This bill establishes new cybersecurity requirements for mortgage brokers, lenders, and money services businesses in Florida by creating sections 494.00170 and 560.1215 of the Florida Statutes. It mandates that licensees develop and maintain a comprehensive information security program that includes administrative, technical, and physical safeguards to protect customer information. Key provisions include the requirement for a written incident response plan to address cybersecurity events, prompt investigations of such events, and the maintenance of records related to these investigations for a minimum of five years. Licensees must also notify the Office of Financial Regulation in the event of a security breach affecting 500 or more individuals.

Furthermore, the bill revises existing laws to include cybersecurity violations as grounds for disciplinary actions against licensees. It allows the Financial Services Commission to adopt rules for implementing these provisions and recognizes that licensees with fewer than 20 employees or 500 customers may be exempt from certain requirements, although they will have a 180-day compliance period once they no longer qualify for exemption. The act is set to take effect on July 1, 2025, and emphasizes the importance of enhancing the security of customer information and improving responses to cybersecurity threats within the financial services sector.