NY Data Security Law Boosts Liability as Cyberattacks Surge
NY Data Security Law Boosts Liability as Cyberattacks Surge
Kristen Mathews spoke to Law360 for an article covering New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), that requires companies to fortify their data security programs, significantly expanding businesses’ liability risks and forcing them to take a look at how they’re protecting personal data at a time when hackers are seizing on the coronavirus pandemic to launch a fresh wave of attacks.
According to Kristen, the attorney general is most likely to act in instances where “a business has had a data breach or has suffered a cybersecurity vulnerability that has become public.”
Kristen also noted that the law includes the novel requirement for businesses to dispose of sensitive personal information within a reasonable amount of time after it is no longer needed for business purposes, a task that “may present a challenge for businesses that retain records in filing cabinets, archival tapes, and in unstructured digital formats.”
Read the full article.
Practices