It was recently revealed that Amazon inadvertently exposed names and email addresses of some of its members due to a technical issue. Since the initial release the company has not provided much more detail. This leads some to wonder, what are Amazon’s legal obligations at this point and what can a Florida business learn from it?

The response varies with respect to its duties externally as opposed to internally. International legal authority aside, Amazon may have no obligations to those whose names and email addresses were released. The Florida Information Privacy Act, Fla. Stat. Section 501.171, requires various entities, including businesses, to notify individuals when there is unauthorized access of electronic data containing personal information. However, a name and email address alone does not meet this standard. Instead they must be combined with some other personal information to require notification.