The new Florida Information Protection Act (FIPA) passed this summer has a lot of commonality with efforts to reduce drunk driving -- even if the law does not elevate beverage consumption to the "special kind of personal data" level.

FIPA  expands organizations’ requirement to report data breaches to state authorities and affected consumers within 30 days (down from the previous 45 days) and expands the grab-bag of “personal information” to include usernames, email addresses, and medical diagnoses among others. Failure to report a breach can result in fines reaching up to $500,000.

The time requirement sets Florida at the head of the US pack, as one of only seven states with a specific deadline for alerting victims. Other geographies such as Germany with its Bundesdatenschutzgesetz and the European Union have their own reporting requirements.

With alcohol consumption, there are very few regulations that directly prevent an intoxicated driver from taking the wheel. One limited example is the special case where drivers must puff on a breath analyzer, and show a minimal BAC, before starting up their vehicle.
But on the other side, there are lots of laws with an array of penalties that kick in when the police apprehend a driver under the influence. In effect, these laws raise the cost of drunk driving for the driver. And hopefully they also raise it up to the cost level incurred by society.

And so it is with the new Florida law. Instead of stipulating exactly how organizations should protect their data, the law expands the list of protected data, shortens the reporting requirement, and raises the penalty for not doing it. Forcing companies to disclose data breaches also raises the specter of increased customer churn, as nervous consumers take their business elsewhere – just ask victims of the Target hacking. On the down side, the law does focus on the limited 20% of the data pool that fits into the structured data category and skips over the 80% of unstructured data out there.

You could say that the law forces organizations to work “under the influence” as they realize that some data may not have a price, but its loss has a real cost. And as a few recent US elections have shown; as Florida goes, so goes the nation.

Here is a link to the entire Florida law.

Safetica team

Next articles

Dedicated DLP vs. Integrated DLP: Which makes most sense for your organization?

While researching DLP solutions for your organization, you might’ve come across two different variants: dedicated DLP (also known as enterprise DLP) and integrated DLP. In simple terms, a dedicated DLP is a dedicated data loss prevention system. An integrated DLP is an extension to an already existing program used within the organization. Read more.

The Top 6 Biggest Data Leaks of 2022

Last year, that the average global cost of a single data breach was USD 4.35 million – a 2.6% increase from 2021. Read about the top 6 biggest data leaks of 2022, and find out why data protection is so much needed.

Top 4 reasons why financial institutions should use Safetica

One of the most vulnerable industries in the data protection realm is financial services. In the financial industry, the estimated average cost of a data breach was $5.97 million – the second highest only after the healthcare industry. That's not a small amount!