Two years after the Equifax breach, New York has responded with a law that imposes stronger data security responsibilities on businesses that own or license electronic private information of New York residents, even if they do not conduct business in New York. In this second installment of our two-part article series covering the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, we provide guidance on how to comply with the Act and what the future of enforcement in New York and beyond looks like, with advice from Akin Gump partner Michelle Reed and Gail Gottehrer, founder of the Law Office of Gail Gottehrer LLC. Part one explored the SHIELD Act’s requirements and definitions. See also “The Hidden Requirements in NYDFS’ Cybersecurity Regulation” (Oct. 24, 2018).