Synopsis Of Recently Passed New York State Laws On Cybersecurity

Synopsis of Recently Passed New York State Laws on Cybersecurity

Two new privacy protection laws were signed into law by New York Governor Andrew Cuomo on July 25, 2019. (NY State Law S.5575B/A.5635 – or SHIELD Act – “Imposes Stronger Obligations on Businesses Handling Private Customer Data to Provide Proper Notification of Security Breaches.”). The law takes effect 240 days from the date of signing which was July 25, 2019, giving businesses until March 22, 2019, to implement.

The second law (A.2374/S.3582 “Requires Consumer Credit Reporting Agencies to Offer Identity Theft Prevention and Mitigation Services to Consumers Affected by a Security Breach.”) takes effect 60 days from July 25, 2019 (September 23, 2019) and applies to breaches within three years prior to the effective date.

The laws follow a trend of requiring more accountability, greater specificity of action from all companies and organizations that collect and process personal information. What started in Europe as the General Data Protection Regulation (GDPR) is now being emulated in the United States in response to the most recent breaches. The most notorious of these was the Equifax breach of consumer credit information. It is very unlikely it will stop there. The U.S. government and other states will follow. The trend will continue establishing accountability at the most senior levels of business organizations.

Download text of these laws here:

S.5575B/A.5635 – or SHIELD Act


Carlos Solari

Carlos C Solari was born in Colombia, South America and grew up in Huntington, NY. His career started in government service: U.S. Army for 13+ years, FBI senior executive in the 1990's and Chief Information Officer for the White House (2002 - 2005).

In the private sector, Carlos was VP of Cybersecurity at Bell Labs, VP / GM of Global Security Solutions at CSC, SR VP at Mission Secure Inc and VP of Cybersecurity Services at Comodo Group. He is currently in several roles including Advisory Board Chair for CyberFortis focused on cybersecurity education / training for the corporate leadership including the Board of Directors, the C-Suite and Compliance Officers. He is the author of several books including Security in a Web 2.0+ World published by Wiley in 2009. He has taught cybersecurity in various settings and is an international speaker on this topic.

He is a graduate of Washington and Lee University with a BS in Biology and the Naval Postgraduate School with a MS in Systems Technologies.

Leave a Reply

Back To Top