Can I skip monitoring and auditing compliance with CCPA in New York? What are the requirements?

Monitoring and Auditing CCPA Compliance in New York

Based on the context documents, there is no mention of CCPA (California Consumer Privacy Act) compliance in New York. However, New York has its own data privacy law called the New York State Stop Hacks and Improve Electronic Data Security (SHIELD) Act ^[2]. The SHIELD Act requires businesses that collect private information from New York residents to implement reasonable data security measures and to notify affected individuals in the event of a data breach.

Therefore, it is important for businesses to monitor and audit compliance with the SHIELD Act in New York. The requirements include:

• Implementing reasonable data security measures
• Designating an employee or employees to coordinate the security program
• Identifying reasonably foreseeable internal and external risks
• Assessing the sufficiency of safeguards in place to control the identified risks
• Training employees in the security program practices and procedures
• Selecting service providers capable of maintaining appropriate safeguards and requiring those safeguards by contract ^[2]

It is important to note that this is not an exhaustive list of requirements and businesses should consult the SHIELD Act for a complete understanding of their obligations.

Therefore, businesses cannot skip monitoring and auditing compliance with the SHIELD Act in New York.

Source(s):

• [2] Relates to enacting the New York child data privacy and protection act [SAME AS A04967]

Jurisdiction

New York

• Privacy