Breach, Compliance Management, Data Security, Privacy

Florida issues notification for ‘inadvertent release of information’ to 13K

The Florida Department of State issued a notification May 22 for the inadvertent release of personal information to 13,000 people on a wait list for disability services from 2003 whose names, dates of birth, and social security numbers were in former Governor Jeb Bush's emails released in answer to a public records request.

After the department began releasing the records in December 2014, they were found, in February, to contain personal information on 45,000 Florida residents that had not been properly redacted. Florida law gives organizations 30 days to make breach notifications.

But Florida Department of State Communications Director, Meredith Beatrice, told SCMagazine that “a breach of the Department of State's IT Infrastructure did not occur” in this case because the records were made publicly available. 

"Among those records made available to the public are copies of emails sent to and received from former Governor Jeb Bush during his tenure in office," the notification said. "Unfortunately, certain confidential information was contained within the emails obtained by members of the public who requested them."

Indeed, the law defines a breach as “unauthorized access of data in electronic form containing personal information" and specifically notes that the definition “does not include information about an individual that has been made publicly available by a federal, state, or local governmental entity.” 

Free credit monitoring services are being offered for individuals whose social security information might have been inadvertently disclosed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.