Corporate Law Article

Keeping Information Private

By Joseph A. “Jay” Geary, Attorney
Clark, Campbell, Lancaster & Munson, P.A.

Q: How does the new Florida Information Privacy Act affect my business?

A: On June 20, 2014, Governor Scott signed into law the “Florida Information Privacy Act of 2014,” Florida Statutes, Section 501.171 (“Privacy Act”), which became effective on July 1, 2014. The Privacy Act repeals and significantly changes an earlier (2005) electronic data privacy law, Florida Statutes, Section 817.5681, and is in addition to existing federal laws intended to safeguard the confidentiality of personal health information and personal financial information. Businesses should immediately become acquainted with the requirements of the Privacy Act, particularly the reporting and notification requirements. The salient features of the Privacy Act are as follows:

Ÿ      If a business acquires, maintains, stores or uses “personal information”, provided by individuals in Florida in order to purchase or lease products or services, and the business records and preserves that data in electronic form as “customer records” on a computer system, data base or digital mass storage device, then the business is a “covered entity” – i.e., subject to the Privacy Act.

Ÿ      A “covered entity” includes a “sole proprietorship, partnership, corporation, trust, estate, cooperative, association, or other commercial enterprise” that receives “personal information” from individuals “in this state”.

Ÿ      “Personal information” is defined in the Privacy Act. Generally, it is information contained in “customer records” of a “covered entity” that affords the business access to an identified individual’s financial accounts or medical information.

Ÿ      A “covered entity” must take “reasonable measures” to protect and secure electronically-stored “personal information”. (“Reasonable measures” is undefined in the Privacy Act.)

Ÿ      If there is a “breach of security” (unauthorized access to secure data) involving 500 or more individuals in this state, a “covered entity” must report the incident, in writing – “as soon as practicable”, but no later than 30 days from the date the breach is discovered – to the Florida Department of Legal Affairs, AND must directly notify “each individual in this state” whose “personal information” was or is believed to have been accessed due to the security breach. The required informational content of the report to the Department, as well as the content and permitted manner of notice to individuals, is described in detail in the Privacy Act.

Ÿ      The Department may seek and recover civil penalties of up to $500,000.00 for violations of the reporting and notice provisions of the Privacy Act by a “covered entity”. Only the Department can bring an enforcement action; however, the law expressly provides no private cause of action.

The December 4th edition of “The Law” will discuss bouncing checks in Florida. Questions may be submitted online to

Corporate Law Article

Defamation by Blog & the First Amendment

By: Clark, Campbell, Lancaster & Munson, P.A.

Q: As a business owner, what recourse do I have against negative online reviews and scathing blog posts?

A: It has long been the case that business owners could seek and obtain monetary judgments against those whose lies about the business caused damage to the company. But the popularity of online business review sites as a guide for selecting restaurants and other services has opened the door for very public, published defamation that requires, for a remedy, something more than monetary relief. Specifically, if a dishonest, damaging review remains published or the author can continue to publish even after the money judgment is obtained, the reviews are likely to cause more damage in the future.

Earlier this year, a Florida appeals court dealt with online defamation in the context of a commercial landlord-tenant relationship. A former retail store tenant blogged about the landlord being “the most immoral human-being in the world” and “tak[ing] bread from [a] little Jewish special needs child to support their luxury lifestyle.” The blogger further warned that doing business with the landlord would jeopardize “your business, your investment, [and] your ideas.” The landlord sued for defamation, interference with business relationships, and even stalking. When considering whether the landlord could obtain a preliminary court order to stop further defamatory blogging, the court gave heavy deference to First Amendment rights and declined to prohibit further blog entries even if clearly defamatory.

This result does not mean that takedowns of blogs and dishonest reviews are impossible. The court indicated that, if the business can show that the reviews “are having a deleterious effect” on current business, court orders to take down and prevent further publication could be appropriate. A landlord or other businessperson looking to go beyond a money judgment and, in fact, stifle a blogger’s posts must carefully navigate the First Amendment and make the appropriate showings that he is suffering actual, ongoing, but difficult to calculate losses. A customer simply indicating some concern about the review, but not specifically indicating that he is walking away from the business because of the review, is not enough.

The July 17 edition of “The Law” will address potential pitfalls in mergers and acquisitions.

Questions can be submitted to