The proposed bill establishes new cybersecurity requirements for mortgage brokers, lenders, and money services businesses in Florida by creating sections 494.00170 and 560.1215 of the Florida Statutes. It mandates that licensees develop and maintain a comprehensive information security program that includes administrative, technical, and physical safeguards to protect customer information. Key components of these programs include the establishment of an incident response plan for cybersecurity events, prompt investigations of such events, and the maintenance of related records for a minimum of five years. Licensees are also required to notify the Office of Financial Regulation in the event of a security breach affecting 500 or more individuals.

Additionally, the bill amends existing statutes to revise the grounds for disciplinary actions against mortgage brokers and lenders, as well as the grounds for issuing cease and desist orders or revoking licenses for money service businesses. It introduces a new disciplinary action for failure to comply with notification requirements and clarifies that compliance with federal standards for safeguarding customer information can be deemed sufficient for meeting state requirements. The Financial Services Commission is authorized to adopt rules to implement these provisions, and licensees are given a compliance timeframe of 180 days after they no longer qualify for an exemption based on workforce size or customer count. The act is set to take effect on July 1, 2025.