New York SHIELD Regulation: A New Era for Data Privacy and SecurityVeridium Editor | March 26, 2020
Over the weekend in New York, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act came into effect. This means all businesses, regardless of size, that store private information on a New York resident, must implement and maintain reasonable safeguards to protect that data.
Ever-rising fraud levels and data breaches – 4.1 billion US records were exposed in the first half of 2019 alone – have forced the regulators to take drastic action. SHIELD will now require companies to notify the authorities of a security breach as well as broaden the definition to include unauthorized persons gaining access to information, for example an employee. This is placing those in breach at the risk of huge fines. This regulation could not have come at a more critical time, as the coronavirus outbreak could see cyber-attacks increase by up to 40 per cent as employees are made to work from home.
This regulation protects personally identifiable and sensitive information such as debit or credit card details, user names or email addresses, and passwords or security questions. Considering data is now the new oil, companies should see this regulation as an opportunity to strengthen security procedures and protect their most valuable asset.
Malicious cybercrime has become increasingly sophisticated and prevalent, even more so during the coronavirus outbreak, as scams masked as COVID-19 alerts are targeting businesses and tricking employees. The law has so far failed to keep pace with the rate of innovation, causing a record number of data breaches.
In response, New York firms must change how they handle data, and this is the perfect opportunity to enhance often outdated security systems. Easily compromised passwords are responsible for over 80 percent of data breaches, and yet are still widespread in business. Transitioning to a passwordless approach through biometric authentication will not only enhance security and streamline the user experience, but also alleviate the challenges posed by the regulation, such as providing proof of identity for legal non-repudiation and a record of every access attempt.
The right multi factor authentication will minimize the risk of exposing personal data to the wrong parties and improve the traceability of data processing, whilst keeping costs to a minimum. Any concerns the public has over the storage of sensitive biometric data can be alleviated by techniques such as the distributed data model, which encrypts biometric data in multiple places, rendering it useless to a hacker.
By taking a secure approach to biometrics-based authentication, businesses in New York can reap the rewards of achieving strong SHIELD compliance. The benefits – from cost savings to the peace of mind that personal data is secure – will go far beyond the March 21st deadline, and help companies rebuild the culture of security and privacy that SHIELD is focused on. Having a contactless, biometric authentication capability in light of the COVID-19 outbreak will also ensure seamless, secure remote working, keeping customer and employee data safeguarded in uncertain times.