Important changes in New York’s data privacy law took effect on March 21. But that was just two days after Gov. Andrew Cuomo declared the COVID-19 state of emergency, so you may not have been focusing closely on privacy law. If you didn’t notice, however, rest assured you’re not alone.
And it still may be a while before law enforcement can devote attention to the broadened scope of data breach liability under the new NY SHIELD (Stop Hacks and Improve Electronic Data Security) Act. Then again, it might not. Data protection regulators around the globe already are warning of increased risks to the security and privacy of personal information resulting from COVID-19 and increased remote work online, including fraud schemes and illicit sharing of health information. Even in the United States, the California Attorney General has announced that enforcement of that state’s new Consumer Privacy Act (CCPA) will proceed on schedule beginning July 1, 2020 despite COVID-19. Fortunately, compliance with the NY SHIELD Act complements the CCPA and even the EU General Data Protection Regulation (GDPR) and so benefits business implementation of CCPA and/or GDPR.
