FB pixel

New data privacy law in Empire State gives biometric players options and risks

New data privacy law in Empire State gives biometric players options and risks
 

Given the unusually high tide of political, economic and health-care developments this year, executives could be forgiven for missing a state data privacy law that went into effect March 21 with national implications.

Please consider this a public service announcement for all those waylaid by other pressing concerns: New York state’s Stop Hacks and Improve Electronic Data Security (also known as the SHIELD Act) is live with far-reaching effects for handlers, maintainers and owners of biometric data.

The SHIELD Act, which dictates when any business needs to notify New York resident that their data was mishandled, builds on previous New York legislation as well as other state efforts to hold organizations accountable for the security, integrity and confidentiality of consumer data.

“We can expect vigorous enforcement,” wrote Brian Cesaratto in the law new and analysis publication The National Law Review.

Here are some points to remember.

First, the new law broadens who can be held responsible. A prior New York law cited only firms that do business within the state. Now anyone or any company owning or licensing the private data of a New York resident must comply.

And, despite its name, this law is not aimed solely at preventing the hacking and acquisition of digital data. It now defines unauthorized access to data as a breach, as well.

In fact, New York’s attorney general can open investigations based on whistleblower complaints and the suspicions of customers, according to retail-payments trade publication PYMTS.com

Also broadened is the definition of private information. For the first time, it includes security questions and answers, biometric information and much else as well.

An article in The National Law Review said that according to the law, private information includes any individually identifiable information, including names combined with social security numbers, driver or non-driver identification card number, account numbers, credit or debit card numbers, security codes, access codes, passwords, or other information that could give someone access to another person’s financial account.

Fines for “knowingly and recklessly” violating the law are $5,000, or up to $20 per instance, whichever is greater, up to $250,000. Judges can impose fines of up to $5,000 per violation of the “reasonable safeguard requirement.”

While widely considered a strict measure, the new law none the less gives businesses some significant leeway.

Businesses and individuals can decide not to notify those affected of a data mishap, according to an article appearing on the site of law firm Jackson Lewis P.C. That includes if exposure was an “inadvertent disclosure by persons authorized to access private information, and the person or business reasonably determines that exposure likely will not result in misuse of that information, or financial harm to the affected persons or emotional harm in the case of unknown disclosure of online credentials.”

Also, companies — large and small — must take “reasonable” administrative, technical and physical steps to safeguard data. For example, executives have to put in place a data-security plan setting out specific tasks, but it is up to them to define them.

At the same time, the act does not give those harmed by mishandled data the right to file suit.

The law provides suggested tasks, and most are commonsense, including: destroy data in a timely fashion, assess internal and external data risks and train employees.

That freedom also leaves businesses with some exposure. Their idea of harm and reasonable steps might be judged insufficient after a major problem with data.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

IDNow, Microblink, Smartsearch look for market growth with key hires

IDNow, Microblink, and Smartsearch have each made key leadership announcements. Ranging from the C-suite, to global sales and regional expansion,…

 

Okta warns of trust gaps as AI agent deployments grow

As the deployment of AI agents keeps increasing across sectors, there are concerns about whether they are trusted by users…

 

Biometrics disrupting the future of movement, on and offline

Biometrics are disrupting different areas of life, from how people interact with governments for basic services to the esoteric world…

 

Alexa, sue Amazon: tech giant faces class action over voice recordings

Users of Amazon’s Alexa are clear to pursue a class action over allegedly illegal recordings of private conversations. In Seattle,…

 

Epic Games provides Yoti facial age estimation to Bluesky for UK users

Social media platform Bluesky has selected Epic Games’ software, including biometrics-based age estimation from Yoti, to ensure its compliance with…

 

RealSense targets robotics, 3D facial recognition security with $50M in hand

RealSense has cut the cord tying it to Intel Corp, where the 3D camera company was born, with $50 million…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events