The new Florida Information Protection Act (FIPA) passed this summer has a lot of commonality with efforts to reduce drunk driving -- even if the law does not elevate beverage consumption to the "special kind of personal data" level.

FIPA  expands organizations’ requirement to report data breaches to state authorities and affected consumers within 30 days (down from the previous 45 days) and expands the grab-bag of “personal information” to include usernames, email addresses, and medical diagnoses among others. Failure to report a breach can result in fines reaching up to $500,000.

The time requirement sets Florida at the head of the US pack, as one of only seven states with a specific deadline for alerting victims. Other geographies such as Germany with its Bundesdatenschutzgesetz and the European Union have their own reporting requirements.

With alcohol consumption, there are very few regulations that directly prevent an intoxicated driver from taking the wheel. One limited example is the special case where drivers must puff on a breath analyzer, and show a minimal BAC, before starting up their vehicle.
But on the other side, there are lots of laws with an array of penalties that kick in when the police apprehend a driver under the influence. In effect, these laws raise the cost of drunk driving for the driver. And hopefully they also raise it up to the cost level incurred by society.

And so it is with the new Florida law. Instead of stipulating exactly how organizations should protect their data, the law expands the list of protected data, shortens the reporting requirement, and raises the penalty for not doing it. Forcing companies to disclose data breaches also raises the specter of increased customer churn, as nervous consumers take their business elsewhere – just ask victims of the Target hacking. On the down side, the law does focus on the limited 20% of the data pool that fits into the structured data category and skips over the 80% of unstructured data out there.

You could say that the law forces organizations to work “under the influence” as they realize that some data may not have a price, but its loss has a real cost. And as a few recent US elections have shown; as Florida goes, so goes the nation.

Here is a link to the entire Florida law.

Safetica team

Next articles

Data Loss Prevention in Fintech

Let's delve into the challenges fintech faces in keeping data secure and what steps companies can take to safeguard customer information.

Australian Privacy Principles: The Scope, Purpose, and How to Comply

The 13 Australian Privacy Principles (APPs) are the cornerstone of the country’s privacy protection framework under the Privacy Act 1988 and regulate the collection, usage, and disclosure of personal data, applying to both government and private sector organizations within Australia.

Data Loss Prevention in Insurance Institutions

Read about what insurance companies should be doing to prevent data loss and data regulations and compliance in the insurance industry.