A Brief Reminder About the Florida Information Protection Act Workplace Privacy Data Management Security Report

pAccording to one survey Florida is fourth on the list of states with the most reported data breaches No doubt data breaches continue to be a significant risk for all business large and small across the US including the Sunshine State Perhaps more troubling is that class action litigation is more likely to follow a data breach A common claim in those cases the business did not do enough to safeguard personal information from the attack So Florida businesses need to know about the Florida Information Protection Act FIPA which mandates that certain entities implement reasonable measures to protect electronic data containing personal informationppAccording to a Lawcom article ppThe monthly average of 2023 data breach class actions was 445 through the end of August up from 206 in 2022 ppWhile a business may not be able to completely prevent a data breach adopting reasonable safeguards can minimize the risk of one occurring as well as the severity of an attack Additionally maintaining reasonable safeguards to protect personal information strengthens the businesses defensible position should it face an government agency investigation or lawsuit after an attack  ppEntities Subject to FIPAppFIPA applies to a broad range of organizations includingpp       Covered Entities This encompasses any sole proprietorship partnership corporation or other legal entity that acquires maintains stores or uses personal informationso just about any business in the state There are no exceptions for small businesses pp       Governmental Entities Any state department division bureau commission regional planning agency board district authority agency or other instrumentality that handles personal informationpp       ThirdParty Agents Entities contracted to maintain store or process personal information on behalf of a covered entity or governmental entity This means that just about any vendor or third party service provider that maintains stores or processes personal information for a covered entity is also covered by FIPA ppDefining Reasonable Measures in FloridappFIPA requiresppEach covered entity governmental entity or thirdparty agent shall take reasonable measures to protect and secure data in electronic form containing personal informationppWhile FIPA mandates the implementation of reasonable measures to protect personal information it does not provide a specific definition leaving room for interpretation However guidance can be drawn from various sourcesppBest Practices for Implementing Reasonable SafeguardsppVery often various data security frameworks have several overlapping provisions With that in mind covered businesses might consider the following nonexhaustive list of best practices toward FIPA compliance Many of the items on this list will seem obvious even basic But in many cases these measures either simply have not been implemented or are not covered in written policies and procedures ppBy diligently implementing these practices entities can better protect personal information comply with Floridas legal requirements and minimize riskppJoseph J Lazzarotti is a principal in the Tampa Florida office of Jackson Lewis PC He founded and currently coleads the firms Privacy Data and Cybersecurity practice group edits the firms Privacy Blog and is a Certified Information Privacy Professional CIPP with theppJoseph J Lazzarotti is a principal in the Tampa Florida office of Jackson Lewis PC He founded and currently coleads the firms Privacy Data and Cybersecurity practice group edits the firms Privacy Blog and is a Certified Information Privacy Professional CIPP with the International Association of Privacy Professionals Trained as an employee benefits lawyer focused on compliance Joe also is a member of the firms Employee Benefits practice groupppIn short his practice focuses on the matrix of laws governing the privacy security and management of data as well as the impact and regulation of social media He also counsels companies on compliance fiduciary taxation and administrative matters with respect to employee benefit plansppFocused on labor and employment law since 1958 Jackson Lewis PCs 950 attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business We help employers develop proactive strategies strong policies and businessoriented solutions to cultivate highfunctioning workforces that are engaged stable and diverse and share our clients goals to emphasize inclusivity and respect for the contribution of every employeep