Alert on the Florida Information Protection Act of 2014 warns businesses to take proactive measures immediately
Cleveland, Ohio (June 23, 2014) – Florida data breach notification law will soon be replaced by more stringent and encompassing law, and it is imperative for businesses to be proactive in their data security measures in order to remain compliant. That is the warning issued in an alert – Florida raises the bar on data privacy, security and breach notification with passage of new law – earlier today. The alert, issued by McDonald Hopkins’ national Data Privacy and Cybersecurity Practice, details the law’s new requirements and recommends proactive steps that should be taken immediately.
The “Florida Information Protection Act of 2014” (FIPA) was signed into law by Florida Governor Rick Scott on June 20, 2014, after it received unanimous support by the legislature. FIPA will take effect on July 1, 2014, replacing Florida’s existing data breach notification law and dramatically increasing the breadth of the law. New requirements under FIPA include a shorter timeline to notify affected individuals, an expanded definition of “personal information,” its application to “covered entities,” a mandatory notice to the Florida Attorney General and production of proactive measures, third-party vendor notification, and the ability for Florida’s Department of Legal Affairs to bring an action under the Unfair and Deceptive Trade Practices statute for any violations of Florida’s new law.
Businesses are urged to take proactive measures in their data security immediately. A few recommended steps include performing risk analysis to assess potential risks to all personal information, updating privacy policies and procedures, implementing procedures to identify and respond to data privacy incidents, and reviewing all vendor and business associate relationships to ensure appropriate agreements are in place. It is also important to properly train members of your workforce, encrypt personal information, avoid unnecessary disclosures of personal information, and obtain cyber insurance. Do not assume that the federal regulatory exemption applies; you must still comply with FIPA.
The alert was co-authored by James J. Giszczak, Dominic A. Paluzzi and Adam C. Smith of McDonald Hopkins’ national Data Privacy and Cybersecurity Practice. Our experienced attorneys keep clients informed about the rapidly changing data privacy and security environment in which complex privacy laws must be understood and followed.
About the Data Privacy and Cybersecurity team at McDonald Hopkins
The firm’s national Data Privacy and Cybersecurity team has counseled clients in nearly every industry through hundreds of privacy matters. McDonald Hopkins has a 24/7 hotline – 855-MH-DATA1 (855-643-2821) – if your company has a data breach or privacy incident. We live data privacy law 24/7.
About McDonald Hopkins
McDonald Hopkins has offices in Chicago, Cleveland, Columbus, Detroit, Miami, and West Palm Beach, as well as a subsidiary, McDonald Hopkins Government Strategies LLC, which is based in Washington, D.C. and led by former Congressman Steven LaTourette. McDonald Hopkins Government Strategies is not a law firm and does not provide legal services.
For more information about McDonald Hopkins, visit mcdonaldhopkins.com.