This bill amends Florida Statutes to establish new cybersecurity standards and liability protections for local governments, vendors, and third-party agents. It prohibits local governments from imposing cybersecurity standards on vendors that exceed those established by the bill, except when necessary to comply with state or federal laws. Additionally, it creates a new section that outlines liability limitations for local governments and covered entities in the event of a cybersecurity incident, provided they adhere to specified cybersecurity frameworks and standards. The bill defines key terms, including "vendor," "covered entity," and "third-party agent," and specifies that local governments and covered entities are not liable if they implement appropriate cybersecurity measures.

Furthermore, the bill mandates that covered entities and third-party agents must update their cybersecurity programs to align with any revisions to relevant frameworks or laws within one year to maintain liability protection. It clarifies that no private cause of action is established under this section and that the potential for a liability shield cannot be used as evidence in negligence claims. The burden of proof in civil actions related to cybersecurity incidents falls on the defendant to demonstrate compliance with the established standards. The act is set to take effect upon becoming law.

Statutes affected:
S 692 Filed: 282.3185
S 692 c1: 282.3185