The new provisions to New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) require organizations to fortify their data security programs and significantly expands businesses’ liability risks. This will force organizations to reconsider how they’re protecting personal data, especially at a time when hackers are exploiting the coronavirus pandemic to launch a fresh wave of attacks.
In an interview with Law360, Matthew Dunn, Associate Managing Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, states "This law really forces companies to take cybersecurity much more seriously and take a much deeper dive to look at what security measures they have in place and whether they'd be susceptible to fines because they don't have what the law says are reasonable security measures." Mathew further discusses that the landscape will likely lead to not only more breach reports, but also more questions about how companies are protecting their networks, as IT departments try to ensure that people have access to the network when working from home, and that they're keeping the company up and running. It’s a delicate balance.
The full article is available to Law360 subscribers here.