Businesses throughout the U.S. will now be required to notify New Yorkers as quickly as possible when their information is compromised in a security incident, under a bill that Gov. Andrew Cuomo signed Thursday. The consumer-friendly data protection law updates New York’s current rules to cover biometric data, and forces firms to alert consumers when their email address, combined with the corresponding passwords or security questions and answers, are compromised. The state legislature quietly passed the Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, in June. The law, which takes effect March 2020, requires companies to notify individuals “in the most expedient time possible and without unreasonable delay,” a time period that generally means 30 days, state Sen. Kevin Thomas, who re-introduced the SHIELD Act after it failed to pass in 2017, previously told CyberScoop. If the incident affects more than 500 New York residents, the affected business is required to provide written […]
The post New York updates its breach notification law in response to Equifax, GDPR appeared first on CyberScoop.
Continue reading New York updates its breach notification law in response to Equifax, GDPR→