Can I avoid having a data breach response plan in Florida? What are the requirements?

To operate in Florida, it is required to have a data breach response plan. The Florida Department of Management Services requires all customers of the State Intranet to adhere to the Security Breach Protection Provisions Required for Department Approved Use of Third Party Network Equipment, Services and Software ^[2.2]. This document mandates that any procurement solicitation, contract, purchase order or agreement for Network Services, Network Software, or Network Equipment through means other than SUNCOM Services must include provisions for Security Breach Protection. Additionally, the Department Response to System Failures, Security Breaches and Security Exposures ^[2.1] outlines the steps that the Department’s Division of Telecommunications will take in the event of a Security Breach, Security Exposure or System Failure resulting from implementation of Network Services, Network Software, or Network Equipment purchased or leased from sources other than SUNCOM by a Customer of the State Intranet. Therefore, it is not possible to avoid having a data breach response plan in Florida.

Source(s):

• [2.1] Department Response to System Failures, Security Breaches and Security Exposures
• [2.2] Security Breach Protection Provisions Required for Department Approved Use of Third Party Network Equipment, Services and Software

Jurisdiction

Florida

• Privacy