Data Security

Subscribe to Data Security via RSS

Florida state agencies and local governments are now subject to new cybersecurity requirements and prohibitions that went into effect on July 1, 2022. These new amendments to Florida’s State Cybersecurity Act (“the Cybersecurity Act”) impose practically impossible-to-meet notification requirements on state and local governmental entities and prohibit them from making ransom payments. Stepping back to

The Florida House of Representatives has introduced its version of a comprehensive privacy law (HB 9 – no fancy acronym, unlike the FPPA in the Senate).  This blog post will explain the key differences between the House and Senate versions. I also propose two changes to the private right of action that would mitigate the risk of professional plaintiffs filing gotcha lawsuits. The post ends with a roadmap of what to expect moving forward in this legislative session.
Continue Reading Comparing Florida’s Two Leading Privacy Bills

This blog post will summarize Senate Bill 1864, released on Friday, which is the first “comprehensive” privacy bill to be released in advance of the 2022 Florida legislative session. This is a long post, so I begin with a “too long, didn’t read” section that I’ve found helpful in articles I’ve read. I then describe the FPPA in detail, but by pulling various pieces of the 34-page law together by subject matter. I close with some personal opinions about this bill and what we can expect in the upcoming legislative session.
Continue Reading Will The FPPA Be Florida’s First Comprehensive Privacy Law?

New regulatory activity may help companies experience fewer ransomware attacks and could impact whether ransoms can be paid to threat actors. The activity includes guidance and sanctions by the Department of Treasury (“Treasury”) and a host of resources provided by the Health and Human Services Office for Civil Rights. This post describes the activity, its impact on companies that experience a ransomware attack, and practical takeaways for in-house counsel.
Continue Reading To Pay or Not To Pay: What New Regulatory Activity Means for Ransomware Victims

By a vote of 29-11, the Florida Senate passed its version of HB 969 and sent the bill back to the House for consideration of the rewritten version. At this point, there are only two legislative options remaining: (1) the House passes it without any changes, or (2) no privacy law is adopted in Florida during this legislative session. There is not enough time for the House to change the law again and have Senate reconsider/pass it by tomorrow. The odds are high that the House will pass HB 969 tomorrow and Governor DeSantis will sign it.

Assuming that’s the case, advocates on all sides of this law will have “won” and “lost” something, but the consequences of these last few months will have an enormous impact on privacy law moving forward for much more significant reasons than the bill itself.
Continue Reading Florida Privacy Bill Passes Penultimate Legislative Hurdle; Significant Implications Follow

With only three days left in the legislative session, and on the morning when my Op-Ed was published by the Tallahassee Democrat, the Florida Senate weighed in on the House’s passage of HB 969.  There were two ways it could have done that: (1) take the House version sent to the Senate via messages and make changes to and vote on that version; or (2) ignore the version provided via messages and simply pass the pending version of SB 1734 in the Senate then send that version to the House via messages. It chose path #1. Moments ago, the  Senate passed a strike-all amendment that struck the entirety of HB 969 and replaced it with a modified version of SB 1734. A separate post will discuss the modified version of SB 1734 in greater detail, but this post briefly explains where things stand now and what to expect next.
Continue Reading What Just Happened With Florida Privacy Legislation?

Within the week, we will know whether Florida will adopt the most aggressive privacy law in the country, something more moderate, or nothing at all. But an issue that has not received enough attention is the reason HB 969 and SB 1734 have received more support in a “red” state than any other privacy law. It is a reason that will come full circle to adversely impact the contingency of supporters using privacy laws as a way to attack “Big Tech.”
Continue Reading The Long Game: Why Parler Has Everything To Do With Florida’s Privacy Legislation

Today, the Florida House of Representatives Commerce Committee voted unanimously to allow HB 969, which would be the most aggressive privacy law in the country, to move forward for a full House floor vote. This post explains what happened, what will happen next, and some of the unique political forces and considerations behind HB 969.    
Continue Reading Have Privacy Advocates Found A New Path Forward in Red States?

The Florida Senate appears poised to hit the brakes on privacy legislation that has thus far soared through committees in both legislative chambers.  The House version (HB 969) and the Senate Version (SB 1734) would have not only created the same consumer privacy rights as the CCPA, the bills would have created massive private rights of action, far broader than any other privacy law in the United States.  

Today, a “strike all” Committee Amendment was offered to the Senate version.  TRANSLATION – the Senate Rules Committee, where SB 1734 is now pending, is proposing a “friendly amendment” that would strike the entirety of SB 1734 and replace it with a new version.
Continue Reading Momentum Slows for Florida Privacy Law; What’s Next?