The proposed bill CS/HB 381 establishes new requirements for loan originators, mortgage brokers, and mortgage lenders in Florida to develop and maintain comprehensive written information security programs aimed at protecting information systems and nonpublic personal information. These programs must include administrative, technical, and physical safeguards, as well as written incident response plans to address cybersecurity events. The bill also mandates that these entities maintain copies of their information security programs for a specified timeframe and notify relevant parties in the event of security breaches. Additionally, it introduces new grounds for disciplinary actions against licensed individuals for failing to comply with notification requirements related to security breaches and updates definitions related to investment advisers and family offices.

Moreover, the bill modifies existing regulations for money services businesses, allowing for emergency suspension orders to be issued without prior notice or a hearing under certain conditions. It requires these businesses to implement information security programs and incident response plans similar to those mandated for loan originators and mortgage brokers. The bill also enhances consumer protection by requiring financial institutions to comply with the Federal Trade Commission's Standards for Safeguarding Customer Information and outlines the handling of security breaches. Other amendments include changes to the governance of financial institutions, such as increasing the experience requirement for directors of banks and trust companies, and clarifying registration requirements for insurance agents selling securities. The act is set to take effect on July 1, 2026.

Statutes affected:
H 381 Filed: 559.952, 657.005, 657.024, 658.33, 662.141, 517.12
H 381 c1: 517.061, 560.309, 560.405, 560.406, 655.045, 657.005, 657.024, 658.33, 662.141, 517.12