The law aims to boost disclosure requirements and to strengthen consumer protections in the case of a data breach. The Stop Hacks and Improve Electronic Data Security Act (SHIELD) puts additional responsibilities on companies that collect personal data.
Under the newly passed bill, the definition of a breach includes information that an unauthorised person gains ‘access’ to, and not just information that an unauthorised person ‘acquires.’ Also, it requires a company to comply if they have any information belonging to a New York resident, beyond just a company doing business in New York. The bill expands the scope of the data notification law to require disclosure of biometric information, passwords, email addresses, and security questions.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.