One of the main components of the Data Security Act is to perform a Risk Assessment. This component is recommended to be performed by a 3rd party security consultant. This requirement is to be in place by July 1, 2019 and is to be performed annually by July 1st.