As one court recently observed, “For many, the phrase data breach provokes dread and invokes disquiet.” See Blahous v. Sarrell Regional Dental Center for Public Health, 2020 WL 401 6246, at 1 (M.D. Ala. 2020). Another judge underscored the relentless waves of cyber invasions by suggesting that there are only two kinds of companies in the United States, “… those that have been hacked and those that don’t know they’ve been hacked.” See Storm v. Paytime, F.Supp. 3d 359, 360 (M.D. Pa. 2015).

Despite the pervasive realities, no comprehensive federal scheme has been enacted to broadly formulate and require preventative measures. Much of the existing legislation has been developed at the state level and centers on imposing duties to give notice to affected parties following a data breach. Florida’s Section 501.171, the Florida Information Protection Act (FIPA), was enacted in 2014 and details notification duties upon a wide array of private and public entities. Explicitly asserting that it does not create a private cause of action, Section 501.171 entrusts enforcement functions to the office of Florida’s Attorney General (AG).

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]