New York Strengthens Approves Bill Enhancing Data Breach Policies

The New York State Legislature has just approved a bill enhancing the state’s data breach policies.

The legislation, named Stop Hacks and Improve Electronic Data Security Act (SHIELD), aims to give more transparency. It will also slap heavy penalties to companies without enough cybersecurity measures.

The state’s attorney general Letitia James said the bill would update the state’s breach notification laws. Aside from increasing penalties for accountable companies, the legislation will also expand the existing notification requirements for companies. This bill will also expand the rights of consumers in case of a breach.

The SHIELD Act will also impose strict obligations on businesses handling sensitive customer data. This bill will require New York businesses to maintain consistent data security measures, especially when collecting confidential personal information.


State Senator Kevin Thomas acknowledged that laws should keep pace with the rapidly changing technology. The passage of the SHIELD Act will impose more accountability and diligence to protect consumer privacy.

Former Attorney General Eric Schneiderman originally proposed SHIELD in 2017 after the Equifax data breach. This incident had exposed more than 145 million consumers. Since then, many companies have suffered similar large-scale breaches, compelling state lawmakers to improve regulatory frameworks to protect Americans.

New York Strengthens Approves Bill Enhancing Data Breach Policies

Other Data Breach Legislation

Another recently introduced bill, The New York Privacy Act, also seeks enhanced consumer privacy amid data breaches. This piece of legislation aims to give state consumers various options to take control of their data.

Other states are also enacting laws to enhance the protection of consumers from data breaches. California Consumer Privacy, which came into effect last year, enables Californians to control and protect personal information. It also holds corporations accountable for possible data breaches.


Countries all over the world are boosting their cybersecurity by passing new government measures. The Singapore government recently enhanced its guidelines on data breach notification and accountability. The new guidelines seek to improve the country’s cybersecurity and its ability to address next-generation threats more effectively.

Vietnamese lawmakers also passed a new cybersecurity law controlling Internet content and global tech companies operating in the country. The new law obliges Facebook, Google, and other international tech firms to use local servers in storing users’ data.  The law, which took effect on January, also requires overseas tech companies to establish offices in the country.

The new law also prevents Internet users in Vietnam from spreading anti-government information and from posting false information. It also prohibits the circulation of bogus and slandering content and those that are inciting violence.