<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=690758617926394&amp;ev=PageView&amp;noscript=1">
The Complete Payroll Blog

Pre-Compliance with the NYS SHIELD Act

Posted by Complete Payroll | Jan 8, 2020 7:00:00 AM

Pre-Compliance with the NYS SHIELD Act  - Complete Payroll

The NYS SHIELD Act was developed to protect private consumer data in the digital era. We’ve covered the specifics of the act in detail in our blog here. 

The act already has updated and tightened requirements for consumer breach notifications, turning New York State into a “breach access” state instead of a “breach acquired” state.

In March 2020, many organizations will be required to develop a new, more stringent data security program based on rigorous risk analysis and threat prevention mechanisms. 

Pre-Compliance with the NYS SHIELD Act

Fortunately for a good number of businesses, there are existing laws that pre-establish compliance with the NYS SHIELD act and forego any requirement of data mapping and threat evaluation. Many of them function in a very similar way to the NYS SHIELD act. 

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley-Act, also known as the Financial Modernization Act of 1999, is a United States federal law requiring financial institutions to disclose exactly how, when and if they safeguard private information. 

The act mandates that customers must be notified in the event private information is shared between financial institutions or third parties, and customers also must be given the chance to opt out of private information sharing. 

It also requires financial institutions to track users who access protected data, which helps keep a paper trail in the event any private information is misused. 

Similar to the NYS SHIELD Act, the GLBA requires an information security program that assesses the risks to data security and implements relevant safeguards as well as the onboarding of competent service providers. 

Cybersecurity Regulations of the NYS Department of Financial Services and Cybersecurity 

The New York Department of Financial Services (NYDFS) places regulations on all of the following categories of institution: 

  • Insurance companies
  • Private bankers
  • Mortgage companies
  • State-chartered banks
  • Foreign banks licensed to operate in the state of New York
  • Service providers

Any of these entities already would fall under regulations established by the NYDFS, requiring that they establish a cybersecurity framework to identify internal and external threats, establish defense networks, and engage in all necessary reporting in the event of a breach. The use of data encryption is required, as is annual certification by all entities using protected data and employed use of multi-factor authentication tools. 

All entities abiding by these protocols are already considered compliant with the NYS SHIELD Act. 

Health Insurance Portability and Accountability Act

The Health Insurance and Portability Act (HIPPA) of 1996 was developed to prevent the exposure of private health information (PHI), and any organizations that handle PHI electronically are required to abide by the rules of HIPPA. These can include: 

  • Doctors.
  • Clinics.
  • Psychologists.
  • Dentists.
  • Chiropractors.
  • Nursing homes.
  • Pharmacies.
  • HMOs.
  • Insurance companies.

Topics: Labor law, Human resources

Learn all about the NYS SHIELD Act.

Written by Complete Payroll

We do payroll, HR, timekeeping and more for employers all over the country from a small, rural town in Upstate New York. And we're constantly publishing articles and other resources to help business owners, HR managers or anyone that helps manage a workforce. Welcome to Payroll Country!

Are you using our free resources?

We're constantly publishing free tools to help with payroll, HR and other administrative objectives.

Complete COVID-19 Resources for Employers
New Call-to-action

Subscribe to instant blog email notifications

Recent Posts

General Disclaimer

The materials and information available at this website and included in this blog are for informational purposes only, are not intended for the purpose of providing legal advice, and may not be relied upon as legal advice.  The employees of Complete Payroll are not licensed attorneys. This information and all of the information contained on this website are provided pursuant to and in compliance with federal and state statutes. It does not encompass other regulations that may exist, including, but not limited to, local ordinances. Complete Payroll makes no representations as to the accuracy, completeness, currentness, suitability, or validity of the information on this website and does not adopt any information contained on this website as its own. All information is provided on an as-is basis.  Please consult an attorney to obtain advice with respect to any particular question or issue.