In the wake of the Target, Facebook, Yahoo!, and other data security breaches in 2013, the Florida Legislature will take a closer look this session at the issue of protecting confidential personal information. To that end, the Florida Senate Commerce and Tourism Committee recently passed a bill entitled the Florida Information Protection Act of 2014 (CS/SB 1524). The bill, which is now in committee, would repeal the current statutory regime governing data security breaches as set forth in §817.5681, Florida Statutes and replace that section with a more comprehensive system of data security requirements and enforcement.

Among other things, the bill would require covered businesses to take reasonable measures to protect personal information, to notify the Department of Legal Affairs and affected individuals of security breaches, to notify credit reporting agencies of security breaches, and to dispose of customer records in a specified manner. The bill also provides that a violation of the Act will be treated as an unfair and deceptive trade practice and provides for civil penalties of up to $500,000 per breach. However, the bill does specifically provide that no private cause of action is created under the Act.

As this bill is still in the early stages of the legislative process, stay tuned for more information and updates.