Enter to open, tab to navigate, enter to select
Florida Enacts Florida Information Protection Act of 2014
Practical Law Legal Update 5-572-1510 (Approx. 3 pages)
Florida Enacts Florida Information Protection Act of 2014
by Practical Law Intellectual Property & Technology
| Published on 23 Jun 2014 • Florida |
Florida enacted the Florida Information Protection Act (FIPA) of 2014 with significant differences from its existing breach notification law. FIPA will take effect on July 1, 2014.
On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act (FIPA) of 2014 to take effect on July 1, 2014 (CS/CS/SB 1524 - Security of Confidential Personal Information).
Some significant differences between FIPA and Florida's existing breach notification law (West's F.S.A. § 817.5681) include:
- Attorney General notification. Breached entities must notify Florida's Attorney General within 30 days of a breach affecting more than 500 Florida residents.
- Broader definition of personally identifiable information (PII). FIPA expands the PII definition to include the username or e-mail address combined with a password or security questions and answers allowing access to an online account.
- Shortened breach notification period. Breached entities must notify affected individuals no later than 30 days after the breach. The existing law required breached entities to notify within 45 days after the breach.
- E-mail notification. FIPA allows breach notification to affected individuals by e-mail.
- Incident and forensic reports. If the Florida Attorney General requests, breached entities must provide incident reports, data forensic reports and company policies regarding breaches.
- Proactive security requirements. FIPA requires companies maintaining PII to adopt reasonable measures to protect and secure PII.
- Attorney General enforcement. Violating FIPA automatically violates Florida's Deceptive and Unfair Trade Practices Act, enforceable only by the Florida Attorney General.