Florida Passes New Data Breach Notification Law Requiring Enforcement of Civil Penalties For Untimely Notice


Personal information now includes online account information, health insurance policy numbers, and medical information -

Florida Governor Rick Scott signed into law the Florida

Information Protection Act of 2014 (“FIPA”) and repealed the state’s current breach notification law.1 FIPA, which will take effect on July 1, is arguably one of the strictest breach laws in the country. It expands the definition of personal information, defines a breach as “unauthorized access of data,” imposes new long-term duties on nearly all businesses with Florida customers or those businesses that maintain or use personal data about any person in Florida, and confers distinct enforcement powers on the Florida Department of Legal Affairs in the Office of the Attorney General.2 The new law also requires businesses to notify any Florida residents affected by a breach within thirty (30) days.

Florida’s new law follows the expanded definition of “personal information” that was adopted in California’s data breach notification law and includes “a user name or e-mail, in combination with a password or security question and answer that would permit access to an online account.”3 Personal information also now includes a first name or first initial and last name in combination with an individual’s “medical history, mental or physical condition, or medical treatment or diagnosis by a health professional” or “health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.”

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Data Breach, Data Protection, FIPA, Health Insurance, Notice Requirements, Personally Identifiable Information

Published In: General Business Updates, Communications & Media Updates, Consumer Protection Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »