New York AG Releases Guide for Businesses on Effective Data Security

Damon W. Silver of JacksonLewis writes: As noted in a prior post, New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York residents to maintain reasonable safeguards to protect that information. Maintaining its focus on this area, the NYAG recently released a guide to help organizations strengthen their data security programs and “to put [them] on notice that they must take their data security obligations seriously, and at a minimum, take the reasonable steps outlined” in the NYAG’s guide (the “Guide”). The Guide is based on the NYAG’s experiences in investigating and prosecuting organizations in the wake of data incidents. It states that the NYAG received 4,000 data breach notifications in 2022 and penalized organizations millions of dollars for failing to comply with their data security obligations. In the Guide, the NYAG recommends action in nine areas. Continue reading at Workplace Privacy, Data Management & Security Report.