It is of no surprise that as technology continues to advance, so does the
ability for hackers to steal valuable consumer information. Florida lawmakers,
recognizing this prevalent issue, passed the Florida Information Protection
Act of 2014, Senate Bill 1524. This bill was recently signed by Governor
Rick Scott and became effective July 1, 2014.
The purpose of the Act is to protect Florida consumers from identify theft.
The Act does so by imposing strict requirements on Florida businesses.
Specifically, the Act requires businesses to take reasonable measures
to protect and secure personal information data. Further, the Act requires
that upon determination of a data breach, businesses must report the breach
to the Florida Department of Legal Affairs and give notice to the individual
within 30 days. Although the Act carves out specific exceptions to the
general requirements, there are harsh penalties for violators.
A violation of the act is considered a violation of the Florida Deceptive
and Unfair Trade Practices Act ("FDUTPA"). Upon the finding
of a violation, an individual may be entitled to $1000 per day the breach
goes undisclosed up to 30 days, $50,000 per 30-day period thereafter the
breach goes undisclosed up to 180 days; and if notice is not made within
180 days, an amount not to exceed $500,000. These steep penalties are
imposed with the hopes that businesses will take these issues seriously
and protect valuable consumer information.