Florida State Data Privacy Laws
Florida’s data privacy laws protect consumers’ personal information, such as social security numbers and banking information, from unauthorized access. When data breaches occur, these laws also dictate how businesses or organizations must respond and notify consumers of the breach. Additionally, the law allows victims of data breaches to take legal action and recover damages for financial and emotional harm.
At Class Action U, we aim to simplify the legal process for individuals looking to file a lawsuit or join ongoing class action lawsuits. We work to connect data breach victims with our partner law firms, who are ready to handle their cases.
Florida’s Data Privacy Laws: An Overview
Under Florida law, businesses, government agencies, and third-party organizations must take reasonable steps to protect and secure consumers’ data if it contains personal information. Additionally, the law requires these entities to notify the government of any security breach affecting more than 500 people statewide within 30 days of discovering the breach. Businesses and organizations that experience data breaches must also provide notice within 30 days to affected individuals whose personal information was accessed. Violations of these laws qualify as unfair or deceptive trade practices.
Florida Information Protection Act (FIPA)
The Florida Information Protection Act of 2014 (FIPA) is Florida’s primary data breach notification law, providing procedures for the protection and security of Floridians’ sensitive personal information. “Personal information” can include a person’s full name in combination with their social security number, driver’s license number, banking information, medical information, or insurance information. It may also be a username or email address in combination with a password.
FIPA requires that covered entities, like businesses and some government agencies, give notice to every individual from Florida whose personal information may have been accessed due to the breach. The notification requirements are based on the number of individuals affected by the breach.
Florida Deceptive and Unfair Trade Practices Act (FDUTPA)
The Florida Deceptive and Unfair Trade Practices Act (FDUTPA) addresses unfair or deceptive practices, including those related to privacy breaches or inadequate data protection by businesses. The act modernized Florida’s laws on consumer protection, unfair methods of competition, and deceptive or unfair trade practices to protect consumers and legitimate businesses. Under FDUTPA, anyone whose data was breached in violation of the act has the right to file a legal action to obtain damages, attorney’s fees, and court costs.
Health Insurance Portability and Accountability Act (HIPAA) — Florida Application
While the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law, Florida strictly enforces its provisions related to medical data privacy and health information breach notifications. HIPAA Privacy Rules prohibit health care providers from using or disclosing a patient’s protected health information without written authorization, except for treatment, payment, and health care operations.
What Is Personal Information Under Florida Law?
Florida statutes comprehensively define personal information as it relates to data breaches. Protected data types include the combination of a person’s full name and any of the following:
- Social Security Number
- Driver’s license number, passport number, or other similar number issued on a government document used to verify identity
- Financial account number and password
- Medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional
- Health insurance policy number or any unique identifier used by a health insurer to identify the individual.
- A username or e-mail address and password
When Must Companies Notify You of a Data Breach in Florida?
Florida’s legal requirements for breach notification under FIPA generally give companies and other entities who have been breached 30 days to notify the Florida Department of Legal Affairs and consumers, unless doing so would interfere with investigations into the breach. These notices must include a description of the data breach, the types of information affected, the estimated number of people affected, contact information, and information on remedial actions taken to remedy the situation.
Your Privacy Rights as a Florida Resident
Florida consumers typically have a number of practical rights in relation to data breaches, including:
- The right to be notified promptly of a breach involving personal data.
- The right to credit monitoring services after a breach.
- The right to take legal action in cases of negligence.
- The right to protect themselves against identity theft.
How To File a Complaint or Take Legal Action in Florida
If your privacy rights have been violated or you have been a victim of a data breach in Florida, here are the most important steps to take to protect yourself, your identity, and your rights.
- File a complaint with the Florida Attorney General’s Office via the official portal.
- Contact consumer protection agencies to ensure your identity is secure.
- Consider joining or initiating a class action lawsuit through Class Action U’s resources.
- Understand the potential remedies and compensation available to you under Florida law.
Recent Data Breaches Impacting Florida Residents
Data breaches have become more frequent in recent years as technology advances. Florida residents have been involved in numerous recent breaches from both corporations and government entities, including the following:
- National Public Data Breach – April 2024
National Public Data, a Florida-based background check company, suffered a data breach in April 2024 that may have exposed the sensitive data records of millions of U.S., U.K., and Canadian residents. The leaked data includes the names, addresses, phone numbers, and social security numbers of millions of people, and there is a pending class action complaint against NPD in Florida federal court.
- Florida Department of Health Breach – June 2024
In August 2024, the Florida Department of Health confirmed that a significant data breach gave hackers access to personal information, including names, Social Security numbers, credit card information, medical records, and more. Floridians began receiving notice in August of the June 26 cyberattack, and the state is working to offer complimentary identity and credit monitoring services for victims.
Florida Data Privacy Laws FAQs
Who Enforces Data Privacy Laws in Florida?
Enforcement is primarily handled by the Florida Attorney General’s Office and other relevant regulatory agencies.
Do Florida Data Privacy Laws Apply To Companies Outside the State?
Yes, if companies handle the personal information of Florida residents, they must comply with Florida’s breach notification laws.
Can I Sue a Company if My Personal Data Is Breached in Florida?
Florida law allows individuals to pursue legal action in cases of negligence or failure to comply with notification requirements, sometimes as part of class action lawsuits.
How Class Action U Can Help
Data breaches can significantly derail the lives and well-being of victims, leaving them with financial losses, emotional distress, and uncertainty about their future safety. At Class Action U, we connect victims with trusted attorneys specializing in data breach and privacy cases to help them learn more about their potential paths for seeking justice. If you’ve been contacted about a data breach and believe your personal information may have been accessed without authorization, fill out our secure online form to learn more about your rights and legal options.
"*" indicates required fields
