Florida Legislature Passes Bill Providing for Data Breach Immunity
The Florida Legislature recently passed House Bill 473, which (as of March 28) is pending approval by the governor. If enacted, the bill will provide important new liability protections to businesses that suffer data breaches despite the adoption and implementation of meaningful data privacy and cybersecurity safeguards.
To benefit from the liability protections, businesses (including vendors that store, maintain or process personal information on behalf of a business) must meet the specific conditions outlined below:
- Notice Compliance: Businesses must substantially comply with the notice requirements under the Florida Information Protection Act.
- Cybersecurity Program: Businesses must adopt and implement a cybersecurity program that substantially aligns with recognized industry standards or applicable state or federal laws. The bill offers businesses numerous options, including the cybersecurity standards set forth in sectoral laws such as HIPAA (healthcare) or GLBA (finance) and various widely adopted third-party standards such as SOC-2 and HiTRUST. Notably, however, the legislation clarifies that the failure to implement such programs may not be used as evidence of negligence, does not constitute negligence per se and does not otherwise give rise to a private right of action.
- Program Updates: Businesses must update their cybersecurity program to align with any changes in industry standards or laws within one year.
If a company or third party meets the aforementioned requirements, it is immune from lawsuits "in connection with a cybersecurity incident." The ultimate parameters of this immunity will likely be shaped by the courts. Nonetheless, this legislation is vital to the reduction in exorbitant litigation costs, particularly in proposed class actions.
If the bill is enacted, it will become effective immediately and will apply on a prospective basis to any suits filed on or after that date and any class actions that are not certified as of the effective date.
Day Pitney LLP has extensive experience advising businesses across Florida and the country on the adoption and implementation of data privacy and cybersecurity compliance programs that comply with industry standards and state and federal privacy regulatory regimes. The firm's attorneys also have decades of combined experience in responding to cybersecurity incidents and representing companies in cybersecurity incident-related litigation and class action defense. For further guidance on taking advantage of the benefits of this bill, please do not hesitate to reach out to our team.
Recommended
Day Pitney Data Privacy, Protection and Litigation practice group co-chair Naju Lathia and Litigation Associate Potoula Tournas authored the article "New Reporting Requirements in the Cybersecurity and Critical Infrastructure Sectors," for the New Jersey Law Journal's Cybersecurity Special Section.
Day Pitney Intellectual Property Partner Brooke Penrose's arrival to the firm's Boston office was featured in Bloomberg Law.
Day Pitney Technology Counsel Laura Land Himelstein's arrival to the firm was featured in the Law360 article, "In-House Tech Atty Returns to Private Practice at Day Pitney." She has joined Day Pitney in both the technology, telecommunications and outsourcing and the data privacy, protection and litigation practice groups, based in the firm's New York and Stamford offices.
Day Pitney Technology Counsel Laura Land Himelstein's arrival to the firm was featured in Connecticut Law Tribune's Connecticut Movers column. She has joined Day Pitney in both the technology, telecommunications and outsourcing and the data privacy, protection and litigation practice groups, based in the firm's New York and Stamford offices.
Day Pitney Press Release
Day Pitney Press Release
Day Pitney Litigation Partner Naju Lathia was featured in the article, "NJ, Attys Brace For Tech 'Evolution' in Litigation."
Day Pitney is proud to announce that two of our Connecticut-based attorneys and our Litigation department have been recognized by the Connecticut Law Tribune as part of their second annual New England Legal Awards. According to the publication, the awards recognize exceptional attorneys and firms from Connecticut, Maine, Vermont, New Hampshire, Massachusetts and Rhode Island across various legal domains.
Day Pitney Data Privacy, Protection and Litigation practice co-chair William Roberts authored the article "A Privacy Plan For Your Family Office" for Family Wealth Report's Post Summit Report: Family Office Cybersecurity and AI Summit. Roberts was a speaker at the June 4 event.
Day Pitney Litigation Counsel Ashley Picker Dubin has been named to the 2024 Lawdragon 500 X – The Next Generation list.