New Florida Data Security and Breach Law Effective July 1
Thursday, June 26, 2014
Print Mail Download i

Businesses that maintain individuals’ confidential, personal information may need to be more alert in protecting this data under the Florida Information Protection Act of 2014, signed into law by Governor Rick Scott. 

The new law, which some have called one of the broadest and most encompassing data security breach laws in the nation, imposes on covered entities a statutory requirement to safeguard Floridians’ personal information, to report a breach to the state attorney general, and to comply with other affirmative obligations. The new law becomes effective July 1, 2014; the previous statute (Section 817.5681, Florida Statutes) is repealed. 

Key provisions of the new law state:

  • A “covered entity” means a sole proprietorship, partnership, corporation, trust, estate, cooperative, association, or other commercial entity that acquires, maintains, stores, or uses personal information.

  • “Personal information” means an individual’s first name or initial and last name, in combination with (i) a social security number, (ii) drivers’ license or identification card number, or (iii) account number, credit or debit card number in combination with any required security code or password to access the account OR an individual’s user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.

  • Covered entities must safeguard the personal information they maintain. Other states with this requirement include California, Connecticut, Maryland, Massachusetts, and Oregon. 

  • An individual affected by a breach must be notified as expeditiously as possible, but no later than 30 days from discovery of the breach when the individual’s personal information was, or the covered entity reasonably believes it was, accessed as a result of a breach.

  • If the breach affects at least 500 Floridians, the state’s Attorney General must be notified no later than 30 days after determination that a breach has occurred or reason to believe one had occurred. In addition, the attorney general may require covered entities to provide copies of their policies regarding breaches, steps taken to rectify the breach, and a police report, incident report, or computer forensics report.

On the passage of the law by the state Senate, current Attorney General Pam Bondi promised greater enforcement of the data breach law. 

Businesses in Florida (and possibly those outside the Sunshine State) that maintain personal information about Florida residents should take steps to be sure they have reasonable policies and procedures in writing to safeguard such information.  

Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

Pregnant Workers Fairness Act Final Regulations Released
by: Joseph J. Lynett , Katharine C. Weber
USCIS Issues Employment Authorization Procedures for Palestinians on Deferred Enforced Departure
by: Forrest G. Read IV
OSHA Proposes Expansion of Workplace Protections for Emergency Responders
by: Courtney M. Malveaux , Melanie L. Paul
Ninth Circuit Holds Warehouse Worker Qualifies as Transportation Worker Under FAA Exemption
by: Scott P. Jang
MSHA Issues Long Awaited Final Silica Rule
by: Karl F. Kumli
Labor Commissioner’s FAQ on Fast Food Minimum Wage
by: Laura A. Pierson-Scheinberg , Benjamin A. Tulis
New Study Shows Gen Z LGBTQIA+ Students, Graduates Value, Seek Out Inclusive Workplaces
by: Teresa Burke Wright , Alexandra Hunstein
DHS Extends, Redesignates Temporary Protected Status for Ethiopia
by: Forrest G. Read IV
Privacy Versus Cyber – What is the Bigger Risk?
by: Joseph J. Lazzarotti
Top Five Labor Law Developments for March 2024
by: Jonathan J. Spitz , Richard F. Vitarelli

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins