Starting July 1, companies must notify Florida’s Department of Legal Affairs of data security breaches that affect more than 500 people in the state. The Florida Information Protection Act of 2014 repeals the state's current data security breach law, reports Business Insurance.
Under the law, companies must also notify affected individuals “no later than 30 days after the determination of a breach or reason to believe a breach occurred.” But there are exceptions to the rule. Notification to affected individuals may be delayed if it would interfere with a criminal investigation. Companies aren’t required to notify people if it is determined that the breach has not, and likely will not, result in identity theft or cause financial harm.