On March 21, 2020, the data security requirements of the New York SHIELD Act became effective.  The Act, which amends New York’s General Business Law, represents an expansion of New York’s existing cybersecurity and data breach notification laws.  Its two main impacts on businesses are:

  1. expanding data breach notification requirements under New York law; and
  2. requiring businesses to maintain “reasonable safeguards” to protect the “private information” of New York residents.

The Act’s expanded data breach notification requirements went into effect on October 23, 2019, as discussed in our prior blog post.  For more information on the “reasonable safeguards” requirement that is now in effect, see our client alert on this topic found here.