Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo

Regulation dossier

New York, United States

New York SHIELD Act

CybersecurityIn Effect

A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.

Plain-English summary

What this regulation means

Built for operators

The SHIELD Act broadened New York breach-notification rules and requires reasonable administrative, technical, and physical safeguards for private information.

Reading guide

Use the timeline below to see how the rule progressed from enactment to current obligations.

Related regulations surface adjacent requirements in the same jurisdiction or policy lane.

Timeline

Regulatory lifecycle

Sequence: Introduced -> Signed -> In Effect
  1. 1

    May 7, 2019

    Introduced

    New York lawmakers introduced the SHIELD Act to expand breach notice and data security duties.

  2. 2

    Jul 25, 2019

    Signed

    The governor signed the SHIELD Act, updating New York privacy and breach notification rules.

  3. 3

    Mar 21, 2020

    In Effect

    The data security requirement for private information became effective in New York.

Pro feature

📊 Stay ahead of this regulation

Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.

  • →Email alerts when this regulation is updated or enforced
  • →Export to CSV or JSON for compliance reporting
  • →API access to integrate regulation tracking into your workflows
See what's included

Subscribe for regulation alerts

Get alerts for this regulation →

Free weekly digest for compliance professionals following material legal changes.

No spam. Professional updates only.

Free to join. Unsubscribe anytime.

Related regulations

What else belongs on the watchlist

Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.

New York, United States

NYDFS Part 500 Cybersecurity Regulation

CybersecurityAmended

New York requires covered financial entities to maintain a risk-based cybersecurity program, governance controls, incident reporting, and documented policies. The 2023 amendments strengthened board and senior-governance accountability, privileged-access management, asset inventory, vulnerability management, and incident notice requirements. Larger Class A companies face additional controls such as independent audits and enhanced monitoring.

Effective
Nov 1, 2023
View detail

New York, United States

New York Child Data Protection Act

PrivacyIn Effect

New York requires operators of covered online sites, services, and connected devices to provide privacy-by-default protections for minors and to limit data processing unless a statutory exception applies. It affects operators directed to children or that know a user is under 18, with special focus on profiling, data transfers, and persistent identifiers.

Effective
Jun 20, 2025
View detail

New York, United States

NYC Automated Employment Decision Tools (Local Law 144)

AI RegulationIn Effect

New York City bars employers and employment agencies from using automated employment decision tools unless they complete a bias audit, publish summary results, and provide required notices. It affects hiring and promotion workflows that rely on algorithmic scoring or recommendations for candidates and employees in the city.

Effective
Jul 5, 2023
View detail