Florida
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Within 30 days
FINES & PENALTIES – Violations
$1,000 – $500,000 per day
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
Florida Privacy Law Information
Florida’s definition of “personal information” includes a user name or e-mail address in addition to a password or security question that would permit access to an online account.
Organizations and Vendors must take reasonable measures to protect and secure personal information in their possession. Disposal of personal information must involve shredding, erasing, or otherwise modifying the personal information making the information unreadable or undecipherable. Organizations must contract with Vendors to whom the Organization discloses personal information. Organizations and Vendors must have measures in place for the secure disposal of records containing personal information when the records no longer need to be retained.
Individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must provide organizations with all necessary information regarding a breach. In addition, they must notify organizations within 10 days after discovery of a breach or suspected breach.
The Vendor may provide consumer notification and/or regulatory reporting on behalf of the Organization. However, any failure of the Vendor to provide proper consumer notification and/or regulatory reporting is a violation against the Organization. Reporting to the Department of Legal Affairs within the Attorney General’s office must b done if the breach involves over 500 Florida residents. If an Organization discovers circumstances required notice of more than 1,000 individuals at a single time, all consumer reporting agencies that compile and maintain files on those affected consumers must be notified of the incident.
Organizations may be fined or penalized for Vendor violations. The Department of Legal Affairs within the Office of the Attorney General can fine or penalize an Organization or Vendor for a violation of Florida Statute § 501.171. Violations will be treated as an unfair and deceptive trade practice.
Florida Statutes and Laws
Information Technology Security Act
Use of a Driver’s License or ID Identification Card
Florida Electronic Health Records Exchange Act
Security of Confidential Personal Information
Definitions
Requirements for Data Security
Notice by Vendors; Duties of Vendors
Consumer Protection – Remedies of enforcing authority
Insurance rates and contracts – genetic information for insurance purposes
Protecting DNA privacy act; discrimination in the treatment of persons – genetic testing; definitions; express consent required; confidentiality; notice of use of results.
Fraudulent practices – unlawful use of DNA; penalties; exceptions.
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.