Are Employers in Florida Required to Keep Sensitive Employee Data Confidential?

Employers often have a lot of sensitive information about job applicants and employees, including things like phone numbers, addresses, Social Security numbers (SSNs), and even medical records. This raises an important question: Are employers required to keep sensitive employee data confidential? The answer is “yes.” In this article, you will find an overview of worker data privacy standards in Florida.

Florida Employers Have a Legal Duty to Protect Sensitive Employee Data

First and foremost, it is important to emphasize that employers in Florida do have a clear duty to protect the confidentiality of sensitive employee data. There are both state laws and federal laws that apply. The Florida Information Protection Act of 2014 (Florida Statute § 501.171) requires entities, including employers, to implement reasonable measures to secure personal information. Personal information includes Social Security numbers, driver’s license numbers, financial account data, and health-related records.

Note: Medical records are especially sensitive. Employers may also be subject to federal privacy obligations under laws such as the Health Insurance Portability and Accountability Act (HIPAA) when handling employee medical information.

What are the Consequences for a Violation?

The sanctions that an employer will face always depend on the nature and severity of the violation as well as the timeliness and thoroughness of the response. Still, regardless, the failure to maintain confidentiality of sensitive employee information can lead to substantial liability risks. The Florida Attorney General may impose civil fines of up to $500,000 for FIPA violations. Employers may also face civil negligence and/or invasion-of-privacy claims from employees. When HIPAA-protected data is involved, federal penalties can exceed $1.5 million per year for repeated violations.

Key Requirements for Florida Employers

Florida law imposes several specific obligations on employers managing confidential employee data. All businesses and organizations should be sure to address the following:

• Data Security: Employers must implement administrative, technical, and physical protections that are appropriate to the size and nature of their business. These include password protections, access restrictions, encryption, and secure document disposal.
• Limited Access: Personal data should only be accessible to authorized personnel with a legitimate business purpose. Access logs or permission systems may be required to comply with data control standards. Many data breaches happened because there are not sufficient restrictions around who can access sensitive employee data.
• Notice Requirements: If a data breach affects employee personal information, FIPA mandates that employers notify affected individuals within 30 days and, in certain cases, the Florida Attorney General’s Office. Employers that fail to comply with notice requirements for breaches may face major legal liability.
• Retention/Destruction: Employers must dispose of sensitive information securely (shredding, erasing, etc) to prevent post-termination exposure. As a general rule, sensitive employee information should not be kept longer than is truly required.

Get Help From a Florida Employment Lawyer Today

Employers in Florida should keep sensitive employee information confidential. If you have any specific questions or concerns about the legal requirements for business and organizations, please do not hesitate to contact a Florida employment attorney for help.