– Senate Bill 262, known as Florida’s Digital Bill of Rights, imposes restrictions on for-profit companies in Florida that collect sensitive data about Florida residents.
– The new law prohibits companies from selling sensitive data without obtaining prior consent from the consumer, and from processing sensitive data of children under 18 without authorization.
– Companies selling sensitive data must also display a notice on their website informing consumers of this practice. – The controller must be organized for profit and conduct business in Florida
– They must collect personal data about consumers and determine how it is processed
– They must make over $1 billion in global gross annual revenues
– They must derive 50% or more of their global gross annual revenues from online advertising or operate a consumer smart speaker and voice command component service or operate an app store with at least 250,000 software applications. 1. Under the new law, Controllers can only collect personal data that is necessary for their processing purposes and must implement data security practices.
2. Controllers cannot use or retain data after the initial purpose for which it was collected or after a certain period of time.
3. Consumers have the right to request deletion or correction of their personal data and to opt-out of targeted advertising and geolocation collection.
4. Controllers must respond to consumer requests for personal data within 45 days, with a possibility of a 15-day extension for complex circumstances.
5. Consumers can appeal a denial of their personal data request by a Controller.
6. Controllers must provide clear methods for consumers to submit personal data requests and a reasonably accessible privacy notice.
7. Processors must follow the instructions of the Controller and assist in responding to consumer requests.
8. Both Controllers and Processors are prohibited from collecting data when devices are not in active use by a consumer, unless expressly authorized by the consumer. – Violations of the Florida Digital Bill of Rights Law are considered unfair and deceptive trade practices.
– Civil monetary penalties of up to $50,000 per violation may be imposed, with the possibility of tripled penalties for violations involving a child’s personal data.
– Third parties receiving personal data in compliance with the law are not liable for violations committed by the Controller or Processor from which they received the data. 1. Senate Bill 264 prohibits licensed Florida health care providers from storing certain patient information offshore, requiring it to be kept within the U.S., its territories, or Canada.
2. The new law applies to patient information stored through third parties, subcontracted computing facilities, and cloud computing services, and applies to all “qualified electronic health records”.
3. There are ambiguities and questions about the scope of application of the new law, including whether it applies to providers who have not yet adopted CEHRT and whether offshore personnel may access the records. 1. The State of Florida has implemented new laws to protect individual privacy and data rights.
2. Businesses operating in Florida must take steps to ensure compliance with these new laws.
3. Epstein Becker Green will closely monitor the new Florida Digital Bill of Rights and offshoring prohibitions. – Alaap B. Shah is a member of the firm who specializes in Privacy, Cybersecurity & Data Asset Management.
– CEHRT refers to Certified Electronic Health Record Technology, and is a requirement for healthcare providers to receive incentive payments from the government.
– Elizabeth Scarola is a member of the firm specializing in Health Care in Florida.
– Florida Governor Ron DeSantis signed Senate Bill 262 and Senate Bill 264, known as the Florida Digital Bill of Rights Law and the Florida Electronic Health Records Exchange Act, respectively.
– Jenna Dees is an Associate in Health Care in Tampa, Florida.
– A Privacy Attorney handles issues related to data protection and personal data.
– The Technology Transparency Bill relates to the handling and enforcement of data in the technology industry.
https://www.healthlawadvisor.com/florida-expands-privacy-protections-including-a-ban-on-offshoring-of-certain-patient-data
Leave a Reply