|Privacy, Data Protection and Security|
|Saturday, 08 November 2014 19:51|
The Florida Information Protection Act (FIPA) became law this past summer. FIPA requires that all entities need to take reasonable measures to protect personal information. For more information regarding FIPA, please my prior FIPA post. It will give you general overview of the law.
When defining reasonable measure, FIPA did not give a definition. This is such a new area of the law and, as such, it is to be expected; however, there is guidance available from various sources. For example, the International Association of Privacy Professional released a study of Federal Trade Commission’s (FTC) enforcement actions regarding data privacy.
The FTC is one of the federal agencies that currently has administrative jurisdiction regarding whether or not corporations had adequately protected consumer’s data privacy. This study provides you with a general idea of what reasonable care looks like. Reasonable care can be summed up in one word: proactive. How proactive is your company protecting data? Being proactive is not a one-time event for data privacy.
Failures in being proactive may cost your company not only fines at an administrative level, but it will also damage your reputation in the marketplace.
Although FIPA does not define reasonable measures, looking at what the FTC requires through their enforcement actions does provide us with an idea of what reasonable measures looks like. And while there is no cookie-cutter approach - every business is different, even within the same fields - you can begin to consider what may or may not work for you by reviewing these recent enforcement actions.