NYPA vs. SHIELD Act: Unraveling New York's Privacy Legislation Differences
What is the difference between the NYPA and SHIELD act?
The New York Privacy Act (NYPA) and the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act differ significantly in their focus and provisions:
Scope and coverage: The NYPA applies to any entity that processes personal information of New York residents, while the SHIELD Act applies to any person or business that owns or licenses computerized data that includes private information.
Definition of personal information: The NYPA covers a broad range of data, such as biometric information, geolocation data, and browsing history, while the SHIELD Act defines personal information as social security numbers, driver's license numbers, and financial account information, among others.
Individual rights: The NYPA grants individuals the right to access, correct, and delete their personal information, among other rights, while the SHIELD Act does not include specific individual rights provisions.
Business obligations: The NYPA imposes obligations on businesses to obtain affirmative consent from individuals before processing their data, to disclose data sharing practices, and to meet certain data security requirements, while the SHIELD Act requires that businesses implement reasonable data security measures.
Penalties: The NYPA includes provisions for statutory damages and private rights of action, while the SHIELD Act does not provide for statutory damages but imposes penalties for businesses that fail to notify affected individuals of a data breach.
Overall, the NYPA is considered to be the more comprehensive and far-reaching privacy law among the two, while the SHIELD Act focuses primarily on cybersecurity and data breach notification requirements.