The state director of the Florida National Federation of Independent Business cautioned Floridians about what he fears could be the influx of unnecessary litigation, if the state were to adopt consumer privacy legislation - in what could be a big gift to plaintiffs' lawyers.
According to the group's September Scorecard, “Empowering trial lawyers to sue over privacy complaints when plaintiffs have not actually been adversely affected will only help lawyers, rather than employees and customers.”
Bill Herrle, state director of the NFIB, said that while actual legislation has not yet been drafted in the state legislature, consumer privacy law is being discussed in certain circles.
“We’ve heard talk about it from the trial lawyers but I don’t have a bill draft yet and I haven’t found the legislator who is thinking about filing it,” Herrle told The Florida Record. ”It is going to be an expansion of existing laws to protect consumers against data breaches. This flies in the face of the definition of a tort.”
Another type of consumer privacy law that has led to an explosion of litigation in Illinois, for instance, is the Biometric Privacy Act (BIPA), enacted in 2008. It bars private entities, such as employers, from obtaining and possessing people’s biometric identifiers without an individual's consent. The law defines a biometric identifier as “any personal feature that is unique to an individual, including fingerprints, iris scans, DNA and ‘face geometry,’ among others,” and establishes biometric information as “any information captured, converted, stored, or shared based on a person’s biometric identifier used to identify an individual.”
Alleged violations of the Illinois law have formed the basis for hundreds of lawsuits in state courts, brought by plaintiffs who have not necessarily suffered actual harm.
In Florida, among the changes a consumer privacy bill could bring to the legal system would be loosening restrictions for filing suits in court, Herrle said.
“It could involve easing access to the court, it could involve reducing the necessary proofs of negligence on the part of the person who was involved with a data breach, it could involve easing the means by with they convert these cases to class-action suits, it could involve increasing or trebling (tripling) the damages, it could involve punitive damages, the imagination runs wild with what they might do,” he said. “Before Florida consumers see this and say ‘this is needed,’ there already exists in Florida statutes a civil cause of action for data breaches.”
Consumers, Herrle said, already have access to protections as well as the ability to recover losses if a data breach is suffered.
“We’re very dubious of privatization when it comes to justice issues,” Herrle said.