Florida is home to white sand beaches, beautiful coastlines, and some of the biggest companies in the world. As of the most recent tally, Florida is also home to approximately 22 million people or 7% of the U.S. population. But despite the beautiful landscape and robust population, Florida struggles with significant cybercrime. According to the FBI, there were more than 1 million identity theft victims in Florida in 2020 alone, meaning over 2,000 Floridians’ information privacy was compromised each day.
As a result, Florida has enacted strict consumer privacy laws to protect Florida residents’ and businesses’ information and data privacy. In this blog post, the BrewerLong team will walk you through two of the key laws that help keep Florida residents safe online: the Florida Information Protection Act (FIPA) and the newly enacted Florida Privacy Protection Act.
If you have experienced a violation of your online privacy, please speak with one of our attorneys about your situation.
What Is the Florida Information Protection Act?
In 2014, the Florida legislature passed the Florida Information Protection Act (FIPA). FIPA requires companies to obtain consent before collecting any personal information from or about individuals and to notify them if information is collected. If any personal information is sold without consent, a company can be fined up to $1,000 per violation.
Types of Data Protected Under FIPA
Data protected under FIFA can include things like financial records, credit card information, medical records, phone numbers, email addresses, social security numbers, bank information, and driver’s license information. Any of these items can identify you and compromise your personal information and privacy.
In other words, if information can be used to identify you, it may be data protected under FIPA. If you are concerned that any of your personal information has been breached or leaked, speak with an intellectual property attorney as soon as possible.
FIPA Notice Requirements
If a business’ data or records are compromised, they must notify affected customers within 30 days of discovering a security incident. Companies are also expected to provide a notice for a breach affecting more than 500 users. For breaches involving more than 1,000 users, the company should send a notice to nationwide consumer credit reporting agencies.
FIPA Penalties for Noncompliance
Businesses can face serious fines for noncompliance. Fines under FIPA include $1,000 a day for the first 30 days. Fines go up to $50,000 for any 30-day period up to 180 days and then reach a maximum of $500,000 for violations exceeding 180 days.
What Is the Florida Privacy Protection Act?
How does the Florida Privacy Protection Act (FPPA) differ from FIPA? This law was introduced in January 2022 to enhance consumer privacy laws and the protections of FIPA. FPPA requires all businesses collecting consumer data to disclose what kind of data they collect from consumers or risk a $1,000 fine per failure.
In addition, the bill requires all businesses to notify affected customers about data breaches within 72 hours of learning about them. Furthermore, if any company fails to do so, it will be fined $1,000 every time it violates this rule.
Florida Privacy Protection Act Basics
FPPA provides that all the businesses or websites collecting personal data must provide users with information including:
- The type of data and specific information being collected, like name, address, or email;
- Places where the data was sourced, for example, the name of the social media site;
- Category of any third party with whom data will be shared; and
- The category of personal data that the company will share, if known.
If a business collects sensitive personal data like financial details, social security numbers, or medical records, then it should obtain permission from the user.
How Do Florida Consumer Privacy Laws Impact Your Business?
Florida businesses and any business outside Florida that controls or processes the data of Florida residents may be subject to FIPA and FPPA. The requirements for being subject to Florida’s consumer privacy laws include:
- Having global revenue of more than $25 million, excluding Florida revenue;
- Sharing personal data of 50,000 or more consumers, households, or devices; and
- Deriving more than half of your company revenues from sharing and processing personal data.
However, some businesses that would otherwise fall under these requirements may be exempt because they are covered by privacy regulations of other laws. Additionally, certain businesses regulated as bank holding companies or savings and loans may be exempt, as well as employers processing employee data and aggregate data processors.
As a small business owner, now is a perfect time to refresh your data privacy agreements and confirm that your data handling policies and procedures are in top form. Speaking with an intellectual property lawyer can also help clarify questions about what parts of FIPA and FPPA your business may be subject to.
How BrewerLong Can Help Your Florida Business
When it comes to understanding data privacy, BrewerLong can help. We give every client the close personal attention they deserve so we can provide clear and practical guidance through the most complicated legal situations. Contact BrewerLong today, and we will focus on the law so you can focus on your business.
This blog post is provided on an “as is” and “as available” basis as of the date of publication. We disclaim any duty to update or correct any information contained in this blog post, including errors, even if we are notified about them. To the fullest extent permitted by law, we disclaim all representations or warranties of any kind, express or implied with respect to the information contained in this blog post, including, but not limited to, warranties of merchantability, fitness for a particular purpose, title, non-infringement, accuracy, completeness, and timeliness. We will not be liable for damages of any kind arising from or in connection with your use of or reliance on this blog post, including, but not limited to, direct, indirect, incidental, consequential, and punitive damages. You agree to use this blog post at your own risk. Regarding your particular circumstances, we recommend that you consult your own legal counsel–hopefully BrewerLong.