New York Data Privacy Rights: How to Remove Your Data Under SHIELD Act
Learn how to exercise your NY data privacy rights under the SHIELD Act. Discover step-by-step instructions to remove your personal data and protect your privacy today.
Understanding New York Data Privacy Rights: Your Guide to SHIELD Act Data Removal
New York residents enjoy some of the strongest data privacy protections in the United States. If you're concerned about your personal information being collected, sold, or shared by data brokers, you have legal rights under New York's privacy laws. This comprehensive guide explains your New York privacy rights, how to exercise them under the SHIELD Act, and how you can reclaim control of your personal data.
Overview of Privacy Laws in New York
New York has established itself as a leader in data privacy protection, with multiple laws working together to safeguard resident information.
The SHIELD Act: New York's Primary Privacy Law
The Stop Hacks and Improve Electronic Data Security (SHIELD) Act, enacted in 2019 and effective in 2020, represents New York's flagship data privacy legislation. This law applies to any business that collects personal information from New York residents, regardless of where the business is located.
Key aspects of the SHIELD Act include:
- Broad applicability: Covers any entity handling New York resident data
- Data breach notification requirements: Mandates notification of breaches without unreasonable delay
- Reasonable security standards: Requires businesses to implement appropriate safeguards
- Private right of action: Allows individuals to sue for violations
The New York Data Broker Law
Beyond the SHIELD Act, New York has specific regulations governing data broker law operations. Data brokers—companies that collect and sell personal information—must:
- Register with the New York Department of State
- Maintain accurate records about the data they collect
- Provide transparency about their data collection practices
- Allow consumers to access and correct their information
Relationship to Other Privacy Laws
While New York's laws are comprehensive, it's worth noting how they compare to other state privacy frameworks:
- CCPA (California): The California Consumer Privacy Act influenced New York's approach, though New York's SHIELD Act has broader applicability
- GDPR (Europe): New York's privacy standards align somewhat with GDPR principles, particularly regarding data subject rights
Your Specific Rights Under New York Privacy Laws
As a New York resident, you have several explicit rights regarding your personal data.
Right to Know and Access
You have the right to know:
- What personal information a company collects about you
- How they use that information
- Who they share it with
- Whether they sell your data
Companies must respond to access requests within 30 days, and the information must be provided in a clear, understandable format.
Right to Data Deletion
One of the most powerful rights under New York privacy rights legislation is the right to request deletion of your personal information. You can ask companies to delete:
- Personal identifiers (name, address, email, phone number)
- Commercial information
- Biometric information
- Internet activity and browsing history
- Location data
- Inferences drawn about you
Right to Opt-Out of Data Sales
You can instruct data brokers and companies not to sell your personal information. This right is particularly important given how extensively personal data is traded in the online marketplace.
Right to Correction
If a company holds inaccurate information about you, you can request correction. This is especially valuable for data brokers who may have outdated or incorrect information in their databases.
Right to Non-Discrimination
Companies cannot penalize you for exercising your privacy rights. They cannot:
- Deny you goods or services
- Charge you different prices
- Provide different quality of service
- Retaliate against you in any way
How to Exercise Your Data Deletion Rights
Taking action to remove your data involves several steps, ranging from direct requests to regulatory complaints.
Step 1: Identify Which Companies Have Your Data
Before you can request deletion, you need to know who has your information. Start by:
- Reviewing your email accounts for marketing messages and data collection notifications
- Checking websites you've visited and services you've used
- Searching for your name on people search websites and data broker sites
- Reviewing your credit reports (available free at annualcreditreport.com)
Step 2: Locate Privacy Policies and Data Request Forms
Most companies maintain privacy policies explaining their data practices. Look for:
- "Privacy Policy" or "Privacy Center" links on websites
- "Do Not Sell My Personal Information" links (required by law)
- Data subject request forms or contact information
- Email addresses or online portals for privacy requests
Step 3: Submit Data Deletion Requests
When submitting requests, be specific and clear:
- Provide your full name and any aliases you use
- Include email addresses and phone numbers associated with your accounts
- Specify the type of data you want deleted
- Request confirmation of deletion
- Keep copies of all correspondence
Step 4: Follow Up and Document Responses
Companies must respond within 30 days. If they don't:
- Send a follow-up request
- Document all dates and attempts to contact
- Save copies of all communications
- Prepare to escalate to the New York Attorney General if necessary
Step 5: Consider Automation
Given the number of data brokers operating in New York, manual requests can be time-consuming. Many residents find it more practical to use automated services like GhostMyData to handle removal requests across multiple platforms simultaneously.
Which Data Brokers Operate in New York
Numerous data brokers collect and sell information about New York residents. These include:
Major Data Brokers:
- Experian and its subsidiary companies
- Equifax and related entities
- TransUnion
- Acxiom and its subsidiaries
- Spokeo and similar people search sites
- Whitepages and related platforms
- TruthFinder
- BeenVerified
- PeopleFinder
- Instant Checkmate
Data Aggregators:
- CoreLogic
- LexisNexis
- Epsilon
- Oracle Data Cloud
- Neustar
Online Marketers:
- Facebook and Meta platforms
- Amazon
- Microsoft
- Various advertising networks and exchanges
These companies maintain extensive profiles on millions of New York residents, including contact information, financial data, health information, and behavioral patterns. The good news: you have the legal right to demand removal from their databases.
Step-by-Step: Filing a Complaint with the New York Attorney General
If companies fail to honor your data deletion rights, you can file a complaint with the New York Attorney General's office.
Step 1: Gather Documentation
Before filing, collect:
- Copies of your original deletion requests
- Proof of submission (email receipts, certified mail receipts)
- Dated responses (or lack thereof)
- Documentation of any issues encountered
- Screenshots of your information on company websites
Step 2: Visit the Attorney General's Website
Navigate to the New York Department of Law website and locate their consumer complaint section. The Attorney General's office handles privacy complaints under the SHIELD Act.
Step 3: Complete the Complaint Form
Provide detailed information including:
- Your name and contact information
- The company's name and contact details
- Specific dates of your deletion requests
- Description of the company's response or non-response
- Explanation of how the violation harmed you
- Copies of supporting documentation
Step 4: Submit Your Complaint
You can typically file complaints:
- Online through the Attorney General's website
- By mail to the New York Department of Law
- By phone to their consumer protection hotline
Step 5: Follow the Investigation Process
The Attorney General's office will:
- Review your complaint for validity
- Contact the company for their response
- Investigate if warranted
- Potentially take enforcement action
- Update you on the status
Note: The Attorney General prioritizes complaints involving multiple violations or widespread patterns of non-compliance.
How GhostMyData Automates Removals Under New York Privacy Laws
Manually requesting data removal from dozens of data brokers is overwhelming and time-consuming. GhostMyData simplifies this process through automation.
How It Works
1. Comprehensive Scanning
Start with our free scan to identify which data brokers and companies have your information. Our system scans major databases and provides a detailed report of where your data appears.
2. Automated Removal Requests
Rather than submitting individual requests to each company, GhostMyData:
- Prepares legally compliant deletion requests
- Submits requests across multiple platforms simultaneously
- Tracks responses from each company
- Handles follow-ups and escalations
- Maintains detailed documentation
3. SHIELD Act Compliance
Our service ensures all requests comply with New York's SHIELD Act requirements:
- Proper identification and verification
- Clear specification of data to be deleted
- Adherence to 30-day response requirements
- Documentation for potential complaints
4. Ongoing Monitoring
Data brokers sometimes re-list information after deletion. GhostMyData provides:
- Periodic rescans to check for data reappearance
- Automatic re-submission of removal requests
- Long-term protection against data re-listing
Why Choose Automation
Manual removal requests require:
- Time: 20-30+ hours of research and submission
- Expertise: Understanding each company's specific procedures
- Persistence: Following up on non-responses
- Documentation: Tracking all communications for potential complaints
GhostMyData handles all of this, allowing you to reclaim your privacy without the administrative burden.
Comparing Your Options
When considering how to exercise your New York data broker law rights, you have three paths:
DIY Approach
- Cost: Free (your time)
- Coverage: Limited to companies you identify
- Completeness: Depends on your diligence
- Maintenance: Requires ongoing monitoring
Legal Services
- Cost: $1,000-5,000+
- Coverage: Comprehensive
- Completeness: Professional handling
- Maintenance: Often included
Automated Services (GhostMyData)
- Cost: Affordable monthly or annual subscription
- Coverage: Extensive data broker network
- Completeness: Professional-grade requests
- Maintenance: Continuous monitoring and re-submissions
For most New York residents, automated services offer the best balance of cost, effectiveness, and convenience. Check our pricing page to see options that fit your needs.
FAQ: New York Privacy Rights and Data Removal
What is the SHIELD Act and how does it protect my data?
The SHIELD Act (Stop Hacks and Improve Electronic Data Security) is New York's primary data privacy law. It requires companies to implement reasonable security measures, notify you of breaches, and respect your rights to access, delete, and correct your personal information. Unlike some privacy laws that only apply to large companies, the SHIELD Act applies to virtually any business handling New York resident data.
How long do companies have to respond to my data deletion request?
Under New York privacy laws, companies must respond to your data deletion request within 30 days. This means they should either delete your information or provide a detailed explanation of why they cannot (such as legal obligations to retain the data). If a company doesn't respond within 30 days, this constitutes a violation you can report to the Attorney General.
Can data brokers refuse to delete my information?
Data brokers have limited grounds to refuse deletion. They cannot refuse simply because they want to keep selling your data. However, they may claim exceptions for:
- Legal obligations (law enforcement requests, court orders)
- Fraud prevention and security
- Debt collection purposes
- Certain financial transactions
Even with these exceptions, you can still request deletion of specific data types. If a data broker refuses without legitimate justification, you can file a complaint with the New York Attorney General.
What should I do if a company doesn't respond to my deletion request?
If a company fails to respond within 30 days:
- Send a follow-up request via certified mail
- Document the date and method of your follow-up
- Wait an additional 15 days
- If still no response, file a complaint with the New York Attorney General
- Consider using automated services like GhostMyData to handle escalation
Is GhostMyData's service legal under New York privacy laws?
Yes. GhostMyData operates as your authorized representative, submitting data deletion requests on your behalf. This is explicitly permitted under New York privacy laws. We comply with all SHIELD Act requirements, including proper identification, clear request specifications, and documentation standards. Our service helps you exercise rights that are already yours under law.
---
Take Control of Your Privacy Today
Your personal information is valuable—to you and to data brokers who profit from it. Under New York's SHIELD Act and data broker laws, you have powerful rights to know what's collected, demand deletion, and opt out of sales.
Don't let your data remain in the hands of hundreds of companies. Start your journey to digital privacy today:
- Take our free scan to see where your data appears
- Review your pricing options for removal services
- Learn more about how it works with GhostMyData
Or, if you prefer to handle requests manually, use the step-by-step guidance in this article to exercise your rights directly. Either way, the time to act is now. Your New York privacy rights are waiting to be used.
Ready to remove your data? Start your free scan with GhostMyData today and take back control of your personal information.
Ready to Remove Your Data?
Stop letting data brokers profit from your personal information. GhostMyData automates the removal process.
Start Your Free ScanGet Privacy Tips in Your Inbox
Weekly tips on protecting your personal data. No spam. Unsubscribe anytime.
Related Articles
Washington Data Privacy Rights: How to Remove Your Data Under MHPDA
Learn your Washington privacy rights under MHPDA. Discover how to remove your personal data, protect your information, and take control today. Start now.
Ohio Data Privacy Rights: How to Remove Your Data Under Privacy laws
Discover your Ohio data privacy rights and learn how to remove your personal data under state privacy laws. Take control of your information today. Read our guide.
Georgia Data Privacy Rights: How to Remove Your Data Under Privacy laws
Learn how to exercise your Georgia privacy rights and remove your personal data. Discover step-by-step guidance on data deletion requests under state privacy laws. Take control today.