Everyone saw this coming, and we all know that it will continue to spread across all states. New York is following in the footsteps of Vermont and California and now has a more solidified data security act in the works. Senate Bill S6933B or the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), or its actual acronym SHIEDS. This act will tell New Yorkers with more details about how their information is being used, define more clearly what personal information is and discuses procedure for data breaches.
The bill more or less echos the GDPR, although it is more lenient when it comes to disclosing a data breach, with an exception for smaller businesses with no more than 50 employees, and an annual gross revenue less than $3 million. Companies will have 30 days to report a data breach and alert users who could have been affected by the breach. Noncompliance will result in $5,000 per violation or $20 notification failure up to $250,000.
This act specifically defines what personal information as, “any information concerning a natural person which, because of name, number, personal mark or other identifier, can be used to identify such natural person.” By this definition, most data would be considered personal information. The act also defines what private information includes, which is all the above, in conjunction with a driver's license number, health information, financial account or credit card numbers, biometric information, a username or email with a password, security codes or SSNs.
When it comes to personal information that is being collected, companies need to be careful about how they handle that data. If you deal with leads in New York, you should at least be familiar with this act and how to handle a breach if one does happen. Luckily, the boberdoo system has secure data retention, as well as automated data deletion. Request a demo above to learn more about how boberdoo can track, route and bill for your leads, while keeping them secure.