nature and scope of the business and industry
• The sensitivity of the data used by the business

Large Businesses

• More than 50 employees
• More than $3 million in gross annual revenue

Why Does Your Business Need to Be SHIELD Act Compliant?

One important distinction with the SHIELD Act is that “breach” applies to unauthorized access. The reason this is important is to recognize that the SHIELD Act deems even potential access to sensitive information as worthy of notification to those whose information may be exposed. Redefining “breach” expands the minimum requirements to notify parties but also credit reporting agencies to offer identity theft protection services to those consumers affected.

The risk of exposing sensitive data can be incredibly costly. Not only can violations of the SHIELD Act result in fines of up to $5,000 per violation, but the long-term cost of identity theft and credit card fraud is exponentially more expensive.

What Can Your Business Do to Be SHIELD Act Compliant?

The SHIELD Act requires businesses to protect consumer data in electronic format, and businesses can take steps with technology security including:

• Secure your IT systems and network and monitor activity
• Limit those who can access this information
• Training, training, training

That last bullet is repeated because it’s just that important! Training staff on security protocols and best practices for data security is the most important step, including how to choose passwords, how to update passwords, and how to recognize phishing attempts to covertly get passwords through emails and websites that look legitimate but are actually attempting to collect passwords.

Data security is the name of the game – in New York and everywhere else! If you’re not certain your business is SHIELD Act compliant, talk to an IT company that understands the New York SHIELD Act to help you determine if your business is compliant.