All New York State employers must comply with the NY SHIELD Act Breach Notification Amendments, effective October 23, 2019. The amendments impose obligations on all New York employers to notify both employees and others when their private information retained by the business is breached. Previously notification was only required of unauthorized acquisition of computerized data; the obligation now is much broader and includes financial account information, passwords, biometric and similar information. The definition of breach was also expanded to include unauthorized access, and the territory was expanded to cover “any person or business that owns or licenses private information of a N.Y. resident.”
In March, 2020, the Data Security Protections section of the Amendments will take effect, and will require persons or businesses retaining private information to engage in security precautions to protect the data, including disposal of data. For many businesses, this will involve establishing a data security program. It is not too early to begin to develop effective programs and policies.
For more information, please contact Sharon P. Stiller, Esq. or Rachel Demarest Gold, Esq.
Sharon P. Stiller, Esq.
160 Linden Oaks, Suite E
Rochester, New York 14625
Rachel Demarest Gold, Esq.
One MetroTech Center, Suite 1701
Brooklyn, New York 11201