New York Shield Act

What is the New York SHIELD Act?


The New York SHIELD (Stop Hacks and Improve Electronic Data Security) Act is legislation that enhances cybersecurity and data privacy in the state of New York by expanding the scope of information covered and requires businesses to implement specific data security measures.

The act requires businesses that hold New York residents’ private information to develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the information.

Based on the risk assessment, businesses must implement appropriate security controls to protect personal data. These controls include technical, physical, and administrative measures such as encryption, access controls, logging and monitoring, incident response plans, employee training, etc.

The SHIELD Act updated the existing New York data security legislation by also broadening the definition of a data breach to include unauthorized access to private information and requires timely notification to affected individuals and relevant authorities in the event of a breach.


MergeBase and the New York SHIELD Act


MergeBase, as a cybersecurity company, is fully committed to upholding the stringent standards set forth by the New York SHIELD Act. Our dedication to data security is not just a compliance measure but a core component of our operational ethos.

We understand the intricacies of the SHIELD Act and recognize the importance of robust data protection. Our team of experts is well-versed in the most effective and appropriate data security measures, ensuring that every aspect of our operations aligns with the act’s requirements.

At MergeBase, compliance with the SHIELD Act is an ongoing endeavor integrated into our daily activities. We employ a comprehensive range of administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of personal information.

Our proactive approach involves regular risk assessments, continuous monitoring, and timely adaptation to emerging threats and vulnerabilities. By doing so, we not only adhere to the legal requirements of the SHIELD Act but also reinforce our commitment to safeguarding our client’s data with the utmost diligence and expertise.


How Can MergeBase Help You Comply with the New York SHIELD Act?


MergeBase can help you comply with the SHIELD Act by helping you implement the security safeguards for protecting the personal data you hold.

In particular, our solution can help you with:

  • Vulnerability Management — MergeBase’s automated vulnerability management system continuously scans applications and software components for weaknesses, identifying potential security risks that could lead to data breaches. This gives businesses a proactive approach to addressing vulnerabilities before they are exploited.

  • Secure Development Practices — MergeBase integrates seamlessly into the Software Development Lifecycle (SDLC), providing developers with real-time feedback on vulnerabilities during coding, suggesting secure coding practices, and offering upgrade guidance during build phases. This helps eliminate security flaws from the start, minimizing the risk of data breaches.

  • Runtime Protection — MergeBase provides runtime protection against known vulnerabilities in software components. This helps prevent breaches even if an attacker exploits an unidentified vulnerability, buying time for businesses to patch the vulnerability and minimize the impact of the breach.

  • Reduced False Positives — MergeBase’s intelligent vulnerability management system minimizes false positives, ensuring businesses focus on critical vulnerabilities and prioritize notifications based on actual risks. This saves time and resources compared to dealing with unnecessary notifications.