Data Security and Florida Breach Notification Law
“With the legal industry’s increased efforts to integrate new technology into the profession, it has never been more important for law firms to protect themselves and their data. However, what happens when a breach does occur and privileged information is compromised? More specifically, what is a breach notification and what procedures are Florida law firms required to follow immediately after the incident?
In this episode of The Florida Bar Podcast, host Adriana Linares sits down with Orange County Bar Association Technology Committee Chair Daniel Whitehouse to discuss data breach notification procedures and what constitutes personally identifiable information. Daniel breaks down what Florida statutes consider a data breach (basically an unauthorized party accessing restricted data) and gives a few examples of situations within a law firm where this definition applies. He then provides an in-depth explanation as to what types of data fall under personally identifiable information, such as social security numbers, medical records, and email addresses, and discusses what Florida’s data breach notification law is. Daniel takes time to explain what the Florida attorney general’s office will require from law firms that experience such a breach and analyzes what ethical obligations legal professionals have to their clients and the prevention of future unauthorized access. He closes the interview with tips on how law firms can encrypt their data and proactive changes companies can implement to increase their security policies.
Daniel Whitehouse holds a Bachelor of Science in computer science and a Master of Business Administration (MBA), both from Webster University. He interned for The Honorable Susan C. Bucklew of the United States District Court for the Middle District of Florida and attended Stetson University College of Law where he graduated Co-Valedictorian. Daniel is currently the chair of the Orange County Bar Association Technology Committee.”