Blog

Shield Act

11/17/20

New York's governor signed the "Stop Hacks and Improve Electronic Data Security" (SHIELD) Act, requiring businesses to implement policies and procedures for safeguarding "personal and private information" of New York residents.

 

The SHEILD ACT applies to businesses in the state of New York with employees.  It also applies to any non-resident businesses that maintains information on New York residents. If your business is in New Jersey and you have personal/private information of New York residents, then you have to comply with the SHIELD Act.

 

The SHEILD ACT now mandates that businesses protect both personal and private information.

The SHEILD ACT defines personal information as any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person.

 

The SHEILD ACT also defines private information as

a.           Social security number

b.           Driver's license number or non-driver ID card number

c.           Account number, credit or debit card number, in combination with:

d.           Any required security code, access code, password or other information that would permit access to an individual's financial account

e.           Biometric information, meaning data generated by electronic measurements of an individual's unique physical characteristics, such as:

f.            Fingerprint

g.           Voiceprint

h.           Retina or iris image

i.            Other unique physical representation or digital representation of biometric data which are used to authenticate or ascertain the individual's identity

j.            Usernames and passwords for online access.

 

Thus, for the 2021 tax year, we CAN’T accept any unsecured personal information that also contains Private information. If you send us personal and private information via email, this constitutes a SHIELD Policy breach.     The New York State Attorney General may impose penalties of up to $250,000 for SHIELD Violations. All personal and private information MUST be sent through our secure server, https://thepensiondepartment.com/uploads.

 

 

Any email containing personal and private information will be deleted, to prevent hackers from accessing this information via our email. Any PERSONAL INFORMATION and/or PRIVATE INFORMATION emailed to us will be deleted from our email server and we will consider the information incomplete, missing, and/or late until you upload the PERSONAL or PRIVATE INFORMATION through our secure site https://thepensiondepartment.com/uploads.

 

If you can’t upload the file through our website, you can email us the files as long as the files are password protected.  However, we strongly urge you to use our secure portal for all personal information.