Skip to Main Content

Insights

Thought Leadership

April 1, 2024

Florida Legislature Passes Bill Providing for Data Breach Immunity

The Florida Legislature recently passed House Bill 473, which (as of March 28) is pending approval by the governor. If enacted, the bill will provide important new liability protections to businesses that suffer data breaches despite the adoption and implementation of meaningful data privacy and cybersecurity safeguards. To benefit from the liability protections, businesses (including vendors that store, maintain or process personal information on behalf of a business) must meet the specific conditions outlined below:
  • Notice Compliance: Businesses must substantially comply with the notice requirements under the Florida Information Protection Act.
  • Cybersecurity Program: Businesses must adopt and implement a cybersecurity program that substantially aligns with recognized industry standards or applicable state or federal laws. The bill offers businesses numerous options, including the cybersecurity standards set forth in sectoral laws such as HIPAA (healthcare) or GLBA (finance) and various widely adopted third-party standards such as SOC-2 and HiTRUST. Notably, however, the legislation clarifies that the failure to implement such programs may not be used as evidence of negligence, does not constitute negligence per se and does not otherwise give rise to a private right of action.
  • Program Updates: Businesses must update their cybersecurity program to align with any changes in industry standards or laws within one year.
If a company or third party meets the aforementioned requirements, it is immune from lawsuits "in connection with a cybersecurity incident." The ultimate parameters of this immunity will likely be shaped by the courts. Nonetheless, this legislation is vital to the reduction in exorbitant litigation costs, particularly in proposed class actions. If the bill is enacted, it will become effective immediately and will apply on a prospective basis to any suits filed on or after that date and any class actions that are not certified as of the effective date. Day Pitney LLP has extensive experience advising businesses across Florida and the country on the adoption and implementation of data privacy and cybersecurity compliance programs that comply with industry standards and state and federal privacy regulatory regimes. The firm's attorneys also have decades of combined experience in responding to cybersecurity incidents and representing companies in cybersecurity incident-related litigation and class action defense. For further guidance on taking advantage of the benefits of this bill, please do not hesitate to reach out to our team.

Related Practices and Industries

Related Professionals

William J. Roberts
William J. Roberts
Partner
Hartford, CT
| (860) 275-0184
Magda C. Rodriguez
Magda C. Rodriguez
Partner
Miami, FL
| (305) 373-4010

Explore Day Pitney's latest media mentions and speaking appearances.

Press Contact

Elyse Blazey Gentile
Director of Communications

EMAIL DISCLAIMER

Thank you for your interest in contacting us by email.

Your e-mail to this individual should not contain any confidential information and should be for general information purposes only. An attorney-client relationship will not be created by your e-mail to this individual. Information in your e-mail may not be entitled to any protections commonly associated with communications with attorneys. If you are in doubt about any information, please exclude it.

If you accept the terms of this notice and would like to send an email, click on the "I Agree" button below. Otherwise, please click "I Don't Agree".