A.G. Underwood Announces Broad Support For Shield Act From Major Business And Consumer Groups

News from the New York Attorney General's Office 

FOR IMMEDIATE RELEASE
June 5, 2018

Attorney General’s Press Office / 212-416-8060
nyag.pressoffice@ag.ny.gov 

A.G. UNDERWOOD ANNOUNCES BROAD SUPPORT FOR SHIELD ACT FROM MAJOR BUSINESS AND CONSUMER GROUPS

AG’s Office Also Releases New Small Business Guide to Help NY Business’s Improve Their Data Security and Better Protect Customer’s Personal Information

NEW YORK—Attorney General Barbara D. Underwood today announced that several major business and consumer organizations have endorsed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), S6933-A and A8884A, the Attorney General’s legislation to close major gaps in New York’s data security laws. Under the SHIELD Act, companies would have a legal responsibility to adopt “reasonable” administrative, technical, and physical safeguards for sensitive data; the bill also would expand the types of data that trigger reporting requirements. AARP, the Partnership for New York City, and Consumers Union have all expressed their strong support for the bill, and urged the New York State Legislature to pass it this year.

Attorney General Underwood also today released a Small Business Guide to Cybersecurity in New York State. The new publication offers tips to small business owners on how to protect sensitive data, and what to do in the event of a data breach.

“Data breaches wreak havoc on both consumers and businesses every time they happen – driving down credit scores of individuals, and harming the reputations of companies,” said Attorney General Underwood. “That’s why the Partnership for New York City, AARP, and Consumers Union are united in supporting the SHIELD Act to strengthen New York’s data security laws. It’s time for Albany to bring our laws into the 21st century and ensure that New York families and businesses are not needlessly victimized by weak data security and criminal hackers.”

“Employers and consumers are equal victims when there is a breach of cyber security,” said Kathryn Wylde, President & CEO of the Partnership for New York City. “The Attorney General’s Office has put forward legislation to prevent data breaches that undermine privacy and security, which Albany should enact this year.”

Beth Finkel, AARP New York State Director said, “The massive data breaches which impacted more than half of all adult New Yorkers last year alone serve as an ongoing reminder that any of us could become a victim of identity theft at any time. AARP applauds Attorney General Underwood for pushing the proactive SHIELD ACT legislation to protect our personal information from would-be thieves who could literally ruin our lives. We thank Senator Carlucci and Assemblyman Titone for sponsoring this bill. Now as always, we urge everyone to take advantage of AARP’s Fraud Watch Network for practical information and tips on how to protect yourself.”

Justin Brookman, Director of Consumer Privacy and Technology Policy for Consumers Union said, “With the escalating number of data breaches, New York State is leading the way to put important security requirements in place to protect consumer data. Consumers Union strongly supports the SHIELD Act, which would ensure that businesses collecting information about New Yorkers will be held to strict data security standards, helping to reduce the risk of future data breaches.”

Russ Haven of NYPIRG said, “New Yorkers are understandably uneasy about the security of their confidential information–no surprise since 8 million consumers in the state had their information compromised in the giant 2017 Equifax breach alone. The Attorney General's proposal will update our state data breach law to cover more types of private data, establish clear minimum security standards and raise the penalties for companies that fall short. The Legislature should pass the Attorney General's bill before leaving in late June.” 

In March, the Attorney General’s office released a report documenting the record number of data breach notices filed with the office in 2017. In 2017, companies and other entities reported 1,583 data breaches to NYAG, exposing the personal records of 9.2 million New Yorkers – quadruple the number of New Yorkers impacted in 2016.

In addition to advocating for stronger data security laws, the Attorney General’s office recommends that small businesses take proactive steps to protect the sensitive data of their customers. The Small Business Guide to Cybersecurity in New York State recommends ten steps small business owners should take to improve their data security:

  1. Use Strong Passwords And Change Them Regularly
  2. Use Anti-Virus Programs and Firewalls
  3. Delete Old Files and Accounts
  4. Limit Access to Sensitive Data
  5. Be Cautious with Email Attachments, Links, and Downloads
  6. Back Up Files/Folders/Software
  7. Establish Network Security/Access Control
  8. Establish Physical Access Controls for Computer Equipment
  9. Keep Your Software Up to Date With the Latest Security Fixes
  10. Get Help When Needed

Guidance on how to implement these steps, as well as a sample data breach notification letter, can be found in the guide.