At the Intersection of Technology, Law, and Business
July 30, 2019 - Privacy + Data Security

New York State Enacts More Stringent Breach Notification Law

Court Allows Microsoft to Challenge Secrecy of User Data Requests

New York is the latest state to expand its breach notification law with the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, signed into law by Governor Andrew Cuomo on July 25, 2019. A number of the key changes that the law ushers—including broadening the definitions of both personal information (PI) and data breach, expanding the scope of covered entities subject to breach notification requirements, and imposing data security standards—are reminiscent of similar provisions in other states’ breach laws. Amidst a historically disparate patchwork of state laws, these commonalities may signal coalescence around prevailing security and breach notification standards and a gradual shift toward increased uniformity.

Read the full client alert for more on how the SHIELD Act will change existing New York law.