New Florida Statute on Reporting Computer Compromises of Personal Information

Published: June 30th, 2005

Category: Memos

Marc Hoit, Interim Associate Provost for IT Kathy Bergsma, UF Information Security Manager

Starting July 1, University of Florida students, faculty and staff will join a growing public gaining privacy rights. Florida House Bill 481 was passed by the Florida legislature this spring which increases your protection.

The university’s IT Security Team and Privacy Office have been working to prepare for the new law. UF falls under Section 817.5681, which requires organizations to notify clients within 45 days of a security breach if their personal information has been compromised. Failure to do so can result in a fine from $1000 per day to a maximum fine of $500,000. Sensitive personal information is defined as a name in combination with a social security number, driver’s license number or financial account number including access security code. Notifications can be sent via the following methods: written, electronic email, conspicuous posting on a website, or statewide media.

The UF Privacy Office maintains the privacy policy and must be notified of all UF privacy incidents. Susan Blair (273-5094, sablair@vpha.ufl.edu) is the UF Privacy Officer. The Privacy Office manages internal communication, coordinates notifications, and handles other issues regarding privacy incidents. Please call the privacy office for guidance regarding compliance with legal requirements if a breach occurs. More information can be found on the UF privacy web site at http://privacy.health.ufl.edu/.

Through safe computing, the UF IT Security Team hopes to minimize the number of compromised computers. Running anti- virus software offered free to all UF students, faculty and staff, updating with current patches and using strong passwords are three good ways to improve IT security. More information about UF security can be found at http://infosec.ufl.edu/.

Please share this memo with anyone who stores information on their computer that fits the description of sensitive personal information.

Comments are currently closed.