The Florida House of Representatives passed a unanimous vote which Florida Governor Rick Scott signed into law. The bill repeals the state's current data security breach law and replaces it with what some are calling the nation's broadest and most encompassing breach law. The Florida Information Protection Act of 2014, which becomes effective July 1, requires companies to take reasonable measures to protect and secure data containing personal information in electronic form and requires notice to individuals of data security breaches under certain circumstances.
Among other measures, the law will allow the Florida Attorney General to require a copy of the incident or forensic report, along with copies of the companies' policies and procedures at the time of the data breach. Requiring a company to provide this level of detailed sensitive information and repealing rather than amended existing law is ground-breaking.
Florida businesses are required to report electronic data breaches within 30 days of the breach. Fines of up to $500,000 for violations of the Act can be assessed.
Key highlights from the amended Act:
- Expands the definition of “personal information” to now include medical information, health insurance number and online account information (i.e., username and password, e-mail address);
- Expands the regulatory scope to state governmental agencies, which can now be held accountable for electronic data breaches;
- Requires notification to the state attorney general if the breach involves over 500 Florida residents; and,
- Requires both state governmental agencies and private businesses to implement proper data privacy and security protections.
In addition, the State Attorney General is now required to report annually to the State Legislature on data breaches by governmental agencies and to enforce the Act under the state’s Unfair and Deceptive Trade Practices Act. The Governor was quoted saying, “Cyber breach laws are only getting broader, and Florida is not likely to be the last to introduce and pass a broad law”.
Data security exploits are in the news daily.
Some questions to consider about your data security include:
CBIZ Security & Advisory Services, LLC has the capability to help you prevent data breaches, avoid fines, and stay out of the headline news. If you could benefit from an evaluation of your security posture or would like to discuss these questions further, email us at firstname.lastname@example.org to set up a time to talk, or contact me at email@example.com at (901) 685-5575.
- What are you doing to protect yourself and your customer?
- How will your organization respond if you suffer a breach of personally identifiable information or credit card information?
- Are you concerned about liability and fines that you could incur resulting from a data breach?