Information Security Laws
Identity theft and information fraud are important concerns for consumers and for businesses of all sizes. That’s why the federal government and the state of Florida have enacted a number of information security laws to help protect consumers. Here’s a synopsis of the most significant information security laws that may apply to your business:
The Fair and Accurate Credit Transaction Act (FACTA) requires that any individual or business that maintains personal consumer information must take reasonable care to protect against unauthorized access to this information, and they must also destroy personal consumer information before it is discarded. Violation of FACTA, which went into effect in 2005, can mean fines and penalties of up to $2,500 for each consumer record compromised.
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for the protection of personal health information. HIPAA, which went into effect in 1996, requires all healthcare providers, including any organization that transmits personal health information, to maintain the confidentiality of this information and to destroy the information before it is discarded.
The Gramm-Leach-Bliley Act requires that all financial institutions protect the confidential information of their clients. Banks, credit unions, mortgage companies, investment and financial services firms and insurance underwriters are among those affected. Fines for violating GLB can be severe.
Red Flags Rule
The Red Flags Rule was created by the Federal Trade Commission and the National Credit Union Administration to help identify “red flags” that may indicate identity theft.
Florida Information Protection Act of 2014 (FIPA)
The Florida Information Protection Act of 2014 (FIPA) which amended Florida’s breach notification statute was signed into law and made effective on July 1, 2014. FIPA requires that businesses and government offices must take reasonable steps to safeguard the personal information of individuals contained on the paper and electronic documents in their possession. In addition, if there is a data breach, these same entities must provide timely notice of any such breach. FIPA is one of the most strict breach notification statutes in the country.