Consumers have a new law in New York to thank for providing additional protection from identity theft and data breaches. The law, which was passed by the state legislature in June in response to the rash of record-breaking data breaches and updated regulations, spells out how companies must respond when a breach event occurs.
The new law in New York even applies to businesses outside of the state. If the victims of the breach are New Yorkers, the company must comply with the steps outlined in the law no matter where they are located. This can have a domino effect of sorts since disclosing the breach to those residents can help make consumers in other states aware that a breach has occurred, even if they are not going to be receiving notification letters due to their locations.
Moreover, the SHIELD Act in New York will cover biometric data, not just personal identifiable information like Social Security numbers or usernames and passwords. If a company gathers and stores things like fingerprints or blood type, that information is now considered worthy of triggering a data breach notification. In the past, different states have had different rules on what requires a notification letter, and until now, biometric data was not included in New York.
Further, the SHIELD Act will require companies to inform victims as quickly as possible that their information was compromised. If there are more than 500 victims from New York the company is also required to inform the state’s Attorney General’s office. It also outlines which types of information require a notification letter, such as email addresses and passwords, birthdates and SSNs.
The SHIELD Act signed last week by Governor Cuomo, goes into effect in March 2020. It is based on a lot of consumer protection concepts that were put into place in Europe under the GDPR regulations that were enacted last year. The new law in New York was also inspired in part by the Equifax data breach from a year ago, an event in which 147 million consumers had their complete identities stolen by hackers.
For its part, Equifax has now launched its claims website for consumers to find out instantly if their information has been compromised. If it has, the steps for filing a claim and seeking compensation are included on the site. The claims site can be found at EquifaxBreachSettlement.com.
You might also like…