NYSAE Webinar on New Data Security/Privacy Regulations Gets Great Response

Moderating the first in a series of NYSAE webinars earlier this month was an education for me, but not only about its immediate subject, the SHIELD Act – NY State’s new set of data security/privacy regulations.

Governor Cuomo signed the SHIELD (Stop Hacks and Improve Electronic Data Security) into law on July 26, 2019; it goes into effect on March 21, 2020. On December 11, I had the pleasure and honor of moderating a panel with two highly-informed experts, Dr. Robert Spangler, Associate Executive Director, Operations and Information Technology at NJ State Bar Association who also happens to be my co-chair on the NYSAE Technology Committee and Rebecca Rakoski, co-founder and managing partner at X-P-A-N Law Group. In words I borrow from Dr. Spangler, he is a “privacy expert technically speaking” and Ms. Rakoski is a “privacy expert legally speaking.” Together, they certainly had the bases covered on this extremely timely topic.

The webinar was well-attended and unsolicited responses were extremely positive, including this one: “This was excellent!!! This was WHY I am an NYSAE member.”

At the outset, Dr. Spangler referred to “the bigger picture,” expanding what he and Ms. Rakoski would discuss beyond the requirements of the new regulations. The panelists were quick to explain that this new act is very likely only one in a series of developing laws. Since threats to data security and privacy are constantly in flux as is technology itself, it only follows that continuing changes will trigger new regulations.

It is also part of the bigger picture that protecting data security and privacy, in Dr. Spangler’s words, is “more than an IT function. It’s an everybody function.” An astonishingly high 95% of breaches are due to human error and not to a technology breakdown. So, the strong call is for greater education.

The panelists explained that the new regulations apply not only to organizations located in NY State but to any entity anywhere conducting activities that include as few as one NY State resident.

The new law requires businesses to implement safeguards for certain common types of data, broadens New York's security breach notification requirements, and provides new meanings/clarification surrounding several terms. There are stricter reporting requirements when a breach occurs.

The panelists set the context by explaining where we are and how we got here. Ms. Rakoski was particularly eloquent on the importance of privacy. Three words were in great relief: FINES, which are hefty at $250,000; EDUCATION, which is increasingly important; and a PLAYBOOK, which is an implementation plan every organization should have in place in the event of a breach.

Non-profit organizations are built on trust. Loss of trust has devastating consequences.

The panelists offered a checklist and additional thoughts that will help keep you compliant.

NYSAE has plans to make the webinar available online to those who may have missed it the first time around.

 

by Raphael Badagliacca, Business Development Executive