Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 30 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach notification laws:
- $1,000 per day up to $500,000

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Florida’s definition of “personal information” includes: a user name or e-mail address in addition to a password or security question that would permit access to an online account.
  • Reporting to the Department of Legal Affairs within the Attorney General’s office must be done if the breach involves over 500 Florida residents.
  • If an entity discovers circumstances requiring notice of more than 1,000 individuals at a single time, all consumer reporting agencies that compile and maintain files on those affected consumers must be notified on the incident.
  • Vendors are held to the same data protection requirements as data owners.
  • If a vendor is breached, they must notify the data owner within 10 days of discovery.
  • Specific requirements are associated regarding driver’s licences and the personal information conveyed through “swiping” the ID card.
  • Specific health information requirements may be applicable.
  • If the breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • FL Stat § 282.318 Information Technology Security Act
  • FL Stat § 322.143 Use of a driver license or identification card
  • FL Stat § 408.051 Florida Electronic Health Records Exchange Act
  • FL Stat § 501.171 Security of confidential personal information
BAck to map