- December 18, 2025
-
-
Loading
Loading
Data breaches like the ones that made recent national headlines, from Target to Home Depot to Sony, might soon have a more direct impact on businesses in Florida.
Not necessarily from a breach, but from a new state law that covers what happens after a breach. The legislation, The Florida Information Protection Act of 2014, requires companies to take reasonable measures to protect personal data, such as encrypting it or removing personally identifiable information. Any data breach that impacts 500 or more individuals must be reported to the Florida Department of Legal Affairs within 30 days, and companies must supply forensic reports regarding internal breach policies.
There's more: In many circumstances, a company must also notify individuals whose information is compromised within 30 days. If the breach involves more than 1,000 individuals, all credit reporting agencies must be informed. Failure to comply with any regulation, according to the law, could result in fines of up to $500,000.
