Florida Governor Rick Scott recently signed the Florida Information Protection Act of 2014 (SB 1524, the “Act”) into law, amending Florida’s breach notification statute effective July 1, 2014. The amendments are significant, including the first statutory requirement to provide copies of forensic reports and “policies regarding breaches,” to the Florida Attorney General upon request, and the shortest deadline for individual notice (30 days) among state general breach notification requirements.
Through the Act, Florida also joins a number of other states in requiring that companies and government agencies subject to the requirements take steps to prevent data breaches through data security measures and secure disposal of personal information. As an immediate response to the amendments, all businesses and government entities that collect personal information of individuals “in Florida” should ensure that they have adopted and implemented an appropriate data security program and incident response plan. (Read more)