The bill amends Florida Statutes to establish specific cybersecurity standards for local governments and outlines liability protections related to cybersecurity incidents. It authorizes local governments to adopt only the cybersecurity standards set by the Department of Management Services, prohibiting them from creating their own standards. Additionally, it mandates that vendors comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0. The bill also preempts any prior inconsistent cybersecurity standards adopted by local governments.

Furthermore, the bill creates a new section that limits liability for local governments, covered entities, and third-party agents in the event of a cybersecurity incident, provided they have implemented policies that align with established cybersecurity standards and disaster recovery plans. It specifies that a private cause of action is not established under this section, and the potential for a liability shield cannot be used as evidence in negligence claims. The bill also places the burden of proof on defendants in civil actions related to cybersecurity incidents to demonstrate compliance with the outlined standards.

Statutes affected:
H 635 Filed: 282.3185