Why Choose MJN IT Solutions?
The correct decision, always
All your IT headaches can be solved by partnering with MJN IT. We provide small- and medium-sized businesses with cost-effective, timely and dependable services such as IT consulting, structured cabling, security system installations, cloud computing services, online hosting, Office 365 and more!
Our customer-first approach and attention to detail set us apart from our competitors. Your demands and satisfaction are our first priority. Our team of experts are well-versed with any and all IT problems, and are known for their work ethic and swift response times. Your business will reach new heights and see measurable improvements to your bottom line when you partner with MJN IT.
What does the SHIED Act mean for your company and how can you find out if you’re business is compliant?
What is the Shield Act?
(Stop Hacks and Improve Electronic Data Security Act)
- This Act was signed by governor Cuomo on July 25, 2019 to join many other states in the fight against cyber crime. This act will go into effect on March 22, 2020
- This Act is to ensure NY state businesses have “reasonable security measures” to protect NY state residents private information.
- Private information is any of the following:
- Social Security Number
- Driver’s License or non -drive identification card number
- Account number, credit or debit card number, in combination with any required security code, access code, password or other information that would permit access to an individual’s financial account
- Biometric information, meaning data generated by electronic measurements of an individual’s unique physical characteristics, such as a fingerprint, voice print, retina or iris image, or other unique physical representation or digital representation of biometric data which are used to authenticate or ascertain the individual’s identity; or
- A username or e-mail address in combination with a password or security question and answer that would permit access to an online account
What are the penalties?
- The SHIELD Act does not authorize a private right of action and class action litigation is not available. Instead, the Attorney General may bring an action to enjoin violations of the law and obtain civil penalties.
- For data breach notification violations that are not reckless or knowing, a court may award damages for actual costs or losses incurred by a person entitled to notice, including consequential financial losses.
- For knowing and reckless violations, a court may impose penalties of the greater of $5,000 or up to $20 per instance, with a cap of $250,000.
- For reasonable safeguard requirement violations, the court may impose penalties of not more than $5,000 per violation.
What are the new regulations that small businesses need to follow to be compliant under this act?
Small businesses are subject to the reasonable safeguards requirement; however, safeguards may be “appropriate for the size and complexity of the small business, the nature and scope of the small business’s activities, and the sensitivity of the personal information the small business collects from or about consumers.” A small business is any business with fewer than 50 employees, less than $3 million in gross annual revenue in each of the last three years, or less than $5 million in year-end total assets
(ii)Implements a data security program that includes the following:
- (A) reasonable administrative safeguards such as the following, in which the person or business:
- (1) designates one or more employees to coordinate the security program
- (2) identifies reasonably foreseeable internal and external risks;
- (3) assesses the sufficiency of safeguards in place to control the identified risks;
- (4) trains and manages employees in the security program practices and procedures;
- (5) selects service providers capable of maintaining appropriate safeguards, and requires those safeguards by contract; and
- (6) adjusts the security program in light of business changes or new circumstances; and
- (B) reasonable technical safeguards such as the following, in which the person or business:
- (1) assesses risks in network and software design;
- (2) assesses risks in information processing, transmission and storage;
- (3) detects, prevents and responds to attacks or system failures; and
- (4) regularly tests and monitors the effectiveness of key controls, systems and procedures; and
- (C) reasonable physical safeguards such as the following, in which the person or business:
- (1) assesses risks of information storage and disposal;
- (2) detects, prevents and responds to intrusions;
- (3) protects against unauthorized access to or use of private information during or after the collection, transportation and destruction or disposal of the information; and
- (4) disposes of private information within a reasonable amount of time after it is no longer needed for business purposes by erasing electronic media so that the information cannot be read or reconstructed.
To schedule a Free Network assessment for your Long Island based Law Firm, click on the calendar below.