Software Supply Chain Regulation & Compliance Guides

New York SHIELD (Stop Hacks and Improve Electronic Data Security) Act

Written by Finite State Team | Jul 25, 2024 4:24:57 PM

The New York SHIELD (Stop Hacks and Improve Electronic Data Security) Act, effective March 21, 2020, is a data security law aimed at enhancing data protection and improving security practices for businesses that handle the personal data of New York residents.

The Act expands on existing data breach notification laws and imposes stricter data security requirements. It applies to any business that:

  • Collects or stores the private information of New York residents.
  • Conducts business in New York, regardless of where the business is based.

 

The New York SHIELD Act Guidelines

The SHIELD Act defines personal data as any information that can be used to identify an individual, including but not limited to Social Security numbers, driver’s license numbers, bank account numbers, and biometric data.

Under the SHIELD Act, businesses must 

  • implement reasonable safeguards to protect personal data. This includes data encryption, access controls, and secure data storage practices.
  • develop and maintain data protection policies and procedures. This includes risk assessments, staff training, and incident response plans.
  • ensure that contracts with third-party vendors include provisions for data security and breach notification responsibilities.
  • notify affected individuals of a data breach within a reasonable time frame, generally without unreasonable delay. 
  • notify the New York Attorney General if the breach affects more than 500 New York residents.

 

How Finite State Helps You Comply with the SHIELD Act

Finite State can complement your data protection efforts by strengthening your data security capabilities, particularly by: 

  • Enforcing Secure Coding Practices: Seamless integrations into existing CI/CD pipelines automatically analyze source code and compiled binaries for common security vulnerabilities and coding errors. This allows engineers to identify vulnerabilities hidden deep within legacy code and third-party libraries and detect and address issues early in the development process.
  • Real-Time Threat Detection: Integrations with vulnerability databases provide up-to-date information on the latest threats and exploits, allowing for the proactive identification of potential risks before they can be exploited.
  • Automate Vulnerability Identification: Using our advanced binary and source code SCA, vulnerabilities can be identified as they’re introduced across the SDLC to help teams keep applications secure.
  • Comprehensive SBOM Solutions: Automatically generate Software Bill of Materials throughout the SDLC and easily compile detailed information on all components in your products, including open-source libraries, third-party dependencies, and custom code to improve transparency and identify potential security risks in your software supply chain.

Strong cybersecurity requires a collective effort. Talk to the team today to discover how Finite State can help you comply with the SHIELD Act.