What Do You Know About Florida’s Information Protection Statute?


DISCLAIMER: The columnist of this commodity is an admonition aegis specialist, not an attorney. The opinions independent in this commodity should not be construed as acknowledged advice. The clairvoyant should argue with a accountant advocate if acknowledged admonition is appropriate about to 501.171.


Florida’s law-makers created a statute (501.171) that acutely places the albatross of advancement the acquaintance of electronically stored “personally identifiable information” (or PII) on business owners and organizations.

The law basically requires a aggregation yield “reasonable measures” to assure the arcane admonition that you authority on employees, barter and others. Specifically, the law states that “Each covered entity, authoritative article or third-party abettor shall yield reasonable measures to assure and defended abstracts in cyberbanking anatomy absolute claimed information.”

People are alpha to apprehend just how important it is that admonition be candy in a safe and defended manner. Financial losses from cybercrime and the actionable use of admonition now beat the absolute of the actionable biologic trade. The botheration is accepting worse.

Cybercriminals can and do inflect irreparable abuse on individuals, companies and civic security. Florida’s aloofness law was accounting to abode the issue. Most companies and organizations are advised to be covered entities beneath the law. However, actual few are acquainted of what accept to be done to comply.

Please agenda the abnegation account below:

A accurate account of 501.171 reveals that a “covered entity” bureau a sole proprietorship, partnership, corporation, trust, estate, accommodating affiliation or added bartering article that acquires, maintains, food or uses claimed information. A covered article may cover a authoritative agency.

The Florida law requires that if a covered article adventures a aegis aperture affecting added than 500 people, that article accept to address the amount to the Department of Acknowledged Affairs. Added requirements are defined in the transcript. Various fines, affiliated to an unreported aegis breach, can ambit as top as $250,000.00.

Owners, admiral and managers accept a fiduciary albatross to become ancestors with Florida’s aloofness act. To abstain it would be acutely childish and fool hearty.

You should accede establishing an admonition aegis plan that can accommodated the analysis of demography “reasonable measures” to assure alone identifiable admonition if you are unaware.

Managers can absolute or even abstain cogent accident to their admonition basement by demography the afterward reasonable aegis measures to assure the organization:

1. Establish an admonition aegis policy.

2. Inventory all admonition assets.

3. Classify all admonition assets as to their criticality.

4. Apparatus analytic and concrete admission controls.

5. Use arrangement firewalls and advance apprehension devices.

6. Defended the accessible workspace.

7. Assure abstracts in transit.

8. Manage adaptable computing.

9. Create an adventure acknowledgment plan.

10. Accept a abstracts back and apology plan for all mission analytical information.

11. Develop a plan to abandon or abort exceptionable data.

12. Develop and apparatus a aegis acquaintance affairs for all employees.

Federal and accompaniment organizations are alpha to acknowledge to demands from the accessible to assure alone identifiable information. In about all cases the accountability has collapsed on the amateur of the business owner, admiral and managers. Admonition aegis should be advised like any added business action (e.g. accounting, finance, manufacturing). Anything beneath places an alignment at risk.