Jeffrey L. PostonEvan D. WolffRobin B. CampbellKate M. Growley, CIPP/G, CIPP/US

On June 20, 2014, Florida enacted the Florida Information Protection Act of 2014 (FIPA) to strengthen its data breach notification law. The amendments, which take effect July 1, will make Florida one of the strictest jurisdictions for reporting deadlines (which shortens to 30 days) and the types of information that trigger notification obligations (Which now includes medical information and email addresses with information that permit account access). The amendment coincides with other state efforts to strengthen or enact data protection laws, and federal regulator attempts to ratchet up enforcement efforts – such as the significant increase in FTC and HHS actions. FIPA therefore serves as a reminder that companies should update their policies and incident response plans accordingly and must continue to monitor the rapidly evolving patchwork of data laws. Perhaps more importantly, FIPA also indicates that states may continue to enact increasingly stringent laws in the absence of comprehensive national breach legislation. Please read the full alert analyzing the changes in FIPA (and what stayed the same) on Crowell’s website here.