As employers spend more time on the internet, security concerns are on the rise. New York State has laws every employer must follow to protect private information.
According to Betanews, cybercriminals can break into a company network 93 percent of the time. New York legislators passed the “Stop Hacks and Improve Electronic Data Security Act” in response.
New York’s SHIELD Act
The SHIELD Act requires employers to protect private information. This includes Social Security numbers and financial information. If your company has employees, you must follow the SHIELD Act.
Although the act does not mandate specific actions your company should take, you must have a program in place to protect data. The program your company has must include the following:
- At least one employee coordinating the program
- Someone to assess cybersecurity risks and create a plan to reduce those risks
- A training program for employees on the best ways to protect data
- A way to destroy private information no longer needed within a reasonable amount of time
- A way to vet the security providers you use to protect data
Employees within your company’s human resources department are usually the best ones to handle these tasks. This department can provide training along with other protocols including harassment policies.
Breach notification requirements
The Shield Act defines a breach to include not only stolen data but also unauthorized access. The act defines a breach to include accidentally emailing private information to the wrong employee.
You must also notify the State Attorney general if you sent private data to more than 500 residences. You must send a notice about it within 10 days.