Liovess.com

We create innovations.

About Me

Dashy

Hello word I am dashy Guy

Tours Travel

Florida information privacy law
admin
4 mins

________________________________________________

The author of this article is an information security specialist, not a lawyer. The opinions contained in this article should not be construed as legal advice. The reader should consult with a licensed attorney if legal advice is required in connection with FS 501.171.
________________________________________________

Cybercriminals prowl the Internet looking for opportunities in computer systems to exploit. They want to steal, alter, destroy or illegally gain access to confidential information held by companies and organizations. Both vulnerabilities and threats are increasing. Law enforcement officials have been unable to “make a dent” in cybercrime.

Florida lawmakers, however, have decided who should bear the majority of the responsibility for protecting PII (or personally identifiable information). Individuals now have a responsibility to protect confidential information whether they are a “covered entity” or a business in Florida.

Do you know what the law requires (FS 501.171)? Is it an “entity covered by Florida law”? Is your data processing system configured to comply with Florida privacy law? Can you prove that you have taken the “reasonable steps” required by law to protect the confidential information you have about employees, customers and others?

Is your information system strong enough to deter a cyber attack?

Could you successfully defend against a compliance audit?

What can you do differently?

You may consult with an attorney to determine if you are covered by the provisions of the Florida Information Privacy Act. The wisest and most prudent thing to do would be to assume that if you are acquiring or maintaining confidential personal data of individuals, you are likely to be considered a covered entity.

Florida law includes an extensive definition of what is protected. It is: any material, regardless of its physical form, in which personal information is recorded or preserved by any means, including, but not limited to, words written or spoken, represented graphically, printed or transmitted electromagnetically that are provided by an individual for the purpose to buy or lease a product or obtain a service.

Personal information covered by Florida’s Privacy Law would include a person’s social security number, a driver’s license or identification card number, passport number, military identification card, or other similar documents used to verify identity. . In addition, financial account numbers, credit or debit card numbers are included with any security code, access code or password necessary to allow access to an individual account; any information relating to a person’s medical history, mental or physical condition, or medical diagnosis or treatment by a person’s health care professional; o a person’s health insurance policy number or subscriber identification number and a unique identifier used by a health insurer to identify the person.

Confidential information storage would appear to include all “hard copy” or paper records and those stored by a cloud service. The covered entity is solely responsible for securing the information it collected and cannot transfer its responsibilities to a third party (such as a cloud storage company).

FS 501.171 states that each covered entity, government entity, or outside agent shall take reasonable steps to protect and secure data in electronic form that contains personal information.

The Law establishes, among other provisions, how infractions will be reported to the authorities (including the number of compromised records and notification requirements). Possible fines are included.

The Florida Information Privacy Act, FS 501.171 requires organizations to take reasonable steps to handle confidential information. However, the Law does not precisely dictate the details of the information policies and procedures that must be used.

There are a number of information security controls and standards, none of which have the force of law. However, many are considered very robust security models used in business and industry. Organizations, in the author’s opinion, should at least have an information security policy.

Otherwise, management guidance may not exist. Meeting the “reasonable” measures to protect test under FS 501.171 would be challenging if the organization had not addressed the issue of how it officially handled or processed confidential information.

You should always take aggressive action against potential intruders and protect confidential information in your possession.

Share :

Leave a Reply

Your email address will not be published. Required fields are marked *