NY SHIELD Act

Summary

Stop Hacks and Improve Electronic Data Security Act (SHIELD ACT) was developed in July of 2019. This Act amends New York's existing data breach notification law by expanding the definition of "Private Information" and by adding "Data Breach Security Protections." It has additional cybersecurity safeguards and new reporting requirements in the event of a breach.

Definitions

Definition	Requirements
5575_B_2. Personal and private information	095. Define users with privileges 156. Source code without sensitive information 176. Restrict system objects 185. Encrypt sensitive information 228. Authenticate using standard protocols 229. Request access credentials 231. Implement a biometric verification component 300. Mask sensitive data
5575_B_4. Personal and private information	123. Restrict the reading of emails 227. Display access notification 318. Notify third parties of changes
5575_B_6. Personal and private information	024. Transfer information using session objects 033. Restrict administrative access 046. Manage the integrity of critical files 062. Define standard configurations 154. Eliminate backdoors 177. Avoid caching and temporary files 181. Transmit data using secure protocols 183. Delete sensitive data securely 185. Encrypt sensitive information 189. Specify the purpose of data collection 249. Locate access points 252. Configure key encryption 253. Restrict network access 255. Allow access only to the necessary ports 262. Verify third-party components 330. Verify Subresource Integrity

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.