Here Is How Much A SHIELD Fine Can Cost You

If you can’t protect your clients’ data, it’s going to cost you sooner or later. In 2019, New York’s governor signed the SHIELD act into law, which requires every business to implement safeguards to protect private information.

Do you know how much you’ll have to pay if your clients’ data gets hacked?

Are You Protecting Your Clients’ Data?

Maybe not as well as you should be.

As of a few years ago, a third of in-house counsel respondents in “The State of Cybersecurity Report: an in-house perspective” reported that they had experienced a data breach – and cybercrime is only expected to grow, with the occurrence rate of data breaches estimated to increase by 22.5% each year up to 2023.

According to a recent study by the American Bar Association (ABA):

  • 75% are using some anti-virus software.
  • 58% of responding firms are using a firewall or anti-phishing software.
  • 33% are using email encryption software.
  • 25% are using device encryption software.
  • 17% have some directory security in place.
  • 25% have an employee training program involving cybersecurity.

Those numbers don’t reflect well on the legal industry. If you’re included in them, you could be facing serious fines…

How Much Could A SHIELD Fine Cost You?

Before the implementation of the NY Shield Act, you could have been subject to a $5,000 ($10 per instance) fine for failing to notify. It would end up being whichever figure was higher, up to a total of $150,000.

With the NY Shield Act, these fines are increased to $20 per incident with a maximum of $250,000. That’s not to mention that you could face a fine up to three years after an incident rather than two years.

That’s why you need to make sure your clients’ data is secure…

What Does SHIELD Compliance Mean For You?

Those subject to the SHIELD Act must demonstrate that they have implemented a data security program that addresses various safeguard requirements, such as:

  • A data security program created with a designated employee or team managing it.
  • Training and testing all employees on up-to-date security practices and protocols.
  • Assessing your environment to ensure all internal and external risks are identified.
  • Implementing the proper controls to minimize the internal and external risks.
  • Vetting service providers to ensure they’re bound to a contract to safeguard data.
  • A data destruction policy in place to ensure data is destroyed once it’s no longer deemed necessary for business purposes.

Need expert assistance?

PNJ Technology Partners will help implement robust security measures, deploying security devices like firewalls, patching, antivirus software updates, intrusion, and gateway protection.

Like this article? Check out the following blogs to learn more:

The Hidden Costs of Your Next Data Breach,

Phishing Emails: Why They’re a Threat & How to Protect Your Business

Why Business Must Have A Security Focused IT Consulting Company