As the D.C. District Court in Wengui v. Clark Hill recently commented, “[m]alicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits that follow them….” The court’s decision in that case has added another data point to developing jurisprudence of the cyberattack landscape
Stephanie A. Diehl
Amid Pandemic Remaining New York SHIELD Act Data Security Requirements Have Taken Effect
The developing coronavirus pandemic affects businesses and personnel within the state and elsewhere. With more New Yorkers working from home, there are more opportunities for cyberattacks through unsecure remote connections and the public concern growing each day.
The New York SHIELD (“Stop Hacks and Improve Electronic Data Security”) Act was signed to law on July 25, 2019. It is an amendment to New York’s data breach notification law. The SHIELD Act provides a number of changes that we reported last year, including expanding the definitions of “private information” and “breach.” The definition of “private information” now covers emails and passwords or security questions and answers, credit card details, and biometric data among others. A “breach of the security system” now covers unauthorized access, where such access may have occurred if “the information was viewed, communicated with, used, or altered” without authorization.