CyberspaceIn a harbinger of data-breach-laws to come, the Florida State Legislature just passed a new Florida Information Protection Act, which establishes tough new notification requirements for businesses and governmental entities. With the rapid increase in data breaches and growing awareness of the dangers, this Act may become a model for other states.

Florida’s Act provides new notice requirements and possible civil penalties arising out of a data breach incident when the notice requirements are not followed. It requires covered businesses and governmental entities to take “reasonable measures to protect and secure data in electronic form containing personal information.”

In the Florida Act, “personal information” is defined to include (1) a person’s name in combination with (a) a social security number, driver’s license number, passport number, and/or other similar number on a government ID, (b) a financial account, debit card or credit card number in combination with a related password or access code, (c) medical history information, or (d) a health insurance policy number or identification number; or (2) a user name or email address in combination with a password or security question and answer that would permit access to an online account. Under the Act, a “breach” is considered the “unauthorized access of data in electronic form containing personal information.”

With regard to the new notice requirements, the Act requires businesses and government entities to give notice to consumers “no later than 30 days after the determination of a breach or reason to believe that a breach occurred” unless the breach qualifies for exceptions. Exceptions include circumstances where information was released during an ongoing criminal investigation or the covered entity determines, after consultation with law enforcement, “that the breach has not and will not likely result in identify theft or other financial harm.” This latter exception must be documented in writing and it must be maintained for 5 years.

The Act sets out exactly what must be included in the notice to individuals. And if a breach could affect more than 500 people, the Attorney General’s office must also be notified within 30 days, along with other notice requirements.

Failure to adhere to the Act could be deemed “an unfair and deceptive trade practice” and also subject the covered entity to a civil penalty up to $500,000, with the penalties being imposed based on the number days the party is in violation of the Act. However, the Act does specifically state that it does not create a private right of action.

Forty-seven states have now enacted data breach notification statutes, but Florida is one of just seven states that require notification within a specific period of time – 30 days from determination of the breach. States that do not require a specific time period tend to use broader language merely requiring notice in a reasonable time. Florida is also one of only a handful of states that has expanded the definition of “personal information” to specifically include a user name/email address and password to access an online account.

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014

View Mobile Version

Our Locations
Stuart Office
2041 E. Ocean Boulevard
Stuart, FL 34996

Phone: (772) 287-3366
Fax: (772) 287-4439
Toll Free: (800) 273-9800
Open: Monday - Friday
 8:00 AM - 4:30 PM
Tequesta Office
400 N. Cypress Drive, Suite 24
Tequesta, FL 33469

Phone: (561) 745-8894
Fax: (561) 745-8871
Toll Free: (866) 556-6766
Open: Monday - Friday
8:30 AM - 5:00 PM
© Copyright. All rights reserved. Powered by Insurance Website Builder. Click Here for our Web Site Privacy Policy.