The bill establishes new requirements for loan originators, mortgage brokers, and mortgage lenders in Florida to develop and maintain comprehensive written information security programs aimed at protecting information systems and nonpublic personal information. It mandates the creation of written incident response plans to address cybersecurity events, detailing internal processes, roles, communication strategies, and documentation requirements. The bill also expands the grounds for disciplinary actions against loan originators and mortgage brokers, introduces similar information security program requirements for money services businesses and financial institutions, and revises definitions related to investment advisers. Additionally, it includes provisions for virtual attendance of credit union members at meetings, enhancing the overall security of personal information and preparedness against cybersecurity threats.

Moreover, the bill introduces amendments to existing statutes concerning cybersecurity and investment advisory services, including new notification requirements for cybersecurity events affecting 500 or more individuals, with a mandate for prompt investigations and record maintenance for a minimum of five years. It clarifies obligations for money services businesses regarding compliance with federal regulations and establishes a framework for information security programs, requiring regular testing and monitoring of systems. The legislation also empowers the office to issue emergency orders to suspend licenses of businesses posing immediate dangers to public health and safety. The act is set to take effect on July 1, 2026.

Statutes affected:
S 540 Filed: 559.952, 655.045, 657.005, 657.024, 658.33, 662.141, 517.12
S 540 c1: 517.061, 655.045, 657.005, 657.024, 658.33, 662.141, 517.12