Senate Bill sb0978c1
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
By the Committee on Judiciary; and Senators Campbell and
Aronberg
590-2047-05
1 A bill to be entitled
2 An act relating to unlawful use of personal
3 identification information; amending s.
4 817.568, F.S.; including other information
5 within the definition of the term "personal
6 identification information"; defining the term
7 "counterfeit or fictitious personal
8 identification information"; revising criminal
9 penalties relating to the offense of
10 fraudulently using, or possessing with intent
11 to fraudulently use, personal identification
12 information; providing minimum mandatory terms
13 of imprisonment; creating the offenses of
14 willfully and fraudulently using, or possessing
15 with intent to fraudulently use, personal
16 identification information concerning a
17 deceased individual; providing criminal
18 penalties; providing for minimum mandatory
19 terms of imprisonment; creating the offense of
20 willfully and fraudulently creating or using,
21 or possessing with intent to fraudulently use,
22 counterfeit or fictitious personal
23 identification information; providing criminal
24 penalties; providing for reclassification of
25 offenses under certain circumstances; providing
26 for reduction or suspension of sentences under
27 certain circumstances; creating s. 817.5681,
28 F.S.; requiring business persons maintaining
29 computerized data that includes personal
30 information to disclose breaches of system
31 security under certain circumstances; providing
1
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 requirements; providing for administrative
2 fines; providing exceptions and limitations;
3 authorizing delays of such disclosures under
4 certain circumstances; providing definitions;
5 providing for alternative notice methods;
6 specifying conditions of compliance for persons
7 maintaining certain alternative notification
8 procedures; specifying conditions under which
9 notification is not required; providing
10 requirements for documentation and maintenance
11 of documentation; providing an administrative
12 fine for failing to document certain failures
13 to comply; providing for application of
14 administrative sanctions to certain persons
15 under certain circumstances; authorizing the
16 Department of Legal Affairs to institute
17 proceedings to assess and collect fines;
18 providing an effective date.
19
20 Be It Enacted by the Legislature of the State of Florida:
21
22 Section 1. Section 817.568, Florida Statutes, is
23 amended to read:
24 817.568 Criminal use of personal identification
25 information.--
26 (1) As used in this section, the term:
27 (a) "Access device" means any card, plate, code,
28 account number, electronic serial number, mobile
29 identification number, personal identification number, or
30 other telecommunications service, equipment, or instrument
31 identifier, or other means of account access that can be used,
2
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 alone or in conjunction with another access device, to obtain
2 money, goods, services, or any other thing of value, or that
3 can be used to initiate a transfer of funds, other than a
4 transfer originated solely by paper instrument.
5 (b) "Authorization" means empowerment, permission, or
6 competence to act.
7 (c) "Harass" means to engage in conduct directed at a
8 specific person that is intended to cause substantial
9 emotional distress to such person and serves no legitimate
10 purpose. "Harass" does not mean to use personal identification
11 information for accepted commercial purposes. The term does
12 not include constitutionally protected conduct such as
13 organized protests or the use of personal identification
14 information for accepted commercial purposes.
15 (d) "Individual" means a single human being and does
16 not mean a firm, association of individuals, corporation,
17 partnership, joint venture, sole proprietorship, or any other
18 entity.
19 (e) "Person" means a "person" as defined in s.
20 1.01(3).
21 (f) "Personal identification information" means any
22 name or number that may be used, alone or in conjunction with
23 any other information, to identify a specific individual,
24 including any:
25 1. Name, postal or electronic mail address, telephone
26 number, social security number, date of birth, mother's maiden
27 name, official state-issued or United States-issued driver's
28 license or identification number, alien registration number,
29 government passport number, employer or taxpayer
30 identification number, Medicaid or food stamp account number,
31 or bank account number, or credit or debit card number, or
3
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 personal identification number or code assigned to the holder
2 of a debit card by the issuer to permit authorized electronic
3 use of such card;
4 2. Unique biometric data, such as fingerprint, voice
5 print, retina or iris image, or other unique physical
6 representation;
7 3. Unique electronic identification number, address,
8 or routing code; or
9 4. Medical records;
10 5.4. Telecommunication identifying information or
11 access device; or.
12 6. Other number or information that can be used to
13 access a person's financial resources.
14 (g) "Counterfeit or fictitious personal identification
15 information" means any counterfeit, fictitious, or fabricated
16 information in the similitude of the data outlined in
17 paragraph (f) that, although not truthful or accurate, would
18 in context lead a reasonably prudent person to credit its
19 truthfulness and accuracy.
20 (2)(a) Any person who willfully and without
21 authorization fraudulently uses, or possesses with intent to
22 fraudulently use, personal identification information
23 concerning an individual without first obtaining that
24 individual's consent, commits the offense of fraudulent use of
25 personal identification information, which is a felony of the
26 third degree, punishable as provided in s. 775.082, s.
27 775.083, or s. 775.084.
28 (b) Any person who willfully and without authorization
29 fraudulently uses personal identification information
30 concerning an individual without first obtaining that
31 individual's consent commits a felony of the second degree,
4
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 punishable as provided in s. 775.082, s. 775.083, or s.
2 775.084, if the pecuniary benefit, the value of the services
3 received, the payment sought to be avoided, or the amount of
4 the injury or fraud perpetrated is $5,000 or more or if the
5 person fraudulently uses the personal identification
6 information of 10 or more individuals, but fewer than 20
7 individuals, without their consent. Notwithstanding any other
8 provision of law, the court shall sentence any person
9 convicted of committing the offense described in this
10 paragraph to a mandatory minimum sentence of 3 years'
11 imprisonment.
12 (c) Any person who willfully and without authorization
13 fraudulently uses personal identification information
14 concerning an individual without first obtaining that
15 individual's consent commits a felony of the first degree,
16 punishable as provided in s. 775.082, s. 775.083, or s.
17 775.084, if the pecuniary benefit, the value of the services
18 received, the payment sought to be avoided, or the amount of
19 the injury or fraud perpetrated is $50,000 or more or if the
20 person fraudulently uses the personal identification
21 information of 20 or more individuals, but fewer than 30
22 individuals, without their consent. Notwithstanding any other
23 provision of law, the court shall sentence any person
24 convicted of committing the offense described in this
25 paragraph:
26 1. to a mandatory minimum sentence of 5 years'
27 imprisonment. If the pecuniary benefit, the value of the
28 services received, the payment sought to be avoided, or the
29 amount of the injury or fraud perpetrated is $100,000 or more,
30 or if the person fraudulently uses the personal identification
31 information of 30 or more individuals without their consent,
5
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 notwithstanding any other provision of law, the court shall
2 sentence any person convicted of committing the offense
3 described in this paragraph
4 2. to a mandatory minimum sentence of 10 years'
5 imprisonment, if the pecuniary benefit, the value of the
6 services received, the payment sought to be avoided, or the
7 amount of the injury or fraud perpetrated is $100,000 or more
8 or if the person fraudulently uses the personal identification
9 information of 30 or more individuals without their consent.
10 (3) Neither paragraph (2)(b) nor paragraph (2)(c)
11 prevents a court from imposing a greater sentence of
12 incarceration as authorized by law. If the minimum mandatory
13 terms of imprisonment imposed under paragraph (2)(b) or
14 paragraph (2)(c) exceed the maximum sentences authorized under
15 s. 775.082, s. 775.084, or the Criminal Punishment Code under
16 chapter 921, the mandatory minimum sentence must be imposed.
17 If the mandatory minimum terms of imprisonment under paragraph
18 (2)(b) or paragraph (2)(c) are less than the sentence that
19 could be imposed under s. 775.082, s. 775.084, or the Criminal
20 Punishment Code under chapter 921, the sentence imposed by the
21 court must include the mandatory minimum term of imprisonment
22 as required by paragraph (2)(b) or paragraph (2)(c).
23 (4) Any person who willfully and without authorization
24 possesses, uses, or attempts to use personal identification
25 information concerning an individual without first obtaining
26 that individual's consent, and who does so for the purpose of
27 harassing that individual, commits the offense of harassment
28 by use of personal identification information, which is a
29 misdemeanor of the first degree, punishable as provided in s.
30 775.082 or s. 775.083.
31
6
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 (5) If an offense prohibited under this section was
2 facilitated or furthered by the use of a public record, as
3 defined in s. 119.011, the offense is reclassified to the next
4 higher degree as follows:
5 (a) A misdemeanor of the first degree is reclassified
6 as a felony of the third degree.
7 (b) A felony of the third degree is reclassified as a
8 felony of the second degree.
9 (c) A felony of the second degree is reclassified as a
10 felony of the first degree.
11
12 For purposes of sentencing under chapter 921 and incentive
13 gain-time eligibility under chapter 944, a felony offense that
14 is reclassified under this subsection is ranked one level
15 above the ranking under s. 921.0022 of the felony offense
16 committed, and a misdemeanor offense that is reclassified
17 under this subsection is ranked in level 2 of the offense
18 severity ranking chart in s. 921.0022.
19 (6) Any person who willfully and without authorization
20 fraudulently uses personal identification information
21 concerning an individual who is less than 18 years of age
22 without first obtaining the consent of that individual or of
23 his or her legal guardian commits a felony of the second
24 degree, punishable as provided in s. 775.082, s. 775.083, or
25 s. 775.084.
26 (7) Any person who is in the relationship of parent or
27 legal guardian, or who otherwise exercises custodial authority
28 over an individual who is less than 18 years of age, who
29 willfully and fraudulently uses personal identification
30 information of that individual commits a felony of the second
31
7
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 degree, punishable as provided in s. 775.082, s. 775.083, or
2 s. 775.084.
3 (8)(a) Any person who willfully and fraudulently uses,
4 or possesses with intent to fraudulently use, personal
5 identification information concerning a deceased individual
6 commits the offense of fraudulent use or possession with
7 intent to use personal identification information of a
8 deceased individual, a felony of the third degree, punishable
9 as provided in s. 775.082, s. 775.083, or s. 775.084.
10 (b) Any person who willfully and fraudulently uses
11 personal identification information concerning a deceased
12 individual commits a felony of the second degree, punishable
13 as provided in s. 775.082, s. 775.083, or s. 775.084, if the
14 pecuniary benefit, the value of the services received, the
15 payment sought to be avoided, or the amount of injury or fraud
16 perpetrated is $5,000 or more, or if the person fraudulently
17 uses the personal identification information of 10 or more but
18 fewer than 20 deceased individuals. Notwithstanding any other
19 provision of law, the court shall sentence any person
20 convicted of committing the offense described in this
21 paragraph to a mandatory minimum sentence of 3 years'
22 imprisonment.
23 (c) Any person who willfully and fraudulently uses
24 personal identification information concerning a deceased
25 individual commits the offense of aggravated fraudulent use of
26 the personal identification information of multiple deceased
27 individuals, a felony of the first degree, punishable as
28 provided in s. 775.082, s. 775.083, or s. 775.084, if the
29 pecuniary benefit, the value of the services received, the
30 payment sought to be avoided, or the amount of injury or fraud
31 perpetrated is $50,000 or more, or if the person fraudulently
8
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 uses the personal identification information of 20 or more but
2 fewer than 30 deceased individuals. Notwithstanding any other
3 provision of law, the court shall sentence any person
4 convicted of the offense described in this paragraph to a
5 minimum mandatory sentence of 5 years' imprisonment. If the
6 pecuniary benefit, the value of the services received, the
7 payment sought to be avoided, or the amount of the injury or
8 fraud perpetrated is $100,000 or more, or if the person
9 fraudulently uses the personal identification information of
10 30 or more deceased individuals, notwithstanding any other
11 provision of law, the court shall sentence any person
12 convicted of an offense described in this paragraph to a
13 mandatory minimum sentence of 10 years' imprisonment.
14 (9) Any person who willfully and fraudulently creates
15 or uses, or possesses with intent to fraudulently use,
16 counterfeit or fictitious personal identification information
17 concerning a fictitious individual, or concerning a real
18 individual without first obtaining that real individual's
19 consent, with intent to use such counterfeit or fictitious
20 personal identification information for the purpose of
21 committing or facilitating the commission of a fraud on
22 another person, commits the offense of fraudulent creation or
23 use, or possession with intent to fraudulently use,
24 counterfeit or fictitious personal identification information,
25 a felony of the third degree, punishable as provided in s.
26 775.082, s. 775.083, or s. 775.084.
27 (10) Any person who commits an offense described in
28 this section and for the purpose of obtaining or using
29 personal identification information misrepresents himself or
30 herself to be a law enforcement officer; an employee or
31 representative of a bank, credit card company, credit
9
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 counseling company, or credit reporting agency; or any person
2 who wrongfully represents that he or she is seeking to assist
3 the victim with a problem with the victim's credit history
4 shall have the offense reclassified as follows:
5 (a) In the case of a misdemeanor, the offense is
6 reclassified as a felony of the third degree.
7 (b) In the case of a felony of the third degree, the
8 offense is reclassified as a felony of the second degree.
9 (c) In the case of a felony of the second degree, the
10 offense is reclassified as a felony of the first degree.
11 (d) In the case of a felony of the first degree or a
12 felony of the first degree punishable by a term of
13 imprisonment not exceeding life, the offense is reclassified
14 as a life felony.
15
16 For purposes of sentencing under chapter 921, a felony offense
17 that is reclassified under this subsection is ranked one level
18 above the ranking under s. 921.0022 or s. 921.0023 of the
19 felony offense committed, and a misdemeanor offense that is
20 reclassified under this subsection is ranked in level 2 of the
21 offense severity ranking chart.
22 (11) The prosecutor may move the sentencing court to
23 reduce or suspend the sentence of any person who is convicted
24 of a violation of this section and who provides substantial
25 assistance in the identification, arrest, or conviction of any
26 of that person's accomplices, accessories, coconspirators, or
27 principals or of any other person engaged in fraudulent
28 possession or use of personal identification information. The
29 arresting agency shall be given an opportunity to be heard in
30 aggravation or mitigation in reference to any such motion.
31 Upon good cause shown, the motion may be filed and heard in
10
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 camera. The judge hearing the motion may reduce or suspend the
2 sentence if the judge finds that the defendant rendered such
3 substantial assistance.
4 (12)(8) This section does not prohibit any lawfully
5 authorized investigative, protective, or intelligence activity
6 of a law enforcement agency of this state or any of its
7 political subdivisions, of any other state or its political
8 subdivisions, or of the Federal Government or its political
9 subdivisions.
10 (13)(9)(a) In sentencing a defendant convicted of an
11 offense under this section, the court may order that the
12 defendant make restitution under pursuant to s. 775.089 to any
13 victim of the offense. In addition to the victim's
14 out-of-pocket costs, such restitution may include payment of
15 any other costs, including attorney's fees incurred by the
16 victim in clearing the victim's credit history or credit
17 rating, or any costs incurred in connection with any civil or
18 administrative proceeding to satisfy any debt, lien, or other
19 obligation of the victim arising as the result of the actions
20 of the defendant.
21 (b) The sentencing court may issue such orders as are
22 necessary to correct any public record that contains false
23 information given in violation of this section.
24 (14)(10) Prosecutions for violations of this section
25 may be brought on behalf of the state by any state attorney or
26 by the statewide prosecutor.
27 (15)(11) The Legislature finds that, in the absence of
28 evidence to the contrary, the location where a victim gives or
29 fails to give consent to the use of personal identification
30 information is the county where the victim generally resides.
31
11
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 (16)(12) Notwithstanding any other provision of law,
2 venue for the prosecution and trial of violations of this
3 section may be commenced and maintained in any county in which
4 an element of the offense occurred, including the county where
5 the victim generally resides.
6 (17)(13) A prosecution of an offense prohibited under
7 subsection (2), subsection (6), or subsection (7) must be
8 commenced within 3 years after the offense occurred. However,
9 a prosecution may be commenced within 1 year after discovery
10 of the offense by an aggrieved party, or by a person who has a
11 legal duty to represent the aggrieved party and who is not a
12 party to the offense, if such prosecution is commenced within
13 5 years after the violation occurred.
14 Section 2. Section 817.5681, Florida Statutes, is
15 created to read:
16 817.5681 Breach of security concerning confidential
17 personal information in third-party possession; administrative
18 penalties.--
19 (1)(a) Any person who conducts business in this state
20 and maintains computerized data in a system that includes
21 personal information shall disclose any breach of the security
22 of the system, following discovery or notification of the
23 breach in the security of the data, to any resident of this
24 state whose unencrypted personal information was, or is
25 reasonably believed to have been, acquired by an unauthorized
26 person. The disclosure shall be made most expeditiously and
27 without unreasonable delay, consistent with the legitimate
28 needs of law enforcement, as provided in subsection (3) and
29 paragraph (9)(a), or any measures necessary to determine the
30 scope of the breach and restore the reasonable integrity of
31 the data system. Disclosure of the breach may only be delayed
12
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 indefinitely following its discovery under subsection (3).
2 Otherwise, disclosure must be made no later than 30 days
3 following the discovery of the breach.
4 (b) Any person required to make disclosures under
5 paragraph (a) who fails to do so within the time periods
6 provided in this subsection is liable for an administrative
7 fine in the amount of $1,000 for each day the breach goes
8 undisclosed for up to 30 days.
9 (c) Except as required for investigations under
10 subsection (3), any person required to make disclosures under
11 paragraph (a) who fails to do so is subject to an
12 administrative fine of up to $50,000 for each 30-day period or
13 portion thereof up to 180 days unless acting under a court
14 order. If such disclosure is not made within 180 days, any
15 person required to make such disclosures under paragraph (a)
16 who fails to do so is subject to an administrative fine of up
17 to $500,000.
18 (d) The disclosure required under this subsection must
19 be made by each person in the state in possession of
20 computerized data. However, the administrative sanctions for
21 nondisclosure provided in this subsection shall not apply in
22 the case of computerized information in the custody of any
23 governmental agency or political subdivision, unless that
24 governmental agency or political subdivision has entered into
25 a contract with a contractor or third-party administrator to
26 provide governmental services. In such case, the contractor or
27 third-party administrator shall be a person to whom the
28 administrative sanctions provided in this subsection apply,
29 provided such contractor or third-party administrator found in
30 violation of the nondisclosure restrictions in this section
31
13
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 may not bring an action for contribution or set-off available
2 against the employing agency or subdivision.
3 (2)(a) Any person who maintains computerized data that
4 includes personal information on behalf of another business
5 entity shall notify the business entity for which the
6 information is maintained of any breach of the security of the
7 data within 72 hours after the discovery of the breach, if the
8 personal information was, or is reasonably believed to have
9 been, acquired by an unauthorized person.
10 (b) Any person required to make disclosures under
11 paragraph (a) who fails to do so within the time periods
12 provided in this subsection is liable for an administrative
13 fine in the amount of $1,000 for each day the breach goes
14 undisclosed for up to 30 days.
15 (c) Except as required for investigations under
16 subsection (3), any person required to make disclosures under
17 paragraph (a) who fails to do so is subject to an
18 administrative fine of up to $50,000 for each 30-day period or
19 portion thereof up to 180 days unless acting under court
20 order. If such disclosure is not made within 180 days, any
21 person required to make disclosures under paragraph (a) who
22 fails to do so is subject to an administrative fine of up to
23 $500,000.
24 (d) The disclosure required under this subsection must
25 be made by each person in the state in possession of
26 computerized data. However, the administrative sanctions for
27 nondisclosure provided in this subsection shall not apply in
28 the case of computerized information in the custody of any
29 governmental agency or political subdivision unless that
30 governmental agency or political subdivision has entered into
31 a contract with a contractor or third-party administrator to
14
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 provide governmental services. In such case, the contractor or
2 third-party administrator shall be a person to whom the
3 administrative sanctions provided in this subsection would
4 apply, provided such contractor or third-party administrator
5 found in violation of the nondisclosure restrictions in this
6 subsection may not bring an action for contribution or set-off
7 available against the employing agency or subdivision.
8 (3) The notification required by this section may be
9 delayed if a law enforcement agency determines that the
10 notification will impede a criminal investigation. The
11 notification required by this section shall be made after the
12 law enforcement agency determines that the notification will
13 not compromise the investigation. The delay in notification
14 allowed under this subsection shall not exceed 90 days unless
15 ordered by a court of competent jurisdiction.
16 (4) For purposes of this section, the term "breach of
17 the security of the system" means unauthorized acquisition of
18 computerized data that materially compromises the security,
19 confidentiality, or integrity of personal information
20 maintained by the person. Good faith acquisition of personal
21 information by an employee or agent of a person for the
22 purposes of the person is not a breach of the security of the
23 system, provided the information is not used for a purpose
24 unrelated to the business or subject to further unauthorized
25 disclosure.
26 (5) For purposes of this section, the term "personal
27 information" means an individual's first name or first initial
28 and last name in combination with any one or more of the
29 following data elements, when the data elements are not
30 encrypted:
31 (a) Social security number.
15
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 (b) Driver's license number or Florida identification
2 card number.
3 (c) Account number or credit or debit card number, in
4 combination with any required security code, access code, or
5 password that would permit access to an individual's financial
6 account.
7 (6) For purposes of this section, notice may be
8 provided by one of the following methods:
9 (a) Written notice;
10 (b) Electronic notice, if the notice provided is
11 consistent with the provisions regarding electronic records
12 and signatures set forth in 15 U.S.C. s. 7001; or
13 (c) Substitute notice, if the person demonstrates that
14 the cost of providing notice would exceed $250,000, the
15 affected class of subject persons to be notified exceeds
16 500,000, or the person does not have sufficient contact
17 information. Substitute notice shall consist of all of the
18 following:
19 1. Electronic mail notice when the person has an
20 electronic mail address for the subject person.
21 2. Conspicuous posting of the notice on the person's
22 website, if the person maintains a website.
23 3. Notification to major statewide media.
24 (7) For purposes of this section, the term
25 "unauthorized person" means any person who is not the person
26 to whom the personal information belongs and who does not have
27 permission from or a password issued by the person who stores
28 the computerized data to acquire such data.
29 (8) Notwithstanding subsection (6), a person who
30 maintains his or her own notification procedures as part of an
31 information security or privacy policy for the treatment of
16
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 personal information and which procedures are otherwise
2 consistent with the timing requirements of this part shall be
3 deemed to be in compliance with the notification requirements
4 of this section if the person notifies subject persons in
5 accordance with its procedures in the event of a breach of
6 security of the system.
7 (9)(a) Notwithstanding subsection (2), notification is
8 not required if, after an appropriate investigation and after
9 consultation with relevant federal, state, and local agencies
10 responsible for law enforcement, the person reasonably
11 determines that the breach has not and will not likely result
12 in harm to the individuals whose personal information has been
13 acquired and accessed. Such a determination must be documented
14 in writing and the documentation must be maintained for 5
15 years.
16 (b) Any person required to document a failure to
17 notify affected persons who fails to document the failure as
18 required in this subsection or who, if documentation was
19 created, fails to maintain the documentation for the full 5
20 years as required in this subsection is liable for an
21 administrative fine in the amount of up to $50,000 for such
22 failure.
23 (c) The documentation and maintenance of documentation
24 required under this subsection must be made by each person in
25 the state in possession of computerized data. However, the
26 administrative sanctions outlined in this subsection shall not
27 apply in the case of computerized information in the custody
28 of any governmental agency or political subdivision, unless
29 that governmental agency or political subdivision has entered
30 into a contract with a contractor or third-party administrator
31 to provide governmental services. In such case, the contractor
17
CODING: Words stricken are deletions; words underlined are additions.
Florida Senate - 2005 CS for SB 978
590-2047-05
1 or third-party administrator shall be a person to whom the
2 administrative sanctions outlined in this subsection apply,
3 provided such contractor or third-party administrator found in
4 violation of the documentation and maintenance of
5 documentation requirements in this subsection may not bring an
6 action for contribution or set-off available against the
7 employing agency or subdivision.
8 (10) The Department of Legal Affairs may institute
9 proceedings to assess and collect the fines provided in this
10 section.
11 Section 3. This act shall take effect July 1, 2005.
12
13 STATEMENT OF SUBSTANTIAL CHANGES CONTAINED IN
COMMITTEE SUBSTITUTE FOR
14 Senate Bill 978
15
16 The committee substitute makes the following changes to the
underlying bill:
17
-- Removes new s. 501.165, F.S., on fraudulent use of
18 personal identification information;
19 -- Removes proposed language that would have made it a crime
to disclose, sell, or transfer, or attempt to disclose,
20 sell, or transfer, personal identification information
without that person's consent;
21
-- Removes proposed subsection that would have made a
22 violation of the identity theft statute also a violation
under the Florida Deceptive and Unfair Trade Practices
23 Act; and
24 -- Deletes revisions to cross-referenced criminal punishment
statute that would have been necessary to provide for
25 proposed changes to statute that were removed.
26
27
28
29
30
31
18
CODING: Words stricken are deletions; words underlined are additions.