The creator of this text is an data safety specialist, not an lawyer. The opinions contained on this article shouldn’t be construed as authorized recommendation. The reader ought to seek the advice of with a licensed lawyer if authorized counsel is required relative to FS 501.171.
Cybercriminals prowl the Internet in search of openings in laptop programs to take advantage of. They need to steal, alter, destroy or in any other case illicitly acquire entry to the confidential data held by companies and organizations. Both vulnerabilities and threats are rising. Law enforcement officers have been unable to place a “dent” in cybercrime.
Law-makers in Florida, nevertheless, have determined who ought to have the lion’s share of the accountability for shielding PII (or Personally Identifiable Information). Individuals now have the accountability of defending confidential data if they’re a “covered entity” or enterprise in Florida.
Do you understand what the regulation (FS 501.171) requires? Are you a “covered entity under Florida law?” Is your knowledge processing system set as much as be in compliance with Florida’s privateness regulation? Can you show that you’ve got taken the “reasonable measures” that the regulation requires to guard the confidential data that you just possess on staff, clients and others?
Is your data system robust sufficient to discourage a cyber assault?
Would you efficiently have the ability to defend your self towards a compliance audit?
What are you able to in any other case do?
You can seek the advice of with an lawyer to find out if you’re lined by the provisions of Florida’s Information Privacy Act. The smart and prudent factor to do could be to imagine that if you’re buying or sustaining confidential private knowledge on individuals, you’re seemingly thought of to be a lined entity.
Florida’s regulation features a prolonged definition as to what’s protected. It is: any materials, no matter bodily type, on which private data is recorded or preserved by any means, together with, however not restricted to, written or spoken phrases, graphically depicted, printed or electromagnetically transmitted which can be offered by a person for the aim of buying or leasing a product or acquiring a service.
The private data lined below Florida’s Privacy Act would come with an individual’s social safety quantity, a driver’s license or identification card quantity, passport quantity, navy identification card or different related paperwork used to confirm identification. Additionally included are monetary account numbers, credit score or debit card numbers with any required safety codes, entry code, or password that’s crucial to allow entry to a person account; any data relating to a person’s medical historical past, psychological or bodily situation, or medical remedy or prognosis by a person’s well being care skilled; or a person’s medical health insurance coverage quantity or subscriber identification quantity and an distinctive identifier utilized by a well being insurer to establish the person.
The storage of confidential data would seem to incorporate all “hard copy” or paper information and people saved by a cloud service. The lined entity is solely liable for securing the knowledge it collected and can’t switch its obligations to a 3rd get together (similar to a cloud storage firm).
FS 501.171 states that every lined entity, governmental entity or third-party agent shall take affordable measures to guard and safe knowledge in digital type that comprises private data.
The Law states, amongst different provisions, how the breaches might be reported to authorities (together with the variety of compromised information and notification necessities). Possible fines are included.
Florida’s Information Privacy Act, FS 501.171 requires that organizations should take affordable measures to deal with confidential data. The Law would not exactly dictate, nevertheless, the main points of what data insurance policies and procedures ought to be used.
There are various data safety controls and requirements, none of which carry the power of regulation. However, many are thought of to be very strong safety fashions which can be utilized in enterprise and business. Organizations, within the opinion of the creator, ought to at the very least have an data safety coverage.
Otherwise, steering from administration is probably going absent. Meeting the take a look at of “reasonable” measures to guard below the FS 501.171 could be difficult if the group had failed to handle the subject of the way it formally dealt with or processed confidential data.
You ought to at all times take aggressive steps towards doable intruders and shield the confidential data in your possession.