Florida Governor Rick Scott has signed into law The Florida Information Protection Act of 2014 (FIPA) which requires companies to take reasonable measures to protect and secure data containing personal information in electronic form and requires notice to individuals of data security breaches under certain circumstances. This new law repeals the State’s current data security breach law and becomes effective July 1, 2014. Once enacted, FIPA will be one of the nation’s broadest, most aggressive, and most encompassing breach laws.
Among other measures, the law will allow the Florida Attorney General to require a copy of an incident or forensic report, along with copies of companies' policies and procedures at the time of the data breach. This unique measure is indicative of the nationwide movement not only toward stricter data security breach laws, but also toward the government mandate for increased corporate governance and effective and efficient compliance protocols.
Tom Hibarger, Managing Director in the Washington, DC office of Stroz Friedberg, an investigations, intelligence, and risk management company, said, “FIPA codifies what businesses are hopefully already doing, that is, taking ‘reasonable measures to protect and secure data in electronic form containing personal information.’ As often is the case, the devil will be in the details with respect to what will be deemed to constitute ‘reasonable measures.’ At the very least we at Stroz Friedberg would recommend that businesses undertake a comprehensive and holistic information security risk assessment to gain a good understanding of where they are in their information security program and where the gaps may be.”