Governor Rick Scott signed the Florida Information Protection Act of 2014 on June 20. It goes into effect July 1, 2014.
The new law has been described by legal analysts as the broadest and most encompassing data protection law in the United States.
FIPA requires companies to take reasonable measures to protect the covered electronic data of Floridians. It also requires notifications to individuals of any security breaches involving their information. While those provisions as similar to data breach laws in other states, FIPA defines covered personal information differently.
In addition to the usual sensitive records (medical, social security numbers, and credit cards), FIPA includes a username and password that provides a login to an online service.
Should a breach occur, the organization has 30 days to notify effected individuals once the breach has been discovered. Any breach involving 500 or more individuals requires notifying the Florida Department of Legal Affairs, who will require a full breach investigation report and evidence, along with copies of applicable policies and procedures.
Companies will need to be aware of the provisions within the Florida Information Protection Act of 2014 to ensure they don’t find themselves out of compliance.
More information can be found here: