Florida Senate - 2021                             CS for SB 1704
       
       
        
       By the Committee on Governmental Oversight and Accountability;
       and Senator Broxson
       
       
       
       
       585-03620-21                                          20211704c1
    1                        A bill to be entitled                      
    2         An act relating to public records; amending s. 98.015,
    3         F.S.; creating a public records exemption for portions
    4         of records containing network schematics, hardware and
    5         software configurations, or encryption or which
    6         identify detection, investigation, or response
    7         practices for suspected or confirmed information
    8         technology security incidents, including suspected or
    9         confirmed breaches held by a county supervisor of
   10         elections; providing that such confidential and exempt
   11         information must be available to the Auditor General
   12         and may be made available to governmental entities for
   13         specified purposes; providing for retroactive
   14         application; providing for future legislative review
   15         and repeal of the exemption; providing a statement of
   16         public necessity; providing an effective date.
   17          
   18  Be It Enacted by the Legislature of the State of Florida:
   19  
   20         Section 1. Subsection (13) is added to section 98.015,
   21  Florida Statutes, to read:
   22         98.015 Supervisor of elections; election, tenure of office,
   23  compensation, custody of registration-related documents, office
   24  hours, successor, seal; appointment of deputy supervisors;
   25  duties; public records exemption.—
   26         (13)(a) Portions of records held by a supervisor of
   27  elections which contain network schematics, hardware and
   28  software configurations, or encryption or which identify
   29  detection, investigation, or response practices for suspected or
   30  confirmed information technology security incidents, including
   31  suspected or confirmed breaches, are confidential and exempt
   32  from s. 119.07(1) and s. 24(a), Art. I of the State
   33  Constitution, if the disclosure of such records would facilitate
   34  unauthorized access to or the unauthorized modification,
   35  disclosure, or destruction of:
   36         1. Data or information, whether physical or virtual; or
   37         2. Information technology resources as defined in s.
   38  119.011 which include:
   39         a. Information relating to the security of a supervisor of
   40  elections’ technology, processes, and practices designed to
   41  protect networks, computers, data processing software, and data
   42  from attack, damage, or unauthorized access; or
   43         b. Security information, whether physical or virtual, which
   44  relates to a supervisor of elections’ existing or proposed
   45  information technology systems.
   46         (b) The portions of records made confidential and exempt in
   47  paragraph (a) must be available to the Auditor General and may
   48  be made available to another governmental entity for information
   49  technology security purposes or in the furtherance of the
   50  governmental entity’s official duties.
   51         (c) The public records exemption created in paragraph (a)
   52  applies to records held by a supervisor of elections before, on,
   53  or after the effective date of the exemption.
   54         (d) This subsection is subject to the Open Government
   55  Sunset Review Act in accordance with s. 119.15 and shall stand
   56  repealed on October 2, 2026, unless reviewed and saved from
   57  repeal through reenactment by the Legislature.
   58         Section 2. The Legislature finds that it is a public
   59  necessity that the portions of records of a supervisor of
   60  elections which contain network schematics, hardware and
   61  software configurations, or encryption or which identify
   62  detection, investigation, or response practices for suspected or
   63  confirmed information technology security incidents, including
   64  suspected or confirmed breaches, and which could be used to
   65  facilitate unauthorized access to or unauthorized modification,
   66  disclosure, or destruction of virtual or physical data or
   67  information or information technology resources be made
   68  confidential and exempt from s. 119.07(1), Florida Statutes, and
   69  s. 24(a), Article I of the State Constitution. Such information
   70  could be used as a tool to influence elections, frustrate the
   71  voting process, manipulate election results, or otherwise
   72  interfere with the administration of elections. The release of
   73  such information could result in an increase in security
   74  breaches and fraud impacting the electoral process. For these
   75  reasons, the Legislature finds that the public records exemption
   76  should be applied on a retroactive basis because the harm that
   77  may result from the release of such information outweighs the
   78  public benefit that may be derived from the disclosure of the
   79  information.
   80         Section 3. This act shall take effect upon becoming a law.