Florida
| Breach of Security | |
|---|---|
| CITATION | Florida Statute: § 817.5681 |
| ENACTED | 2005 |
| SUMMARY | Any person who conducts business in this state and maintains computerized data in a system that includes personal information shall provide notice of any breach of the security of the system, following a determination of the breach, to any resident of this state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The notification shall be made without unreasonable delay, consistent with the legitimate needs of law enforcement, or subject to any measures necessary to determine the presence, nature, and scope of the breach and restore the reasonable integrity of the system. Notification must be made no later than 45 days following the determination of the breach. |
| DATA COVERED |
Personal Information which is defined as an individual's first name, first initial and last name, or phone any middle name and last name, in combination with any one or more of the following data elements when the data elements are not encrypted:
|
| INDUSTRY | Any person who conducts business in Florida on their own behalf, or on behalf of another, and maintains computerized data in a system that includes personal information. |
| PENALTIES | Any person who fails to disclose a breach within 10 days after the determination of a breach is liable for an administrative fine of up to five hundred thousand dollars ($500,000), as follows: (1) In the amount of one thousand dollars ($1,000) for each day of the breach that goes undisclosed for up to 30 days, and, thereafter, fifty thousand dollars ($50,000) for each 30-day period or portion thereof for up to 180 days; (2) if disclosure is not made within 180 days, an administrative fine of up to five hundred thousand dollars ($500,000). |
