Identifiez et cartographiez toutes vos données
Find and inventory your private information and high-risk data for a clear, comprehensive view of all the data you store and maintain — not just the data you know about.
The New York Stop Hacks and Improve Electronic Data Security (NY SHIELD) Act
The NY SHIELD Act — which went into effect in New York on March 21, 2020 — applies to any person or business that owns or licenses computerized data that includes the private information of a New York resident.
NY SHIELD requires these organizations — referred to as “covered businesses” — to implement and maintain reasonable safeguards that protect the security, confidentiality, and integrity of residents’ private information.
Défis to NY SHIELD Compliance
To achieve and maintain full compliance with NY SHIELD, covered businesses must implement and manage data security programs that incorporate “reasonable” safeguards over New Yorkers’ private information.
These security programs must include administrative, technical, and physical protections across the business.
Are You a “Covered Business”?
Before the NY SHIELD Act, companies were only obligated to provide data breach notifications under New York’s breach notification law — which only covered organizations that conducted business within New York state.
NY SHIELD expanded the scope of “covered businesses” to “any person or business which owns or licenses computerized data which includes private information” of a resident of New York.
Know Your Private Information
A subset of personal information, “private information” is the type of data regulated by NY SHIELD.
Private information includes combinations of username/password info that would permit access to an online account, biometric data, and account or credit card numbers used without other identifying information.
Companies must be able to classify and correlate private information to find relationships between data points.
Reasonable Administrative Garanties
NY SHIELD’s mandate that covered businesses incorporate “reasonable administrative safeguards,” requires them to:
- designate and train employees to coordinate the security
program - identify foreseeable internal and external risks
- assess the sufficiency of safeguards
- use service providers that maintain appropriate safeguards and contractually require those safeguards
- adapt security programs to business changes
Reasonable Technical Garanties
“Reasonable technical safeguards” under NY SHIELD require organizations to:
- assess risks in network and software design
- assess risks in information processing, transmission, and storage
- prevent, detect, and respond to attacks or system failures
- regularly test and monitor controls, systems, and procedures
Reasonable Physical Garanties
To maintain “reasonable physical safeguards” regulated by NY SHIELD, businesses must:
- assess risks of information storage and disposal
- prevent, detect, and respond to intrusions
- protect against unauthorized access during or after the
collection, transportation, and destruction of private information - dispose of private information within a reasonable timeframe after it is no longer needed
Achieve Compliance, Avoid Penalties
Violations to NYSHIELD compliance, which are enforced by the New York Attorney General, may result in a civil penalty of up to $5,000 dollars per violation.
To avoid financial penalties and the reputational damage that violating companies face, companies must automate effective reporting on security controls.
Comment BigID aide avec NY SHIELD Compliance
Obtenir une démo
En savoir plus
Correlate & Catalog Private Information
Accurately determine how identifiers like account number, passwords, and biometric data relate to an individual — and view data relationships in a single, catalog view.
Réduire les risques
Prioritize your most high-risk data, flag data flows that pose risk, continuously monitor activity, and speed up breach notifications in the event of an incident.
Advanced Machine Learning
Apply advanced machine learning techniques that can automatically inventory private information down to the individual level — by residency, sensitivity, risk, custom classifiers, and more.
BigID pour NY SHIELD Compliance
Découverte en profondeur
Discover all private and regulated information that falls under NY SHIELD — wherever it’s stored across the enterprise
Next-Gen Data Classification & Correlation
Adoptez une approche basée sur le ML pour classer, étiqueter et découvrir automatiquement les relations entre les données réglementées à haut risque.
Application de remédiation des données
Remediate sensitive and regulated NY SHIELD data — and manage high-risk data with remediation workflows and audit trails.
Planifier une démonstration
Obtenez une démonstration personnalisée avec nos experts en données sur la confidentialité, la protection et la perspective - et voyez BigID en action.
Leadership dans l'industrie
