In the wake of large-scale data breaches like the recently announced Equifax breach, lawmakers are taking a closer look at the protections their current laws offer to both consumers and businesses.
In too many cases, officials have found that the current laws don’t do nearly enough to afford any kind of protection. A new bill in New York called the SHIELD Act, introduced by the Attorney General’s office, gives the state two key avenues to protect consumers. First, it outlines the kinds of security measures that companies must deploy if they gather sensitive information about citizens. New York currently has very little in the way of set regulations for how businesses must protect information if they don’t collect critical data like Social Security numbers.
However, the Equifax breach did involve an estimated 143 million SSNs, so the existing New York breach notification law does detail the steps to be followed after a breach. That’s where the second part of the SHIELD Act comes in: litigation. The new bill would allow the state to sue companies on behalf of New Yorkers who are affected by a data breach that exposes their personal identifiable information. Furthermore, this new law would also build on existing notification laws by specifying exactly what information needs to be provided to consumers following a data breach.
The Equifax breach has raised a lot of concern for a number of reasons, namely that the event occurred and was discovered by the company in late July 2017, but wasn’t announced until late September.
Events like this one are the focus of NY Attorney General Eric T. Schneiderman’s efforts with this new bill. The goal of protecting consumers can only be reached when the public can be certain their data is stored safely, and when they have all the facts concerning security incidents involving their information.