Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Sunshine State Puts Heat on Companies

Posted
ThreatMetrix
By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Florida Enacts New Breach Notification Law Increasing Reporting Obligations and Liability

Joining other states which have recently strengthened their data security laws, Florida has enacted a law requiring written notice to the Department of Legal Affairs if more than 500 Florida residents are affected by a breach as well as notifying the individuals affected within 30 days. Additionally, companies must offer written proof to the Department of Legal Affairs when a breach has not resulted in or isn’t likely to result in identity theft or other financial harm – though they don’t have to notify their customers.

Includes medical and healthcare info

Katie Riley, an attorney, writing on adlawaccess.com (link to article) notes the new law “revises the definition of personal information to include medical and health insurance information and an individual’s user name or email address in combination with [a] password or security question and answer.”

Third-party requirements

It also “requires that third-party agents notify a company of a breach of security within 10 days, and, although the third-party agent may provide the required notice, the company is ultimately responsible for any failure by the agent to provide proper notice.”

Penalties for violation

Violation of the law gives Florida’s attorney general the power to “bring actions for a declaratory judgment, injunction, or actual damages.

“These remedies are, in addition to the civil penalties the Department may assess, up to $500,000, for failure to comply with…notice requirements.”

ThreatMetrix
By ThreatMetrix Posted