This bill amends Florida Statutes to establish specific cybersecurity standards for local governments and outlines liability protections related to cybersecurity incidents. It authorizes local governments to adopt only specified cybersecurity standards, prohibits the Department of Management Services from delegating the authority to set these standards, and requires vendors to comply with these standards unless otherwise mandated by state or federal law. The bill also defines key terms, including "vendor," and preempts any prior inconsistent cybersecurity standards adopted by local governments.

Additionally, the bill creates a new section, 768.401, which provides that local governments, covered entities, or third-party agents that comply with certain cybersecurity requirements are not liable for incidents under specified circumstances. It establishes a presumption against liability for covered entities and third-party agents that maintain compliance with cybersecurity standards and disaster recovery plans. The bill specifies that a private cause of action is not established and outlines the burden of proof for defendants in civil actions related to cybersecurity incidents. The act is set to take effect upon becoming law.

Statutes affected:
S 692 Filed: 282.3185