Florida Legislature Seeks to Overhaul Existing Data Security Law


On the heels of recent nationwide data breaches of consumer personal information, the Florida State Senate has proposed SB 1524, which if adopted will become effective on July 1, 2014, to revamp and replace existing state data security law and, in particular, impose a statutory requirement to safeguard personal information, reporting a breach to the attorney general, and other affirmative obligations. In doing so, Florida follows recent similar legislative developments made in CaliforniaNew MexicoIowa, and Kentucky.

Existing law provides that any person who conducts business in the state of Florida and maintains computerized data in a system which includes personal information (an individual’s first name or initial and last name, in combination with: (i) a social security number; (ii) drivers’ license or identification card number; (iii) or account number, credit or debit card number in combination with any required security code or password to access the account) shall provide notice of a security breach of the system to all affected individuals without unreasonable delay but not later than forty-five (45) days following determination of the breach.  Notification is not required if after an appropriate investigation or after consulting with relevant law enforcement, the person conducting business in the state reasonably determines that the breach has not and will not likely result in harm to the individuals whose persona information has been acquired and accessed. This determination must be documented in writing and maintained for five (5) years.

The bill proposes the following significant changes to existing law:

All businesses maintain personal information in some form on the individuals they employ and those with whom they conduct business. Because data breaches are becoming more prevalent and continue to raise risks of identity theft and other issues for individuals, states like Florida are stepping up their enforcement efforts on behalf of their state residents. Businesses should take the time to be sure they appropriately safeguard personal information of customers, employees and other individuals, as well as to be prepared to respond to a breach should they experience one.


Jackson Lewis P.C. © 2025
National Law Review, Volume IV, Number 119