News coverage surrounding data breaches is becoming more frequent and with that the reality of a data breach is hitting close to home for many businesses. A breach can occur in many ways, such as lost or stolen data, hacking, fraud, improper disposal of data and errant e-mails. Last year the Florida Governor signed the Florida Information Protection Act of 2014 (SB 1524). This amended Florida’s breach notification statute (Fla. Stat. §501.171 “Security of confidential personal information”) effective July 1, 2014.
Fla. Stat. §501.171 broadens the definition of “personal information” as well as provides for a 30 day deadline to notify affected individuals (note this is a general deadline and may vary depending upon individual circumstances as noted in Fla. Stat. §501.171). This statute includes a requirement to provide to the Florida Attorney General upon request copies of forensic reports and policies surrounding breaches. Florida also now requires “reasonable measures to protect and secure” information which includes properly disposing of information.
It is strongly advised that you meet with an attorney and an IT expert to create policies for employees, independent contractors and vendors to follow to protect information as well as to create a data breach response plan should you encounter a breach. With these items in place, should you have a data breach, you will be able provide documentation to the Attorney General and aggrieved parties of the policies you created to protect said data and the steps you took following the breach.
It is also strongly advised that if you experience a breach you contact your attorney to assist you. Your attorney will make sure you meet all requirements, deadlines, assist in filing extensions, assist in notifications and will represent you during any audits and/or litigation which may arise following the breach. Your attorney can also help manage your business’ image/reputation with clients and navigate how to handle media coverage. For details on managing the public relations of a data breach, read this blog:
Also keep in mind that if you have individuals who are clients of your business in the state of Florida but they reside in another state, then you must take into account the data breach laws of those states as well. This is another reason why it would be wise to consult legal counsel and have your attorney assist you in complying with all relevant laws. In the state of Florida, violations of the notification laws could result in civil penalties up to $500,000.
Although the idea of a data breach is daunting, you should not push it aside to deal with another day. With so much at stake, there is no reason not to take precautionary measures. So contact an attorney, an IT expert and gather input from employees on what they think might be weak spots that can be improved on. Then start implementing policies for employees to follow to protect information and create a data breach response plan. There is no better day than today to protect your business and your clients!