Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Florida’s Digital Bill of Rights Joins the Regulatory Framework

By Cathy Mulrow-Peattie and J. Michael Paulino
January 01, 2025

The proliferation of data breaches and increased sophistication of criminal attack vectors has led more states to enact their own reasonable security provisions as part of the patchwork quilt of privacy laws. Nineteen of the U.S. states which have enacted comprehensive privacy laws along with Florida’s Digital Bill of Rights (which took effect summer 2024) have provisions requiring controllers and businesses to establish, implement and maintain reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of personal data. Adding to the risk post data breach of the enforcement of reasonable security provisions on the state level is also increased federal enforcement actions in an attempt to apply pressure companies to take more care on how they secure and disseminate consumer data. Companies should be aware of the varying applicable regulatory frameworks required to protect consumer data and avoid additional penalties and liabilities under the growing number of data security enforcers.

The Federal Trade Commission 2023 Privacy and Data Security Update publication released on March 28, 2024, demonstrated that the FTC filed 89 data security cases through 2023. In one of its enforcement actions for 2024, the FTC required a smaller company to reimburse consumers more than $370,000 stemming from inadequate data security measures that led to multiple data breaches over the course of several years. The corresponding orders for data security breaches levied by the FTC uniformly require organizations to perform data minimization, delete personal data that is no longer has a business justification to maintain; and develop a comprehensive information security program while certifying compliance to the agency for a set period of time, along with ongoing compliance review. The FTC’s data minimization requirements dictate companies must implement policies to retain personal information for only as long as is reasonably necessary to fulfill the business purpose for which the information was collected and specify the specific business need for retaining it. In addition, many of states with comprehensive privacy laws going into effect in 2025 have similar data minimization processes that should be in place.

The obligations companies have for data security was best expressed by the FTC’s Bureau of Consumer Protection, “ … shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Companies have a responsibility to secure data they maintain and to delete data they no longer need.”

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

Removing Restrictive Covenants In New York Image

In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?