Identifique e mapeie todos os seus dados.
Find and inventory your private information and high-risk data for a clear, comprehensive view of all the data you store and maintain — not just the data you know about.
The New York Stop Hacks and Improve Electronic Data Security (NY SHIELD) Act
The NY SHIELD Act — which went into effect in New York on March 21, 2020 — applies to any person or business that owns or licenses computerized data that includes the private information of a New York resident.
NY SHIELD requires these organizations — referred to as “covered businesses” — to implement and maintain reasonable safeguards that protect the security, confidentiality, and integrity of residents’ private information.
Desafios to NY SHIELD Compliance
To achieve and maintain full compliance with NY SHIELD, covered businesses must implement and manage data security programs that incorporate “reasonable” safeguards over New Yorkers’ private information.
These security programs must include administrative, technical, and physical protections across the business.
Are You a “Covered Business”?
Before the NY SHIELD Act, companies were only obligated to provide data breach notifications under New York’s breach notification law — which only covered organizations that conducted business within New York state.
NY SHIELD expanded the scope of “covered businesses” to “any person or business which owns or licenses computerized data which includes private information” of a resident of New York.
Know Your Private Information
A subset of personal information, “private information” is the type of data regulated by NY SHIELD.
Private information includes combinations of username/password info that would permit access to an online account, biometric data, and account or credit card numbers used without other identifying information.
Companies must be able to classify and correlate private information to find relationships between data points.
Reasonable Administrative Salvaguardas
NY SHIELD’s mandate that covered businesses incorporate “reasonable administrative safeguards,” requires them to:
- designate and train employees to coordinate the security
program - identify foreseeable internal and external risks
- assess the sufficiency of safeguards
- use service providers that maintain appropriate safeguards and contractually require those safeguards
- adapt security programs to business changes
Reasonable Technical Salvaguardas
“Reasonable technical safeguards” under NY SHIELD require organizations to:
- assess risks in network and software design
- assess risks in information processing, transmission, and storage
- prevent, detect, and respond to attacks or system failures
- regularly test and monitor controls, systems, and procedures
Reasonable Physical Salvaguardas
To maintain “reasonable physical safeguards” regulated by NY SHIELD, businesses must:
- assess risks of information storage and disposal
- prevent, detect, and respond to intrusions
- protect against unauthorized access during or after the
collection, transportation, and destruction of private information - dispose of private information within a reasonable timeframe after it is no longer needed
Achieve Compliance, Avoid Penalties
Violations to NYSHIELD compliance, which are enforced by the New York Attorney General, may result in a civil penalty of up to $5,000 dollars per violation.
To avoid financial penalties and the reputational damage that violating companies face, companies must automate effective reporting on security controls.
Como o BigID ajuda com NY SHIELD Compliance
Obtenha uma demonstração
Saber mais
Correlate & Catalog Private Information
Accurately determine how identifiers like account number, passwords, and biometric data relate to an individual — and view data relationships in a single, catalog view.
Reduzir o risco
Prioritize your most high-risk data, flag data flows that pose risk, continuously monitor activity, and speed up breach notifications in the event of an incident.
Advanced Machine Learning
Apply advanced machine learning techniques that can automatically inventory private information down to the individual level — by residency, sensitivity, risk, custom classifiers, and more.
BigID para NY SHIELD Compliance
Descoberta em Profundidade
Discover all private and regulated information that falls under NY SHIELD — wherever it’s stored across the enterprise
Next-Gen Data Classification & Correlation
Adote uma abordagem baseada em aprendizado de máquina para classificar, etiquetar e descobrir automaticamente relações entre dados regulamentados de alto risco.
Aplicativo de Remediação de Dados
Remediate sensitive and regulated NY SHIELD data — and manage high-risk data with remediation workflows and audit trails.
Agende uma demonstração
Agende uma demonstração personalizada com nossos especialistas em dados nas áreas de privacidade, proteção e perspectiva – e veja o BigID em ação.
Liderança do setor
