We reported last summer on two new legislative enactments in New York putting new demands on how companies handle the personal data of New York residents: the Identity Theft Protection and Mitigation Services Act (ITPMS Act), and the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). Both were signed into law on July 25, 2019, and as described below, both have since then come gradually into full effect. This includes their most significant feature: as of March 21, 2020, “any business that owns or licenses computerized data which includes private information of a resident of New York” now faces the prospect of an enforcement action by the New York Attorney General’s (AG) Office for the assessment of penalties if the company fails to develop, implement and maintain “reasonable safeguards” for the protection of that information.
Continue Reading “Reasonable Safeguards Requirement” For Personal Information of New York Residents Now Kicks In (with even broader Privacy/Security Legislation Still in the Offing)