This bill amends Florida Statutes to establish specific cybersecurity standards and liability protections for local governments and vendors. It authorizes local governments to adopt only certain cybersecurity standards, specifically those established by the Department of Management Services, and prohibits the delegation of this authority to local governments. Vendors are required to comply with these cybersecurity standards unless state or federal laws dictate otherwise. The bill also preempts any prior inconsistent cybersecurity standards adopted by local governments.

Additionally, the bill creates a new section that limits liability for local governments, covered entities, and third-party agents in the event of a cybersecurity incident, provided they comply with specified cybersecurity standards and frameworks. It outlines the conditions under which these entities can claim a presumption against liability, including the implementation of disaster recovery plans and multi-factor authentication. The bill clarifies that no private cause of action is established and specifies the burden of proof for defendants in related civil actions. The effective date of the act is upon becoming law.

Statutes affected:
S 692 Filed: 282.3185