A new data privacy law in Florida is being described as one of the toughest in the nation. The law, which went into effect on July 1, expands the term “personal information” and reduces the amount of time in which a breached organization must report an incident.
Under the law, “personal information” now includes an individual’s username or email address along with a password or security question and answer. An individual’s full name and medical history, treatment or diagnosis, or health insurance identifier is also considered “personal information.”
Furthermore, the law provides that organizations now have 30 days to report data breaches affecting 500 or more Floridians, down from 45 days.
With its stricter provisions, the law seeks to afford increased data security to patients and consumers. It also places greater responsibility on health care organizations to protect sensitive information since they must comply with the state law in addition to HIPAA.
As data security legislation continues to strengthen across the country, other states may follow in Florida’s footsteps with similarly tough laws.