On March 21, the Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, a new law regarding data security, will go into effect. The SHIELD Act is an update to current New York State data standards. Under the old law, the New York attorney general could only act against a data breach. Now there’s no breach needed, and whistleblower complaints or customers who are suspicious about data collection or subsequent usage can trigger an email from the AG. The legal community expects that the law will be aggressively pursued.
This will be a game changer for retailers, which has relied on best practices rather than strict laws, as they swiftly prepare to uphold the new regulations imposed by the SHIELD Act. According to a Verizon report, retail accounts for only 4.8 percent of data breach incidents each year compared to 24.3 percent for financial service. Government agencies see more than 70 breach incidents a day. According to the National Retail Federation, “data thefts committed against retailers receive the most attention because retail stores are household names consumers know. In addition, many state data breach laws require only retailers to notify the public of breaches without requiring banks to do the same. That can lead to the incorrect assumption that retailers are responsible for the bulk of breaches and can leave consumers in the dark about hundreds of non-retail breaches each year that put them at risk of identity theft or financial harm.”
“For data brokers, in particular, people have tried [to find out what they know] and most of the time they won’t share it because that’s their product. The thing that has a value is all that data. So, they don’t want to give it away,” said University of Maryland assistant professor, Jennifer Golbeck, who specializes in data privacy at UMD’s College of Information Studies, in a recent interview on the Denver Channel. “It’s their data. It’s about you. And that, I think, is really the fundamental problem with how we think about data in the U.S.”
You can read the full PYMNTS article here.