Can I use third-party collaboration tools that collect personal information in Florida? What are the requirements?

Use of Third-Party Collaboration Tools in Florida

If you are using third-party collaboration tools that collect personal information in Florida, you must comply with the state’s privacy laws. The Florida Administrative Code (FAC) provides guidelines for the collection, use, and disclosure of nonpublic personal financial information (NPFIs) by licensees ^[1.1](^[1.1]).

Licensees are required to limit the disclosure and use of NPFIs received from nonaffiliated financial institutions under an exception in rule 69O-128.015 or 69O-128.016, FAC ^[1.1](^[2.1]). If a licensee receives NPFIs outside of these exceptions, they may disclose the information only to their affiliates or any other person if the disclosure would be lawful if made directly to that person by the financial institution from which the licensee received the information ^[1.1](^[2.1]).

The Florida RISE Program allows government agencies to exchange specified tax information with the Department of Revenue ^[3.1](^[3.1]). The program requires government agencies to enter into an agreement with the Department to share information with regard to the taxes, licenses, and permits enumerated in section 213.0535(4)(a), F.S. ^[3.1](^[3.1]). The agreement specifies the data elements relating to the licensing or registration activity during each period that will be exchanged and the frequency of exchange of the information ^[3.1](^[3.1]).

Requirements for Collecting Personal Information in Florida

If you are collecting personal information in Florida, you must comply with the state’s privacy laws. The Florida Information Protection Act (FIPA) requires businesses to take reasonable measures to protect personal information from unauthorized access, destruction, use, modification, or disclosure [Fla. Stat. § 501.171(1)].

Under FIPA, businesses must provide notice to individuals if their personal information is accessed or acquired by an unauthorized person [Fla. Stat. § 501.171(3)]. The notice must be provided in the most expedient time possible and without unreasonable delay [Fla. Stat. § 501.171(3)].

If you are a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), you must also comply with federal privacy laws for protected health information (PHI) [45 C.F.R. § 160.103].

Conclusion

If you are using third-party collaboration tools that collect personal information in Florida, you must comply with the state’s privacy laws. Licensees must limit the disclosure and use of NPFIs received from nonaffiliated financial institutions under an exception in rule 69O-128.015 or 69O-128.016, FAC ^[1.1](^[2.1]). The Florida RISE Program allows government agencies to exchange specified tax information with the Department of Revenue ^[3.1](^[3.1]). If you are collecting personal information in Florida, you must comply with the state’s privacy laws, including FIPA and HIPAA.

Source(s):

• [1.1] Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information
• [2.1] Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information
• [3.1] Registration Information Sharing and Exchange Program

Jurisdiction

Florida

• Privacy