The New York Legislature recently passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act in response to New York consumers’ growing concern regarding the protection of their personal consumer data by requiring companies to have “reasonable data security protections, while being careful to avoid excessive costs to small business and without imposing duplicate obligations under federal or state data security regulations,” according to the bill.


In simpler terms, SHIELD protects consumers by broadening what constitutes as a breach, requiring companies to implement stronger security measures, imposing stricter penalties on companies that suffer cyberattacks, and giving consumers greater transparency into how their personal data is protected.

First proposed shortly after the Equifax data breach in 2017, which affected 150 million consumers, SHIELD has undergone many revisions.

SHIELD Key Points

  • Qualifies biometric data, email addresses, passwords and security questions within the legal definition of data
  • Adds unauthorized viewing and copying of data to the definition of a data breach
  • Makes it mandatory for companies to include expanded consumer data protection as part of their security solution
  • Requires that any person or enterprise affected by the breach must be notified

Entities that fall under certain data security requirements, including the Gramm-Leach-Bliley Act (GLBA) or Health Insurance Portability and Accountability Act (HIPAA) are not regulated under SHIELD.

Companies that fail to adopt and maintain reasonable safeguards on behalf of New York residents, via the SHIELD Act, can face civil action from the New York Attorney General’s Office, including monetary penalties. Individual residents’ private right of action to sue companies is not covered under SHIELD.

Are You Protected? How Do You Know?


Get a free Security Lifecycle Review from BlackHawk Data. We’ve partnered with Palo Alto Networks to offer our customers a better way to know what’s on their network so they can protect it.

Our Security Lifecycle Review examines your network traffic and generates a comprehensive report, enabling you to assess and address cybersecurity threats, so you can better protect your client data and your reputation.

Gain visibility into:

  • Potential exposure risk for in-use applications
  • Specific details on the ways adversaries are attempting to breach your network
  • Comparison data for your organization versus industry peers
  • Key areas for reducing exposure risk

Find out how BlackHawk Data can expand your protection and strengthen your security posture.

About BlackHawk Data

BlackHawk Data is focused on delivering the best solutions for their customers from design to support. We ensure that every solution not only is the best on day one, but for the life of the system. With the BlackHawk Data deploy and support model, the customer avoids the pitfall of only installing solutions that can be supported with their staff’s current knowledge, instead of the best available.