- February 5, 2016
Data breaches like the ones that made recent national headlines, from Target to Home Depot to Sony, might soon have a more direct impact on businesses in Florida.
Not necessarily from a breach, but from a new state law that covers what happens after a breach. The legislation, The Florida Information Protection Act of 2014, requires companies to take reasonable measures to protect personal data, such as encrypting it or removing personally identifiable information. Any data breach that impacts 500 or more individuals must be reported to the Florida Department of Legal Affairs within 30 days, and companies must supply forensic reports regarding internal breach policies.
There's more: In many circumstances, a company must also notify individuals whose information is compromised within 30 days. If the breach involves more than 1,000 individuals, all credit reporting agencies must be informed. Failure to comply with any regulation, according to the law, could result in fines of up to $500,000.
That's a lot to digest for a small business that can easily have 500 customer accounts.
“Any business that stores individuals' personal information needs to take immediate steps to create a data breach plan that complies with the new Florida law and which contemplates prevention, containment and resolution,” Shumaker, Loop & Kendrick attorney Michael Taaffe says in a statement.
Taaffe, a nationally known securities law attorney based in Sarasota, leads a newly formed seven-person practice group at Shumaker to help businesses respond quickly and properly when customer information is compromised. The firm, in the statement, says a data breach could be the most serious threat a business can face.
The firm's data breach team will handle legal issues over the breach, and can also oversee forensic teams investigating the lost data. “In our wired world, sooner or later, a breach is bound to occur,” says Taaffe. “Florida companies need to match the proactive steps taken by the Legislature to protect the lifeblood of their business — the customer.”