Florida Gets Serious With Data Privacy

July 1st was a big day in Florida if you’re a follower of info security news. That was the day Florida’s new Florida Information Protection Act (FIPA) came into effect and had immediate consequences for anyone that does business in Florida, has employees there or has customers that reside there.

There’s some decent analysis by a number of different law firms online but let’s take a look at what some of the highlights within FIPA are:

  • There are two types of records that must received increased protection: Personal Information and Customer Records
  • The definition of personal information is very broad, but includes anything ranging from Social Security numbers to driver’s ID, financial information and more.
  • For customer records, it is any personal information that’s collected for purchasing, leasing or obtaining a product or service
  • Notification requirements are also in place and companies have to follow them in the event of a breach. Depending on the situation and scale of the data breach, the Florida Department of Legal Affairs must be notified within 30 days of the breach if it affects 500 or more individuals.
  • Written notice of the breach must include:
      • A synopsis of the events surrounding the breach
      • Number of individuals in Florida affected
      • Services offered without charge and instructions on how to use them
      • A copy of the notice sent to consumers affected
      • Contact information for people to call with questions

These are just some of the items covered and we encourage readers in Florida to check out all the details, especially if you have employee and customer information that needs to be properly protected as a result of the introduction of this legislation.

But in digging deeper, there are a couple of things that really popped out at us:

  1. Organizations will also have to file a police, incident or computer forensics report of the incident and include a copy of the policies they have in place about security breaches and what they’ll do to rectify the breach. This is a public disclosure of how an organization protects their information. If there’s no policy in place, there could be some serious repercussions for the organization if enough steps weren’t taken to secure information in the first place.
  2. It’s not just the organization that’s on the hook for keep information properly secure. If there are 3rd party vendors that have access to company information and they’re the source of the leak, they’re mandated to comply with the disclosure rules. And the primary company is just as culpable and responsible for the disclosure. Net-net – if your 3rd party vendor or supplier loses your customer data, you’re just as at fault as that vendor for not ensuring they were following the same policies your organization should be following.

The last part about this new law that reinforces the fact businesses in Florida should take it seriously? It has teeth. “The penalty for not abiding by these rules is $1,000 each day for the first 30 days following any violation of the notice requirements, and $50,000 for each subsequent 30-day period or portion thereof up to 180 days. The maximum penalty for violation of this Act is $500,000.”

If you’re a business based in Florida, or an organization that does business in Florida and store customer data, it’s now more important than ever that you implement security policies to protect that data in the event of a breach.

As always, from WinMagic’s perspective, the strongest foundation for any security solution should always start with encryption. This is the best option for most companies regarding this new law because any information that is encrypted or secured properly is exempt from the disclosure laws. The rationale is that the information is useless without the proper tools or keys to decrypt.

So what’s the easiest way to help be compliant? Encrypt your data.

Previous Post
Enlightenment at Gartner Security & Risk Management Summit
Next Post
Partner Speak – Issue 02 – July 2014

Related Posts

How Secure is Your Website?

In today’s world a large amount of transactions are made online, and companies need to focus on securing their customer’s personal information. Even though encrypted web pages may be used, which are developed to prevent third parties from accessing customer…
Read more

Data Breach Law

A new American law that would create a protocol of how a data breach is handled may be soon in play.. President Barrack Obama called for a federal legislation on Monday, January 12th that would standardize how a data breach…
Read more

Happy Data Privacy Day!

Today, organizations across the United States, Canada and Europe are all observing Data Privacy Day, created and led through Stay Safe Online and the National Cyber Security Alliance. DPD is an international effort centered on the vision of respecting privacy,…
Read more

Building Support

We’ve teased about the SecureDoc updates coming next week, but it’s going to be more than just about updates to our software. (more…)
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Contact Us

This will close in 0 seconds