Section 501.171 repeals and wholly replaces Florida’s existing data breach law and went into effect on July 1, 2014. It applies to every business that handles “personal information” of Florida residents and requires these businesses to take proactive “reasonable measures” to secure data.
The definition of personal information is quite broad and includes social security numbers, healthcare information, health insurance policy number, credit card numbers, and “a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.
It includes a data records disposal provision: “…Such disposal shall involve shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any means.”
There is no private right of action, but a “violation of this section shall be treated as an unfair or deception trade practice in any action brought by the Florida Attorney General…against a covered entity or third party agent.” Civil penalties are not to exceed $5000,000 and will go into the General Revenue Fund.
Find us on Facebook and LinkedIn