A provision to the Stop Hacks and Improve Electronic Data Security Act (SHIELD) expanding its scope to include the protection of biometric data went into effect on March 21.
The SHIELD Act, which was signed into law last July, mandates that businesses and organizations protect the private information of New York state’s residents by implementing and maintaining information security protocols.
The latest provision to the Act expands on the definition of “personal information” to include biometric information, as well as other identifying details such as an individual’s email address and username.
With the inclusion of biometrics, the provisions could have the potential to make the SHIELD Act New York State’s equivalent to California’s recently passed California Consumer Privacy Act (CCPA).
The SHIELD Act also requires businesses to communicate directly to individuals affected in the case of a data breach, as well as to report the breach to public authorities. The provision has also increased the maximum fine for failing to notify those affected from $150,000 to $250,000.
March 24, 2020 – by Tony Bitzionis