New York’s S.H.I.E.L.D. Act Is Here

Written by: Charles R. Langhorne IV, Esq.

The COVID-19 world that we are living in is has changed the perspective of many businesses from proactive to reactive. Businesses (rightly so) are concerned with making payroll so that their employees can continue to pay their mortgages as opposed to preparing the company for impending data privacy laws. Nevertheless, the world moves on.

The NY SHIELD Act (the “Act”) went into effect on March 21, 2020. I have a feeling it went unnoticed by many businesses that do not have substantial ties to New York. However, as my colleague, Richard Sheinis, explained out in an article in June of last year, the Act is very important and has some long arms. Specifically, there is no geographic limitation in the Act. If your business possesses the personal information of a New York resident, your business is subject to the Act. Regardless of whether you do business in New York.

The Act also contains some lengthy security safeguards a business must have in place to protect personal information. This is the first U.S. data privacy law that has required a business to maintain written security measures.

As far as enforcement is concerned, the Attorney General’s office has not made any statement indicating enforcement of the Act will be delayed due to the COVID-19 crisis.