Florida Legislature Passes Bill Providing for Data Breach Immunity
The Florida Legislature recently passed House Bill 473, which (as of March 28) is pending approval by the governor. If enacted, the bill will provide important new liability protections to businesses that suffer data breaches despite the adoption and implementation of meaningful data privacy and cybersecurity safeguards.
To benefit from the liability protections, businesses (including vendors that store, maintain or process personal information on behalf of a business) must meet the specific conditions outlined below:
- Notice Compliance: Businesses must substantially comply with the notice requirements under the Florida Information Protection Act.
- Cybersecurity Program: Businesses must adopt and implement a cybersecurity program that substantially aligns with recognized industry standards or applicable state or federal laws. The bill offers businesses numerous options, including the cybersecurity standards set forth in sectoral laws such as HIPAA (healthcare) or GLBA (finance) and various widely adopted third-party standards such as SOC-2 and HiTRUST. Notably, however, the legislation clarifies that the failure to implement such programs may not be used as evidence of negligence, does not constitute negligence per se and does not otherwise give rise to a private right of action.
- Program Updates: Businesses must update their cybersecurity program to align with any changes in industry standards or laws within one year.
If a company or third party meets the aforementioned requirements, it is immune from lawsuits "in connection with a cybersecurity incident." The ultimate parameters of this immunity will likely be shaped by the courts. Nonetheless, this legislation is vital to the reduction in exorbitant litigation costs, particularly in proposed class actions.
If the bill is enacted, it will become effective immediately and will apply on a prospective basis to any suits filed on or after that date and any class actions that are not certified as of the effective date.
Day Pitney LLP has extensive experience advising businesses across Florida and the country on the adoption and implementation of data privacy and cybersecurity compliance programs that comply with industry standards and state and federal privacy regulatory regimes. The firm's attorneys also have decades of combined experience in responding to cybersecurity incidents and representing companies in cybersecurity incident-related litigation and class action defense. For further guidance on taking advantage of the benefits of this bill, please do not hesitate to reach out to our team.
Recommended
The arrival of Day Pitney White Collar Partner Stephen Reynolds was featured in Hartford Business Journal's article "Former Cigna In-house Counsel, Federal Prosecutor Joins Day Pitney's White Collar Practice."
The arrival of White Collar Partner Stephen Reynolds was featured in Bloomberg Law's Privacy & Data Security Law Newsletter. Reynolds most recently served as the chief compliance officer for federal programs for The CIGNA Group and was an assistant US Attorney in the US Attorney's Office in the District of Connecticut and the Department of Justice.
The arrival of Day Pitney White Collar Partner Stephen Reynolds was featured in Connecticut Law Tribune's "Connecticut Movers" column. Reynolds is a former federal prosecutor and is based in the firm's Stamford office.
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – April 2024
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – April 2024
Day Pitney Attorneys Elizabeth Retersdorf, Ashley Picker Dubin and Damian Privitera authored the article “What New Conn. Insurance Bulletin Means for Data and AI,” for Law360.
Day Pitney Data Privacy, Protection and Litigation chair William Roberts authored an op-ed with CBIA's President and CEO Chris DiPentima titled "Here Are Preemptive Measures to Limit a Cyberattack's Damage to Your Business," for the Hartford Business Journal.
Day Pitney Partner Kritika Bharadwaj has been named to the 2024 Lawdragon 100 Leading Global AI & Legal Tech Advisors list. This is the inaugural year for this list.
Day Pitney Healthcare, Life Sciences, and Technology Counsel Damian Privitera's arrival was featured in the Law360 article "Moses & Singer Healthcare Atty Joins Day Pitney in Hartford."