Skip to Main Content


Don't Forget Your WISP

Oct 27, 2020

By Mary F. Ognibene

This past Summer I revisited the data security requirements of New York’s “Stop Hacks and Improve Electronic Data Security (SHIELD) Act,” which became law on March 21, 2020. As I mentioned then, the inadvertent timing of that overlap with the beginning of the Coronavirus pandemic in New York State underscores the importance of data security as threats steadily increase while frameworks adapt to large portions of the economy switching to remote work.

You can see my last article here: Develop a WISP to Document Data Security Protocol

In that piece, I mentioned the necessity of a data protection program as the heart of the SHIELD data security requirement, to be developed by individuals and businesses (regardless of physical location) if they own or license computerized data that contains private information of New York residents. A business can craft and adopt a written information security plan (a “WISP”) to memorialize its data security protocol responsive to the requirements of SHIELD. WISPS should reflect the reasonable administrative, technical and physical safeguards prescribed by New York State.

With that said, a business owner might be left wondering what to do now; What should a WISP look like? How can it be responsive to NYS requirements while reflecting my company’s IT systems in operation today? Where do I begin?

MCCM is currently working with Just Solutions, Inc., a Rochester area IT service provider, to answer those questions and guide clients through the development of individualized WISPs. MCCM will be engaged by clients to draft the WISPs, while Just Solutions will separately engage with such clients to assess their internal IT systems against SHIELD and then remediate gaps and audit for compliance in accordance with the WISPs once completed.

We encourage clients to contact us should there be a need to craft an individualized WISP or review an existing one against current IT systems.

MCCM and Just Solutions will also be offering periodic webinars about this very topic, so keep an eye out for future notices.

This publication is intended as an information source for clients, prospective clients, and colleagues and constitutes attorney advertising. The content should not be considered legal advice and readers should not act upon information in this publication without individualized professional counsel.

About MCCM

McConville Considine Cooman & Morin, P.C. is a full-service law firm based in Rochester, New York, providing high-quality legal services to businesses and individuals since 1979.  With over a dozen attorneys and a full paralegal support staff, the firm is well-positioned to right-size services tailored to each client. We are large enough to provide expertise in a broad range of practice areas, yet small enough to devote prompt, personal attention to our clients.

We represent a diverse range of clients located throughout New York State and New England.  They include individuals, numerous manufacturing and service industry businesses, local governments, and health care professionals, provider groups, facilities and associations. We also serve as local counsel to out-of-state clients and their attorneys who have litigation pending in Western New York courts.  For more information, please contact us at 585.546.2500.