Mandated Timeframe for Breach Reporting and/or Consumer Notification
Within 30 days
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Program for Protection/Security
Vendor Specific Obligations
Vendor Mandated Contracts
Requests for Information
Fines & Penalties
Violations of breach and notification laws:
- $1,000 per day up to $500,000
None to minimal
Florida’s definition of “personal information” includes: a user name or e-mail address in addition to a password or security question that would permit access to an online account.
Reporting to the Department of Legal Affairs within the Attorney General’s office must be done if the breach involves over 500 Florida residents.
If an entity discovers circumstances requiring notice of more than 1,000 individuals at a single time, all consumer reporting agencies that compile and maintain files on those affected consumers must be notified on the incident.
Vendors are held to the same data protection requirements as data owners.
If a vendor is breached, they must notify the data owner within 10 days of discovery.
Specific requirements are associated regarding driver’s licences and the personal information conveyed through “swiping” the ID card.
Specific health information requirements may be applicable.
If the breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
FL Stat § 282.318 Information Technology Security Act
FL Stat § 322.143 Use of a driver license or identification card
FL Stat § 408.051 Florida Electronic Health Records Exchange Act
FL Stat § 501.171 Security of confidential personal information