New York’s 2019 Shield Act: Data Privacy and What Lawyers Should Know

Protecting Consumer Privacy and Imposing Duties on Businesses: New York’s “Shield” Act

In July 2019, New York State enacted the Stop Hacks and Improve Electronic Data Security Act, also known as the “SHIELD Act.” The provisions of the Act that apply to data breach notice requirements go into effect in October 2019, and the provisions mandating reasonable security requirements go into effect in 2020. The panel will discuss how the SHIELD Act has changed New York State privacy and security law, its impact on businesses that don’t do business in New York State, and how it intersects with other laws like the New York Department of Financial Services Regulations and HIPAA. The speakers will also examine different efforts to create a standard for “reasonable cybersecurity,” including the approaches taken by the SHIELD Act, the 20 controls set out in the California Attorney General’s 2016 Data Breach Report, and the recent guidance issued by NIST.

Agenda Topics

• The Scope of the SHIELD Act
• Enforcement and potential penalties
• Documentation requirements
• Different views on what is required for “reasonable” cybersecurity

Speakers

Mark A. Berman, Esq. | Ganfer Shore Leeds & Zauderer LLP

Ron Hedges, Esq. | Dentons US LLP

Gail Gottehrer, Esq. | Law Office of Gail Gottehrer LLC