Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Florida’s Digital Bill of Rights Joins the Regulatory Framework
The proliferation of data breaches and increased sophistication of criminal attack vectors has led more states to enact their own reasonable security provisions as part of the patchwork quilt of privacy laws. Nineteen of the U.S. states which have enacted comprehensive privacy laws along with Florida’s Digital Bill of Rights (which took effect summer 2024) have provisions requiring controllers and businesses to establish, implement and maintain reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of personal data. Adding to the risk post data breach of the enforcement of reasonable security provisions on the state level is also increased federal enforcement actions in an attempt to apply pressure companies to take more care on how they secure and disseminate consumer data. Companies should be aware of the varying applicable regulatory frameworks required to protect consumer data and avoid additional penalties and liabilities under the growing number of data security enforcers.
The Federal Trade Commission 2023 Privacy and Data Security Update publication released on March 28, 2024, demonstrated that the FTC filed 89 data security cases through 2023. In one of its enforcement actions for 2024, the FTC required a smaller company to reimburse consumers more than $370,000 stemming from inadequate data security measures that led to multiple data breaches over the course of several years. The corresponding orders for data security breaches levied by the FTC uniformly require organizations to perform data minimization, delete personal data that is no longer has a business justification to maintain; and develop a comprehensive information security program while certifying compliance to the agency for a set period of time, along with ongoing compliance review. The FTC’s data minimization requirements dictate companies must implement policies to retain personal information for only as long as is reasonably necessary to fulfill the business purpose for which the information was collected and specify the specific business need for retaining it. In addition, many of states with comprehensive privacy laws going into effect in 2025 have similar data minimization processes that should be in place.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
New York's Latest Cybersecurity Commitment
On Aug. 9, 2023, Gov. Kathy Hochul introduced New York's inaugural comprehensive cybersecurity strategy. In sum, the plan aims to update government networks, bolster county-level digital defenses, and regulate critical infrastructure.
Law Firms are Reducing Redundant Real Estate by Bringing Support Services Back to the Office
A trend analysis of the benefits and challenges of bringing back administrative, word processing and billing services to law offices.
Bit Parts
Summary Judgment Denied Defendant in Declaratory Action by Producer of To Kill a Mockingbird Broadway Play Seeking Amateur Theatrical Rights
Risks of “Baseball Arbitration” in Resolving Real Estate Disputes
“Baseball arbitration” refers to the process used in Major League Baseball in which if an eligible player's representative and the club ownership cannot reach a compensation agreement through negotiation, each party enters a final submission and during a formal hearing each side — player and management — presents its case and then the designated panel of arbitrators chooses one of the salary bids with no other result being allowed. This method has become increasingly popular even beyond the sport of baseball.