Legal Blog

SHIELD Act In Effect: Tips for Navigating Mandatory Cybersecurity Requirements

Cybersecurity is top of mind for most organizations. However – did you know that it is now the law? New York recently enacted the Stop Hacks and Improve Electronic Security Act (the “SHIELD Act”). The SHIELD Act requires that organizations that own or license data that includes New York residents’ “private information” take reasonable steps to protect such information – even if the business is not located in New York.

Among the information, the SHIELD Act defines as “private” includes (but is not limited to): social security numbers, driver’s license number or non-driver identification card number, biometric information, and passwords/access codes associated with financial accounts.

Under the SHIELD Act, businesses that become aware of a breach of private information are required to provide notification to those impacted. With that being said, companies may be able to skip notifying those impacted if they can show that the disclosure of private information will not likely cause “financial harm.” In such cases, the company must still report to the New York attorney general, New York State Department of State Division of Consumer Protection, and the New York State Division of the State Police. Only the New York attorney general can file suit for violations (i.e.: individuals or other businesses cannot sue).

If a violation is found, the liable business may be required to pay anywhere from $20 to $250,000 per offense. Given the potential liability, I recommend that companies transacting with New York residents’ data keep the following tips in mind:

  • Review all cybersecurity policies to ensure they include mechanisms for protecting private information.
  • Train employees on how to deal with potential breaches to encourage compliance with the SHIELD Act’s reporting requirements.
  • Make sure that your cybersecurity software has been reevaluated recently to provide your team with up to date tools.

If you have any questions about this or any other Labor and Employment topics, please contact me at or 703-745-1849



Theodora Stringham assists individuals, businesses, and organizations with growing successfully while minimizing liability. Focusing on real estate and personnel needs, Ms. Stringham executes sustainable plans for real estate development and employee matters. She provides comprehensive representation for everyday growth issues, including, but not limited to, re-zonings, site plan approvals, eminent domain/valuation concerns, employment discrimination, and disciplinary issues. Ms. Stringham’s scope of representation ranges from identifying potential liability and providing counseling/trainings, all the way through representation at trial.






Offit Kurman is one of the fastest-growing full-service law firms in the United States. With over 200 attorneys in 14 offices that stretch from New York to North Carolina, we represent privately-held companies and families of wealth throughout their business life cycles. Our mission is to provide our clients with “The Better Way” to grow their organizations, protect their businesses’ and families’ wealth, and resolve their most challenging legal conflicts. In addition to our quality of attorneys and breadth of legal services, Offit Kurman is distinguished by our unique operational structure, which encourages collaboration rather than internal competition. The same approach that makes our firm attractive to legal practitioners gives clients unlimited access to experienced counsel in every area of the law. Trust, Knowledge, Confidence—in a partner, that’s perfect.

Find out why Offit Kurman is The Better Way to protect your business, your assets and your family by connecting via our Blog, Facebook, Twitter, Instagram, YouTube, and LinkedIn pages. You can also sign up to receive LawMatters, Offit Kurman’s monthly newsletter covering a diverse selection of legal and corporate thought leadership content.