AG’s Office Also Releases New Small Business Guide to Help NY Business’s Improve Their Data Security and Better Protect Customer’s Personal Information.
New York, NY - June 6, 2018 - Attorney General Barbara D. Underwood today announced that several major business and consumer organizations have endorsed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), S6933-A and A8884A, the Attorney General’s legislation to close major gaps in New York’s data security laws. Under the SHIELD Act, companies would have a legal responsibility to adopt “reasonable” administrative, technical, and physical safeguards for sensitive data; the bill also would expand the types of data that trigger reporting requirements. AARP, the Partnership for New York City, and Consumers Union have all expressed their strong support for the bill, and urged the New York State Legislature to pass it this year.
“Data breaches wreak havoc on both consumers and businesses every time they happen – driving down credit scores of individuals, and harming the reputations of companies,” said Attorney General Underwood. “That’s why the Partnership for New York City, AARP, and Consumers Union are united in supporting the SHIELD Act to strengthen New York’s data security laws. It’s time for Albany to bring our laws into the 21st century and ensure that New York families and businesses are not needlessly victimized by weak data security and criminal hackers.”
“Employers and consumers are equal victims when there is a breach of cyber security,” said Kathryn Wylde, President & CEO of the Partnership for New York City. “The Attorney General’s Office has put forward legislation to prevent data breaches that undermine privacy and security, which Albany should enact this year.”
Beth Finkel, AARP New York State Director said, “The massive data breaches which impacted more than half of all adult New Yorkers last year alone serve as an ongoing reminder that any of us could become a victim of identity theft at any time. AARP applauds Attorney General Underwood for pushing the proactive SHIELD ACT legislation to protect our personal information from would-be thieves who could literally ruin our lives. We thank Senator Carlucci and Assemblyman Titone for sponsoring this bill. Now as always, we urge everyone to take advantage of AARP’s Fraud Watch Network for practical information and tips on how to protect yourself.”
Justin Brookman, Director of Consumer Privacy and Technology Policy for Consumers Union said, “With the escalating number of data breaches, New York State is leading the way to put important security requirements in place to protect consumer data. Consumers Union strongly supports the SHIELD Act, which would ensure that businesses collecting information about New Yorkers will be held to strict data security standards, helping to reduce the risk of future data breaches.”
Russ Haven of NYPIRG said, “New Yorkers are understandably uneasy about the security of their confidential information–no surprise since 8 million consumers in the state had their information compromised in the giant 2017 Equifax breach alone. The Attorney General's proposal will update our state data breach law to cover more types of private data, establish clear minimum security standards and raise the penalties for companies that fall short. The Legislature should pass the Attorney General's bill before leaving in late June.”
In March, the Attorney General’s office released a report documenting the record number of data breach notices filed with the office in 2017. In 2017, companies and other entities reported 1,583 data breaches to NYAG, exposing the personal records of 9.2 million New Yorkers – quadruple the number of New Yorkers impacted in 2016.
In addition to advocating for stronger data security laws, the Attorney General’s office recommends that small businesses take proactive steps to protect the sensitive data of their customers. The Small Business Guide to Cybersecurity in New York State recommends ten steps small business owners should take to improve their data security:
Use Strong Passwords And Change Them Regularly
Use Anti-Virus Programs and Firewalls
Delete Old Files and Accounts
Limit Access to Sensitive Data
Be Cautious with Email Attachments, Links, and Downloads
Back Up Files/Folders/Software
Establish Network Security/Access Control
Establish Physical Access Controls for Computer Equipment
Keep Your Software Up to Date With the Latest Security Fixes
Get Help When Needed
Guidance on how to implement these steps, as well as a sample data breach notification letter, can be found in the guide.