Florida Enacts New Breach Notification Law Increasing Reporting Obligations and Liability
Joining other states which have recently strengthened their data security laws, Florida has enacted a law requiring written notice to the Department of Legal Affairs if more than 500 Florida residents are affected by a breach as well as notifying the individuals affected within 30 days. Additionally, companies must offer written proof to the Department of Legal Affairs when a breach has not resulted in or isn’t likely to result in identity theft or other financial harm – though they don’t have to notify their customers.
Includes medical and healthcare info
Katie Riley, an attorney, writing on adlawaccess.com (link to article) notes the new law “revises the definition of personal information to include medical and health insurance information and an individual’s user name or email address in combination with [a] password or security question and answer.”
It also “requires that third-party agents notify a company of a breach of security within 10 days, and, although the third-party agent may provide the required notice, the company is ultimately responsible for any failure by the agent to provide proper notice.”
Penalties for violation
Violation of the law gives Florida’s attorney general the power to “bring actions for a declaratory judgment, injunction, or actual damages.
“These remedies are, in addition to the civil penalties the Department may assess, up to $500,000, for failure to comply with…notice requirements.”
ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.