Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Data Security - The Penalties Are Real. How It Affects Your Company.
Back to Previous banner Data Security - The Penalties Are Real. How It Affects Your Company.

Data Security - The Penalties Are Real. How It Affects Your Company.

With data breaches catching headlines on what seems to be a daily basis, states are starting to impose their own security obligations on businesses via legislation. Today we focus on New York’s “Stop Hacks and Improve Electronic Data Security” (SHIELD) Act. Some provisions of the Act go into effect March 21, 2020, but the breach notification requirements and associated penalties for failure to act go into effect October 23, 2019. What does this mean for employers operating in New York?

First, it is important to note that the SHIELD Act applies to every employer with one or more employee working in the state of New York and it requires such employers who possess private employee information “to develop, implement, and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information”.

What qualifies as “personal information”?

  • Social Security numbers
  • Driver’s license numbers
  • Credit or debit card numbers
  • Financial account numbers
  • Biometric information
  • Username or email address with password (for example a company provided email or cloud username and password)

To comply with the SHIELD Act, an employer who possess personal information will need to implement a data security program, if one is not already in place.

The Act also includes penalties that, should a breach occur and those impacted were not properly notified, the attorney general could recover anywhere from $10-$20 per failed notification up to $250,000 for each breach. 

ICON Information Consultants, as the Employer of Record for contingent workforces, does house personal information as defined by the legislation. We already have a data security program in place given the nature of this type of information and the associated risk with any type of data breach. As the Employer of Record housing the personal information, it takes the risk off our clients as it pertains to workers’ personal information. ICON remains abreast of all statutory changes that can affect our business and our customers. If you have a contingent labor workforce need, call us today to discuss how we can help you eliminate the risk you could face