An amendment to New York’s data breach notification law, the Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act), will take effect on March 21, 2020. The amendment to the SHIELD Act creates stricter data security over confidential personal information and breach notification requirements to protect New Yorkers following a breach.

The amendments to the SHIELD Act broaden the law’s reach applying to any company that collects personal information of New York residents, even if the company does not conduct business within the state of New York. The information protected under the SHIELD Act includes: social Security numbers, drivers’ licenses numbers, credit or debit card numbers, financial account numbers with or without security codes, biometric information, email addresses, email passwords, and email security questions and answers.