New York State Passes SHIELD Act and Expands Breach Notification Laws

The New York State Assembly passed the SHIELD (Stop Hacks and Improve Electronic Data Security Act) which is positioned to enforce a new legal framework for businesses when protecting personally identifiable data. 

The Empire State moves one step closer to adopting the SHIELD Act, a law aimed to hold businesses accountable for the safeguard of their client’s data across the State of New York. This new bill is critically important for the organizations and enterprises that conduct business in NY State, as their cybersecurity frameworks must be in shape and ready to exemplify their compliance in case of a data breach or cyber attack

What is the SHIELD Act?

The New York State SHIELD Act (Senate Bill S5575B) introduced earlier this year by NY Senators Thomas, Carlucci, and Biaggi, aims to redefine the legal structure for New York based businesses and their attention to care for securing consumer data and information. Now only requiring the Governor’s signature to come into effect, the new breach notification law is just steps away from defining an organization’s legal obligation to notify relevant consumers in the case of a cyber attack or data breach. 

The SHIELD Act outlines the notification requirements for both informing affected consumers and a mandated notice to the NY Department of State, NY State Police, and NY Attorney General. With stricter enforcement of “reasonable” accountability, organizations of all industries who hold data from New York residents must ensure their breach notifications are compliant. Other necessary actions include closer time frames for notifications to take place and a description of how the data was accessed without company authorization.


Defined in the legislation is the updated elements of “Private Information”

A Growing Trend of State-Mandated Breach Notification Laws

Senate Bill S5575B subsequently follows a trend of state government branches taking the initiative to hold businesses reliable for the well-being and general protection of their data. The California Consumer Act of 2018 is recognized as one of the most definitive pieces of legislation in the space, and the SHIELD Act sets a higher obligation for these organizations to protect the data and information in which they collect. Delaware recently passed its own state information protection law which blueprints the requirements for businesses to hold accountable for data they possess.

The Future of Business and Consumer Data Protection

As the SHIELD Act moves further into the judicial system and regulates an organization’s liability of data protection, it’s important that businesses take the initiative now and implement policies to increase their data protection and network systems. More companies must begin to utilize consumer data to improve their processes, provide quality service, and modernize their business model, and they must ensure they are ready to defend themselves against the growing landscape of cyber crime. 

To view the current bill status of The SHIELD Act, you can visit The New York State Senate official website. As an experienced incident response and cyber security firm, Proven Data is able to assist organizations with breach notification compliance and regulations.


[1] Senate Bill S5575B, Sponsored By Kevin Thomas, The New York State Senate,
[2] New York’s SHIELD Act Heads to the Governor’s Desk, JDSUPRA, July 9 2019,


What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

Read more

Related Articles

Contact us

Leading experts on stand-by 24/7/365

If you suspect data loss or network breach, or are looking for ways to test and improve your cyber security – our team can help.

What we offer:
What happens next?

Our advisor will reach out with the free consultation


We evaluate your inquiry and review solutions


We send a custom proposal or quote for approval

Request a Free Consultation