On July 26, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (also known as the SHIELD Act), requiring individuals and businesses to implement safeguards for the “private information” of New York residents and broadening New York’s security breach notification requirements. Every employer in New York must comply with the SHIELD Act because “private information” includes an individual’s name and Social Security number. Although the SHIELD Act does not authorize a private right of action, the New York State Attorney General may bring an action to enjoin violations of the law and obtain civil penalties. Such penalties could be costly, as the SHIELD Act permits the Attorney General to seek penalties of up to $250,000. Even more costly than the penalties themselves could be the costs incurred in responding to an investigation commenced by the Attorney General, including legal fees and the costs of retaining an expert.
Generally, under New York law, fines and penalties are not insurable as a matter of public policy. This raises the question of whether penalties imposed by courts as a result of a violation of the SHIELD Act would be covered by a business’s cyber insurance, or any other type of insurance policy. This article will examine the SHIELD Act, and the requirements it imposes on businesses. This article will also discuss the current state of the law regarding the insurability of civil fines and penalties in New York, and its implications on whether coverage would be permitted for penalties imposed under the SHIELD Act.
The NY SHIELD Act
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]