May 24, 2022

Volume XII, Number 144

Advertisement
Advertisement

May 23, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Privacy Monday – June 30, 2014

Not only the last Monday in June, but the last day of June.    There are quite a few privacy-related things taking effect tomorrow, July 1.   Some reminders:

Florida Amendments to Data Breach Notification Law

The Florida Information Protection Act of 2014 (“FIFA”) takes effect tomorrow.   The FIFA essentially repeals Florida’s existing data breach notification law and replaces it with one of the nation’s most extensive laws relating to data security and notification.

  • The definition of “personal information” now includes “a user name or e-mail in combination with a password or security question and answer that would permit access to an online account.

  • Notice must be provided within 30 days of the incident

  • When a breach affects more than 500 Florida residents notice must be provided to the Attorney General’s office (see more below).

  • If you rely on Florida’s “risk of harm” exception to avoid providing notice, it will require that the entity investigate the incident, consult with federal, state or local law enforcement and report to the AG of such determination within 30 days.

The Attorney General notice requirement differs in a material way from the other states that have a regulatory reporting requirement.  The notice must contain information about “[a]ny services related to the breach to be offered or scheduled to be offered…”   Although the AG is specifically required to be notified of credit monitoring or identity theft services to be offered, most notices to consumers contain all the information required by FIPA.   Attention must be paid to the second requirement:   Upon request, the entity must provide: (1) “a police report, incident report, or computer forensics report”; (2) “a copy of the policies in place regarding breaches”; and (3) “steps that have been taken to rectify the breach.”    When launching into an investigation of a data breach, remember that attorney-client privilege is important when engaging with investigatory service providers who will create documentation such as “incident” reports or “computer forensics” reports.

Kentucky’s New Data Breach Notification Law

Kentucky became the 47th state to enact a data breach notification law.

Canada’s Anti-Spam Law

Canada’s draconian anti-spam law (known as CASL) goes into force tomorrow.   U.S. companies should have compliance programs in place and should have been carefully examining email lists to either obtain express consent or at least determining whether they could be subject to CASL.  Fines of up to CSD$10 million can be imposed under CASL and the Canadian Radio-Television and Telecommunications Commission has already announced its intention to enforce.  Take it seriously.

Happy Canada Day (July 1) to our Canadian readers and Happy Independence Day (July 4) to our US readers!

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume IV, Number 181
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...

617-348-1732
Advertisement
Advertisement
Advertisement