The bill SB 7024 amends Section 119.0725 of the Florida Statutes to enhance the confidentiality of cybersecurity-related information held by state and local government agencies. It introduces new definitions for terms such as "breach," "critical infrastructure," "cybersecurity," and "operational technology," while clarifying that good faith access by agency employees does not constitute a breach. The bill specifies that information related to cybersecurity incidents, network schematics, and login credentials is confidential and exempt from public disclosure. It also allows for the retroactive application of these exemptions and mandates future legislative review to determine their continued necessity under the Open Government Sunset Review Act.

Additionally, the bill repeals certain sections related to data security in the Citizens Property Insurance Corporation and state postsecondary education institutions, while amending various statutes to align with the new provisions. It removes existing exemptions concerning agency-produced data processing software and secure login credentials from public records inspection, instead classifying sensitive agency-produced software, customer meter-derived data, and billing information as exempt from public disclosure. The legislation emphasizes the importance of keeping certain information confidential to mitigate risks associated with cybersecurity incidents, thereby balancing the need for transparency with the necessity of protecting sensitive data.

Statutes affected:
S 7024 Filed: 119.0725, 15.16, 24.1051, 106.0706, 112.31446, 119.07, 119.071, 119.0712, 119.0713, 119.0714, 627.352
S 7024 e1: 119.0725, 15.16, 24.1051, 106.0706, 112.31446, 119.07, 119.071, 119.0712, 119.0713, 119.0714, 627.352
S 7024 er: 119.0725, 15.16, 24.1051, 106.0706, 112.31446, 119.07, 119.071, 119.0712, 119.0713, 119.0714, 627.352