Cybersecurity -- New York SHIELD Act Enforcement
New York's SHIELD Act, which became effective on March 21, 2020, requires persons and organizations that own or license electronic data that includes New York resident’s private information to maintain reasonable administrative, technical and physical data security safeguards. The New York Attorney General (NYAG), is authorized to enforce the SHIELD Act by enjoining violations and obtaining civil penalties.
A flurry of recent activity indicates the NYAG office intends to rigorously enforce the SHIELD Act. Understanding the recent enforcement actions issued by the NYAG is critical for organizations because maintaining data security safeguards will continue to be a focus for the NYAG’s office going forward.
In the past year alone, the NYAG has sent warning letters and secured monetary settlements and consent agreements from organizations that failed to comply with the SHIELD Act.
Jessica advises her clients in all aspects of business counsel and disputes, with a particular focus on data privacy, cybersecurity and intellectual property. Jessica is chair of the firm's cybersecurity and data privacy practice and a Certified Information Privacy Professional/United States (CIPP/US) through the ANSI-accredited International Association of Privacy Professionals. Her broad experience includes advising clients on data privacy compliance, including state, federal and international cybersecurity and data privacy laws. She defends clients in data breach class action litigations and routinely manages data incidents, breaches and advises on breach notification obligations. Jessica regularly counsels clients through incident response matters including forensic engagement and oversight and advises on insurance coverage matters. Jessica also prepares incident response strategies, information governance plans, privacy policies and reviews technology and software contracts for data privacy compliance and intellectual property protection. She has a particularized knowledge on compliance with NY SHIELD Act, CCPA and GDPR, and industry-focused compliance with the NY Department of Financial Services Cybersecurity Regulations, HIPAA and HITECH. Jessica obtained a Certificate in Cybersecurity Leadership from Carnegie Mellon in 2019.