Florida state agencies and local governments are now subject to new cybersecurity requirements and prohibitions that went into effect on July 1, 2022. These new amendments to Florida’s State Cybersecurity Act (“the Cybersecurity Act”) impose practically impossible-to-meet notification requirements on state and local governmental entities and prohibit them from making ransom payments. Stepping back to
Florida Data Privacy Legislation Fails (Again)
Florida will not pass a comprehensive data privacy law for the second year in a row. It will be easy for some to speculate that the bill died because the House insisted on a private right of action. That speculation would be wrong. The bill died because there were multiple differing views on the law’s…
The Florida House Passes Data Privacy Legislation (Again)
HB 9 Moves to House Floor, Democratic Opposition Emerges
It was a busy week for HB 9 in Tallahassee. There was a strike-all amendment, several proposed unfriendly amendments, a House Judiciary Committee meeting, a second strike-all, more unfriendly amendments, and a date for a House floor vote. This post will summarize what happened and provide a roadmap for the final two weeks of the Florida legislative session.
Continue Reading HB 9 Moves to House Floor, Democratic Opposition Emerges
HB 9 – why you should care about “share”, and one more consideration
In my last post, I wrote about my impression that legislators and staff do not intend for HB 9 to apply to companies that merely “receive” personal information (i.e., those that do not engage in buying or selling personal information). Based on that understanding, I suggested the second threshold of the bill’s scope be…
The Future Comes Into Focus For HB 9
Last week, HB 9 (the leading privacy bill on the House side of the Florida legislature) made its first of two committee stops in the House Commerce Committee. The bill passed unanimously. Just as important, however, the hearing revealed a potential misunderstanding as to the scope of the bill.
This blog post will dive into HB 9’s scope in greater depth, as that may be the most significant issue for companies wondering whether the bill would apply to them. The post will offer suggestions to bridge the disconnect and it will make suggestions to address other concerns many companies have with HB 9. The post ends with an analysis of what to expect next with HB 9 and its Senate counterpart.…
Comparing Florida’s Two Leading Privacy Bills
The Florida House of Representatives has introduced its version of a comprehensive privacy law (HB 9 – no fancy acronym, unlike the FPPA in the Senate). This blog post will explain the key differences between the House and Senate versions. I also propose two changes to the private right of action that would mitigate the risk of professional plaintiffs filing gotcha lawsuits. The post ends with a roadmap of what to expect moving forward in this legislative session.
Continue Reading Comparing Florida’s Two Leading Privacy Bills
Florida House Data Privacy Bill Released
The Florida House of Representatives has released its version of a proposed comprehensive privacy law. Coming in at 31 pages, HB 9 is sponsored by Representative McFarland (a champion of data privacy on the House side). On quick review, it appears to have some important changes from the version the House considered last year (…
Will The FPPA Be Florida’s First Comprehensive Privacy Law?
This blog post will summarize Senate Bill 1864, released on Friday, which is the first “comprehensive” privacy bill to be released in advance of the 2022 Florida legislative session. This is a long post, so I begin with a “too long, didn’t read” section that I’ve found helpful in articles I’ve read. I then describe the FPPA in detail, but by pulling various pieces of the 34-page law together by subject matter. I close with some personal opinions about this bill and what we can expect in the upcoming legislative session.
Continue Reading Will The FPPA Be Florida’s First Comprehensive Privacy Law?
To Pay or Not To Pay: What New Regulatory Activity Means for Ransomware Victims
New regulatory activity may help companies experience fewer ransomware attacks and could impact whether ransoms can be paid to threat actors. The activity includes guidance and sanctions by the Department of Treasury (“Treasury”) and a host of resources provided by the Health and Human Services Office for Civil Rights. This post describes the activity, its impact on companies that experience a ransomware attack, and practical takeaways for in-house counsel.
Continue Reading To Pay or Not To Pay: What New Regulatory Activity Means for Ransomware Victims