What is a Security Breach?
Section 501.171 of the Florida Statutes defines a "breach of security" as "unauthorized access of electronic data that contains personal information." A business must provide notice to each individual whose personal information was accessed as a result of the breach. If the breach affects more than 500 individuals, the state must also receive notice. For non-compliance, a business may face fines of $1,000 per day and up to $500,000. Also, if a business has clients in other states, data breach laws must be followed for each state. Additionally, certain types of businesses must follow federal breach laws.
To avoid statutory penalties and expensive litigation, every business must take reasonable measures to safeguard the confidentiality, integrity, and availability of data:
- Confidentiality: implementing access controls & encryption
- Integrity: preventing malware & hackers
- Availability: recovering from attacks & disruptions