What is the Florida Information Protection Act of 2014 (FIPA)?
The Florida Information Protection Act of 2014 is a Florida state law governing privacy rules for entities handling personal information.
Who is Covered Under FIPA?
Under FIPA, a Covered Entity is defined as a sole proprietorship, partnership, corporation, trust, estate, cooperative, association, or other commercial entity that acquires, maintains, stores, or uses personal information. This also can include a government entity. Importantly, FIPA is a Florida state law with broad enforcement – and includes companies doing business in Florida and those with clients/customers in Florida are responsible for complying with FIPA requirements.
What types of information does FIPA protect?
FIPA protects personal information (which means any of the following):
- An individual’s first name or first initial and last name in combination with any one or more of the following data elements for that individual:
- Social Security number
- A driver’s license or identification card number, passport number, military identification number, or other similar number issued on a government document use to verify identity;
iii. A financial account number or credit or debit card number, in combination with any required security code, access code, or password that is necessary to permit access to an individual’s financial account;
- Any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; or
- An individual’s health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual.
- A user name or email address, in combination with a password or security question and answer that would permit access to an online account.
Customer Records include any material, regardless of physical form, on which personal information is recorded or preserved – including written or spoken words, graphics, or print.
How Does This Affect Me as an Employer in Florida or Company Doing Business in Florida?
Under FIPA, companies must take measures to ensure the protections of certain personal information. This may include employment records which include an employees’ name, social security number, or drivers’ license number.
Importantly, companies maintaining this information are not only responsible for taking action to maintain the privacy of the information, but also to take certain steps in the event of a breach of that information – or face hefty fines.
What are the Penalties for Failing to Comply with FIPA?
The penalties for failing to comply with FIPA are $1,000 per day for the first 30 days,
$50,000 for each 30 day period after that up to 180 days with a maximum penalty of
$500,000 for violations that last longer than 180 days.
The first steps in dealing with FIPA requirements are performance of a risk assessment and education. You and your staff (and anyone handling your clients’ personal information) needs to understand how to handle that information. This includes, for example, how it may (and may not) be disclosed, how it may be transmitted (for instance: can you text personal information? E-mail it?), how it may be disposed, and most importantly – what to do if there is a breach.
The most effective way to educate your staff on FIPA Regulations and protocols is through FIPA Training. For entities in the healthcare industry or companies working with certain healthcare industries, this training can be combined with HIPAA Training.
Contact Scott Wagner and Associates to Schedule HIPAA Training
At Scott Wagner and Associates, our firm provides FIPA Training to companies of all sizes worldwide. We offer e-training/video conference training as well as in-person training at your location. We craft our training to meet your business needs, incorporate your company policies and mission, and make it fun. We also provide FIPA Manuals to keep your company informed. FIPA Law does not have to be difficult. Contact us today for a consultation and to discuss options for FIPA training.