Florida Senate - 2022 SB 1740
By Senator Wright
14-00739-22 20221740__
1 A bill to be entitled
2 An act relating to public records and public meetings;
3 amending s. 119.0713, F.S.; providing an exemption
4 from public records requirements for certain
5 information held by a utility owned or operated by a
6 unit of local government; providing for retroactive
7 application; providing for future legislative review
8 and repeal of the exemption; reenacting s.
9 286.0113(3), F.S., relating to an exemption from
10 public meetings requirements for portions of meetings
11 held by a utility owned or operated by a unit of local
12 government which would reveal certain information, to
13 incorporate the amendment made to s. 119.0713, F.S.,
14 in a reference thereto; providing a statement of
15 public necessity; providing an effective date.
16
17 Be It Enacted by the Legislature of the State of Florida:
18
19 Section 1. Subsection (5) of section 119.0713, Florida
20 Statutes, is amended to read:
21 119.0713 Local government agency exemptions from inspection
22 or copying of public records.—
23 (5)(a) The following information held by a utility owned or
24 operated by a unit of local government is exempt from s.
25 119.07(1) and s. 24(a), Art. I of the State Constitution:
26 1. Information related to the security of the technology,
27 processes, or practices of a utility owned or operated by a unit
28 of local government that are designed to protect the utility’s
29 networks, computers, programs, and data from attack, damage, or
30 unauthorized access, which information, if disclosed, would
31 facilitate the alteration, disclosure, or destruction of such
32 data or information technology resources.
33 2. Information related to the security of existing or
34 proposed information technology systems or industrial control
35 technology systems of a utility owned or operated by a unit of
36 local government, which, if disclosed, would facilitate
37 unauthorized access to, and alteration or destruction of, such
38 systems in a manner that would adversely impact the safe and
39 reliable operation of the systems and the utility.
40 3. Information related to threat detection, defense,
41 deterrence, or response plans and actions for information
42 technology and operational technology systems of a utility owned
43 or operated by a unit of local government, including, but not
44 limited to, plans and actions made or taken in response to a
45 ransomware attack or other cyberattack on, or threat to,
46 information technology or operational technology systems.
47 4. Information related to insurance or other risk
48 mitigation products or coverages, including, but not limited to,
49 deductible or self-insurance amounts, coverage limits, and
50 policy terms and conditions for the protection of the
51 information technology and operational technology systems and
52 data of a utility owned or operated by a unit of local
53 government.
54 5. Information created or received by a utility owned or
55 operated by a unit of local government which has been submitted
56 for review as, or designated as, critical energy/electric
57 infrastructure information (CEII) pursuant to federal law by the
58 Federal Energy Regulatory Commission or the United States
59 Department of Energy.
60 6. Customer meter-derived data and billing information in
61 increments less than one billing cycle.
62 (b) This exemption applies to such information held by a
63 utility owned or operated by a unit of local government before,
64 on, or after the effective date of this exemption.
65 (c) This subsection is subject to the Open Government
66 Sunset Review Act in accordance with s. 119.15 and shall stand
67 repealed on October 2, 2024, unless reviewed and saved from
68 repeal through reenactment by the Legislature.
69 Section 2. For the purpose of incorporating the amendment
70 made by this act to section 119.0713, Florida Statutes, in a
71 reference thereto, subsection (3) of section 286.0113, Florida
72 Statutes, is reenacted to read:
73 286.0113 General exemptions from public meetings.—
74 (3)(a) That portion of a meeting held by a utility owned or
75 operated by a unit of local government which would reveal
76 information that is exempt under s. 119.0713(5) is exempt from
77 s. 286.011 and s. 24(b), Art. I of the State Constitution. All
78 exempt portions of such a meeting must be recorded and
79 transcribed. The recording and transcript of the meeting are
80 exempt from disclosure under s. 119.07(1) and s. 24(a), Art. I
81 of the State Constitution unless a court of competent
82 jurisdiction, following an in camera review, determines that the
83 meeting was not restricted to the discussion of data and
84 information made exempt by this section. In the event of such a
85 judicial determination, only the portion of the recording or
86 transcript which reveals nonexempt data and information may be
87 disclosed to a third party.
88 (b) This subsection is subject to the Open Government
89 Sunset Review Act in accordance with s. 119.15 and shall stand
90 repealed on October 2, 2024, unless reviewed and saved from
91 repeal through reenactment by the Legislature.
92 Section 3. (1) The Legislature finds that it is a public
93 necessity that information related to threat detection, defense,
94 deterrence, or response plans and actions for information
95 technology and operational technology systems of a utility owned
96 or operated by a unit of local government; information related
97 to insurance or other risk mitigation products or coverages for
98 the protection of the information technology and operational
99 technology systems and data of a utility owned or operated by a
100 unit of local government; and information created or received by
101 a utility owned or operated by a unit of local government which
102 has been submitted for review as, or designated as, critical
103 energy/electric infrastructure information (CEII) pursuant to
104 federal law by the Federal Energy Regulatory Commission or the
105 United States Department of Energy be made exempt from s.
106 119.07(1), Florida Statutes, and s. 24(a), Article I of the
107 State Constitution. The Legislature further finds that it is a
108 public necessity that those portions of meetings held by a
109 utility owned or operated by a unit of local government which
110 would reveal such information be made exempt from s. 286.011,
111 Florida Statutes, and s. 24(b), Article I of the State
112 Constitution.
113 (2) The Legislature finds that multiple states are
114 developing rules to better facilitate the exchange of sensitive
115 information needed to protect critical energy, water, natural
116 gas, and wastewater infrastructure from cyberattacks and other
117 threats. As the electric grid continues to integrate more
118 information and communication technologies and as states look to
119 partner more closely with utilities on energy assurance and
120 resiliency, the sensitivity of information being shared and the
121 threats from increased connectivity will grow. Maintaining safe
122 and reliable utility systems is vital to protecting the public
123 health and safety and ensuring the economic well-being of this
124 state.
125 (3) The Legislature finds that the public and private harm
126 in disclosing the information under subsection (1) outweighs any
127 public benefit derived from the disclosure of cybersecurity
128 threat detection, defense, and informational or operational
129 technology systems of a utility owned or operated by a unit of
130 local government. Cyber criminals continually seek information
131 relating to the insurance coverage or other risk mitigation
132 products that utilities employ to defend against such attacks.
133 Critical infrastructure, as well as the assets of such
134 utilities, should be protected, and the protection of
135 information under subsection (1) will ensure the sensitive
136 information held by utilities is not publicly available to be
137 used against them at a later date.
138 Section 4. This act shall take effect July 1, 2022.