New York Governor Andrew Cuomo signed legislation on July 25 that amends state data breach law by imposing more expansive data security and data breach notification requirements on companies.
“The stark reality is security breaches are becoming more frequent and with this legislation New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data,” Gov. Cuomo said.
The Stop Hacks and Improve Electronic Data Security (SHIELD) Act expands laws that require companies handling personal data to notify New York-based consumers about data breaches, regardless of whether the person or business conducts business in the state. The bill also adds email addresses, passwords, and biometric data to a list of information that is covered by the law. The SHIELD Act takes effect on March 21, 2020.
In addition, Gov. Cuomo signed the Identity Theft Prevention and Mitigation Services Act that requires credit reporting agencies to provide identity theft prevention services to consumers that have their data exposed by hackers in a breach. That bill takes effect in 60 days.