Personal information now includes online account information, health insurance policy numbers, and medical information -
Florida Governor Rick Scott signed into law the Florida
Information Protection Act of 2014 (“FIPA”) and repealed the state’s current breach notification law.1 FIPA, which will take effect on July 1, is arguably one of the strictest breach laws in the country. It expands the definition of personal information, defines a breach as “unauthorized access of data,” imposes new long-term duties on nearly all businesses with Florida customers or those businesses that maintain or use personal data about any person in Florida, and confers distinct enforcement powers on the Florida Department of Legal Affairs in the Office of the Attorney General.2 The new law also requires businesses to notify any Florida residents affected by a breach within thirty (30) days.
Florida’s new law follows the expanded definition of “personal information” that was adopted in California’s data breach notification law and includes “a user name or e-mail, in combination with a password or security question and answer that would permit access to an online account.”3 Personal information also now includes a first name or first initial and last name in combination with an individual’s “medical history, mental or physical condition, or medical treatment or diagnosis by a health professional” or “health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.”
Please see full publication below for more information.