I like to talk a lot about how the NY SHIELD Act puts proactive requirements on every business that handles New Yorkers’ personal information. Meaning that the information businesses (like law firms) store about their clients is subject to the SHIELD Act.
No, literally. I just gave two presentations on this issue in the last couple weeks and am booked to present to the New York Bar Association tomorrow. (You can register here, wink). It’s hard to catch me not mentioning this multiple times per day.
But, it’s easy to forget that the reason for these requirements is to minimize your risk of data breach.
Who wants to be the guy who has to call “THE BOSS” (aka Bruce) and tell him that his personal information has been hacked?
Last week, Variety reported that entertainment law firm Grubman Shire Meiselas & Sacks was subjected to a major data breach of 756 gigabytes of documents regarding several well known music and entertainment figures, including: Lady Gaga, Madonna, Nicki Minaj, Bruce Springsteen, Mary J. Blige, Ella Mai, Christina Aguilera, Mariah Carey, Cam Newton, Bette Midler, Jessica Simpson, Priyanka Chopra, Idina Menzel and Run DMC.
The thing that I found interesting about this story was the firm’s statement to Variety: “We have hired the world’s experts who specialize in this area…” Notice they didn’t say, “we have implemented our incident response plan and our cybersecurity response team has been working on it as soon as they became aware of the issue.” Their response suggests they were caught flat footed, i.e., that their response was to hire someone. I would hate to have to explain to the Boss why they don’t already have a plan in place for this sort of thing. Perhaps if they had a plan in place, it might not have happened in the first place?
I wonder what kind of client list they will have next year.