House Bill 381 introduces comprehensive new requirements for loan originators, mortgage brokers, and mortgage lenders in Florida, focusing on the development and maintenance of information security programs to safeguard nonpublic personal information. The bill mandates the creation of written incident response plans, the documentation of cybersecurity investigations for a minimum of five years, and the obligation to notify relevant parties in the event of security breaches affecting 500 or more individuals. Additionally, it expands the grounds for disciplinary actions against these entities and requires money services businesses to implement similar cybersecurity measures.

The bill also establishes a Financial Technology Sandbox within the Office of Financial Regulation, allowing financial technology innovators to test new products under a flexible regulatory framework, with provisions for waivers of certain general law requirements. Key deletions from current law include prohibitions on specific activities during the sandbox period and certain application approval requirements. Furthermore, the bill clarifies the responsibilities of financial institutions regarding customer data security, mandates timely breach notifications, and updates examination protocols for state financial institutions. Overall, HB 381 aims to enhance consumer protection, regulatory oversight, and cybersecurity measures in Florida's financial services sector, with an effective date set for July 1, 2026.

Statutes affected:
H 381 Filed: 559.952, 657.005, 657.024, 658.33, 662.141, 517.12