The bill amends various sections of Florida Statutes to enhance the state's cybersecurity framework and improve the management of information technology resources. Key changes include exempting the state chief technology officer from the Career Service System and updating definitions related to data, such as the introduction of "enterprise digital data." The Florida Digital Service's role is expanded to lead the development of cybersecurity standards and propose innovative technological solutions. New reporting requirements for state agencies regarding cybersecurity incidents are established, including the designation of an information security manager and revised timeframes for reporting incidents, particularly reducing the notification period for ransomware incidents from 48 hours to 12 hours.

Additionally, the bill modifies the reporting structure for both state and local governments, mandating that the information security officer notify legislative leaders of severe incidents within 12 hours. It allows local governments to report lower severity incidents to relevant authorities and requires the Cybersecurity Operations Center to provide consolidated incident reports quarterly. The composition of the Florida Cybersecurity Advisory Council is also revised, including changes in terminology and membership structure, allowing for local government representation and clarifying the roles of various stakeholders. The act is set to take effect on July 1, 2025.

Statutes affected:
S 770 Filed: 110.205, 282.0051, 282.3185, 282.319