Florida information privacy law
Website design By BotEap.com________________________________________________
Website design By BotEap.comThe author of this article is an information security specialist, not a lawyer. The opinions contained in this article should not be construed as legal advice. The reader should consult with a licensed attorney if legal advice is required in connection with FS 501.171.
________________________________________________ Website design By BotEap.comCybercriminals prowl the Internet looking for opportunities in computer systems to exploit. They want to steal, alter, destroy or illegally gain access to confidential information held by companies and organizations. Both vulnerabilities and threats are growing. Law enforcement officials have been unable to “make a dent” in cybercrime. Website design By BotEap.comHowever, Florida lawmakers have decided who should have the most responsibility for protecting PII (or personally identifiable information). Individuals now have a responsibility to protect confidential information whether they are a “covered entity” or a business in Florida. Website design By BotEap.comDo you know what the law requires (FS 501.171)? Is it an “entity covered by Florida law”? Is your data processing system configured to comply with Florida privacy law? Can you prove that you have taken the “reasonable steps” required by law to protect the confidential information you have about employees, customers and others? Website design By BotEap.comIs your information system strong enough to deter a cyber attack? Website design By BotEap.comWould you be able to successfully defend yourself against a compliance audit? Website design By BotEap.comWhat can you do differently? Website design By BotEap.comYou may consult with an attorney to determine if you are covered by the provisions of the Florida Information Privacy Act. The wisest and most prudent thing to do would be to assume that if you are acquiring or maintaining confidential personal data of individuals, you are likely to be considered a covered entity. Website design By BotEap.comFlorida law includes an extensive definition of what is protected. It is: any material, regardless of its physical form, in which personal information is recorded or preserved by any means, including, but not limited to, words written or spoken, represented graphically, printed or transmitted electromagnetically that are provided by a person for the purpose to buy or lease a product or obtain a service. Website design By BotEap.comPersonal information covered by the Florida Privacy Law would include a person’s social security number, a driver’s license or identification card number, passport number, military identification card, or other similar documents used to verify identity. . In addition, financial account numbers, credit or debit card numbers are included with any security code, access code or password necessary to allow access to an individual account; any information relating to an individual’s medical history, mental or physical condition, or medical diagnosis or treatment by an individual’s health care professional; o the health insurance policy number of a person or the subscriber identification number and a unique identifier used by a health insurer to identify the person. Website design By BotEap.comConfidential information storage would appear to include all “hardcopy” or paper records and those stored by a cloud service. The covered entity is solely responsible for protecting the information it collected and cannot transfer its responsibilities to a third party (such as a cloud storage company). Website design By BotEap.comFS 501.171 states that each covered entity, government entity, or outside agent will take reasonable steps to protect and secure data in electronic form that contains personal information. Website design By BotEap.comThe Law establishes, among other provisions, how violations will be reported to the authorities (including the number of compromised records and notification requirements). Possible fines are included. Website design By BotEap.comThe Florida Information Privacy Act, FS 501.171 requires organizations to take reasonable steps to handle confidential information. However, the Law does not precisely dictate the details of what information policies and procedures should be used. Website design By BotEap.comThere are a number of information security controls and standards, none of which have the force of law. However, many are considered very strong security models used in business and industry. Organizations, in the author’s opinion, should at least have an information security policy. Website design By BotEap.comIf not, management guidance may not exist. Meeting the “reasonable” measures to protect test under FS 501.171 would be challenging if the organization had not addressed the issue of how it officially handled or processed confidential information. Website design By BotEap.comYou should always take aggressive action against potential intruders and protect confidential information in your possession.
________________________________________________ Website design By BotEap.comCybercriminals prowl the Internet looking for opportunities in computer systems to exploit. They want to steal, alter, destroy or illegally gain access to confidential information held by companies and organizations. Both vulnerabilities and threats are growing. Law enforcement officials have been unable to “make a dent” in cybercrime. Website design By BotEap.comHowever, Florida lawmakers have decided who should have the most responsibility for protecting PII (or personally identifiable information). Individuals now have a responsibility to protect confidential information whether they are a “covered entity” or a business in Florida. Website design By BotEap.comDo you know what the law requires (FS 501.171)? Is it an “entity covered by Florida law”? Is your data processing system configured to comply with Florida privacy law? Can you prove that you have taken the “reasonable steps” required by law to protect the confidential information you have about employees, customers and others? Website design By BotEap.comIs your information system strong enough to deter a cyber attack? Website design By BotEap.comWould you be able to successfully defend yourself against a compliance audit? Website design By BotEap.comWhat can you do differently? Website design By BotEap.comYou may consult with an attorney to determine if you are covered by the provisions of the Florida Information Privacy Act. The wisest and most prudent thing to do would be to assume that if you are acquiring or maintaining confidential personal data of individuals, you are likely to be considered a covered entity. Website design By BotEap.comFlorida law includes an extensive definition of what is protected. It is: any material, regardless of its physical form, in which personal information is recorded or preserved by any means, including, but not limited to, words written or spoken, represented graphically, printed or transmitted electromagnetically that are provided by a person for the purpose to buy or lease a product or obtain a service. Website design By BotEap.comPersonal information covered by the Florida Privacy Law would include a person’s social security number, a driver’s license or identification card number, passport number, military identification card, or other similar documents used to verify identity. . In addition, financial account numbers, credit or debit card numbers are included with any security code, access code or password necessary to allow access to an individual account; any information relating to an individual’s medical history, mental or physical condition, or medical diagnosis or treatment by an individual’s health care professional; o the health insurance policy number of a person or the subscriber identification number and a unique identifier used by a health insurer to identify the person. Website design By BotEap.comConfidential information storage would appear to include all “hardcopy” or paper records and those stored by a cloud service. The covered entity is solely responsible for protecting the information it collected and cannot transfer its responsibilities to a third party (such as a cloud storage company). Website design By BotEap.comFS 501.171 states that each covered entity, government entity, or outside agent will take reasonable steps to protect and secure data in electronic form that contains personal information. Website design By BotEap.comThe Law establishes, among other provisions, how violations will be reported to the authorities (including the number of compromised records and notification requirements). Possible fines are included. Website design By BotEap.comThe Florida Information Privacy Act, FS 501.171 requires organizations to take reasonable steps to handle confidential information. However, the Law does not precisely dictate the details of what information policies and procedures should be used. Website design By BotEap.comThere are a number of information security controls and standards, none of which have the force of law. However, many are considered very strong security models used in business and industry. Organizations, in the author’s opinion, should at least have an information security policy. Website design By BotEap.comIf not, management guidance may not exist. Meeting the “reasonable” measures to protect test under FS 501.171 would be challenging if the organization had not addressed the issue of how it officially handled or processed confidential information. Website design By BotEap.comYou should always take aggressive action against potential intruders and protect confidential information in your possession.