Florida state agencies and local governments are now subject to new cybersecurity requirements and prohibitions that went into effect on July 1, 2022. These new amendments to Florida’s State Cybersecurity Act (“the Cybersecurity Act”) impose practically impossible-to-meet notification requirements on state and local governmental entities and prohibit them from making ransom payments. Stepping back to

The Florida House of Representatives has officially passed HB 969, which would create the most aggressive privacy law in the United States. The bill would apply to companies that generate $50 million or more in annual gross revenue and collect a significant amount of personal information about Florida residents. In addition to imposing CCPA-like

The Florida Legislature is considering a comprehensive privacy law (HB 969) that would fundamentally change the landscape of how/whether companies do business in Florida.  The bill is largely a “cut-and-paste” of the California Consumer Privacy Act (CCPA), but in some ways, it goes further than the CCPA and would make Florida’s law the most aggressive privacy law in the United States.  As I have previously described, the bill would create significant privacy rights for Florida residents, including the right to know what personal information companies are collecting about them, the source of that information, how the information is being shared, a right to request a copy of that information, and a right to delete/correct that information.  But the law goes too far – placing a crushing financial burden on most small and medium-sized businesses and creating a private right of action that dwarfs California’s version. This post analyzes the five most significant problems with HB 969 and proposes solutions.
Continue Reading Five Ways To Improve Florida’s Proposed Privacy Law

Yesterday, the Governor of Florida threw his support behind a newly introduced consumer data privacy bill (HB 969) which is very similar to the California Consumer Privacy Act of 2018. The Governor’s support is a significant development given that he and both chambers of the Florida Legislature are Republican and, to date, there has not been any aligned support for a privacy law since the Florida Information Protection Act (FIPA), Florida’s data breach notification law.  Nevertheless, as with the CCPA, the bill proposes a boondoggle for the plaintiffs’ bar in the form of a private right of action for data breaches and statutory damages, which could present a significant obstacle to passage in the bill’s current form, particularly for a fairly business-friendly Florida Legislature.
Continue Reading Florida Throws Its Hat Into the Privacy Ring, And It’s Looking A Lot Like California