Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 30 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws:
- $1,000 per day up to $500,000

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Reporting must be done, if the breach involves 500 residents or more.
  • Florida has a rather extensive definition of “personal information”, which includes: a user name or e-mail address in addition to a password or security question that would permit access to an online account.
  • If an entity discovers circumstances requiring notice of more than 1,000 individuals at a single time, all consumer reporting agencies that compile and maintain files on those affected consumers must be notified of the incident.
  • Vendors are held to the same data protection requirements as data owners and must report a breach to the data owner within 10 days upon discovery.
  • Reporting to the consumer reporting agencies may be required with specific information.
  • Specific requirements are associated regarding driver’s licences and the personal information conveyed through “swiping” the ID card.
  • Specific health information requirements may be applicable.
  • If a vendor is breached, they report it to the data owner. The data owner is still required to cooperate.
  • If the breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • FL Stat § 282.318 Information Technology Security Act
  • FL Stat § 322.143 Use of a driver license or identification card
  • FL Stat § 408.051 Florida Electronic Health Records Exchange Act
  • FL Stat § 501.171 Security of confidential personal information
BAck to map