Data Privacy: How Proactive Are You?

By Arthur Freyre, Esq.

The Florida Information Protection Act (FIPA) became law this past summer. FIPA requires that all entities need to take reasonable measures to protect personal information. For more information regarding FIPA, please my prior FIPA post. It will give you general overview of the law.

When defining reasonable measure, FIPA did not give a definition. This is such a new area of the law and, as such, it is to be expected; however, there is guidance available from various sources. For example, the International Association of Privacy Professional released a study of Federal Trade Commission’s (FTC) enforcement actions regarding data privacy.

The FTC is one of the federal agencies that currently has administrative jurisdiction regarding whether or not corporations had adequately protected consumer’s data privacy. This study provides you with a general idea of what reasonable care looks like. Reasonable care can be summed up in one word: proactive. How proactive is your company protecting data? Being proactive is not a one-time event for data privacy.

Being proactive requires you not only to assess, devise, and implement a data privacy plan, but it also requires you to assess whether or not your data privacy policy is sufficient in the changing world of technology. Being proactive also includes training and educating your staff with the data privacy protocols and the necessary changes in those protocols. 

Failures in being proactive may cost your company not only fines at an administrative level, but it will also damage your reputation in the marketplace.

Although FIPA does not define reasonable measures, looking at what the FTC requires through their enforcement actions does provide us with an idea of what reasonable measures looks like. And while there is no cookie-cutter approach – every business is different, even within the same fields – you can begin to consider what may or may not work for you by reviewing these recent enforcement actions. 

Working in conjunction with data privacy professionals at ProPrivatus, your data privacy and legal compliance team offers the following services:

  1. Privacy gap and risk analysis
  2. A privacy strategic and business plan
  3. Privacy advice and training
  4. Designing privacy policies and procedures
  5. Breach Management.