On June 20, 2014, Governor Rick Scott signed into law the Florida Information Protection Act of 2014 (“FIPA”), which became effective July 1, 2014. FIPA expands the obligations of businesses and government entities that maintain data containing personal information of individuals to safeguard and provide notice of breaches of such information. As a result, Florida now has one of, if not the most strict breach notification statutes in the country.

What should entities conducting business with Florida customers do to comply with FIPA?

  • Evaluate your current policies and security measures for electronic personal information and update them as necessary;
  • Develop new policies or update existing policies for identifying breaches and providing appropriate notification to affected individuals.
  • Ensure that your company is using proper methods to destroy or dispose of personal information;
  • Review and update your agreements with third party agents who maintain or transmit electronic personal information to address the new requirements of § 501.171, Florida Statutes, regarding notification of breaches suffered by the third party agent and what precautions the third party agent takes to safeguard and properly destroy data.
  • Review your liability policies to determine what coverage is available in the event of a breach. The cost to respond to a data breach continues to climb, and some insurers are revising their CGL policies to exclude coverage for data breaches. Separate cyber liability policies are available in the marketplace.

For more information about FIPA, click here.