Florida Senate - 2023 COMMITTEE AMENDMENT
Bill No. SB 7042
Ì401556-Î401556
LEGISLATIVE ACTION
Senate . House
Comm: RCS .
04/20/2023 .
.
.
.
—————————————————————————————————————————————————————————————————
—————————————————————————————————————————————————————————————————
The Committee on Rules (Boyd) recommended the following:
1 Senate Amendment (with title amendment)
2
3 Delete everything after the enacting clause
4 and insert:
5 Section 1. Section 627.352, Florida Statutes, is amended to
6 read:
7 627.352 Security of data and information technology in
8 Citizens Property Insurance Corporation.—
9 (1) The following data and information from technology
10 systems owned by, under contract with, or maintained by Citizens
11 Property Insurance Corporation are confidential and exempt from
12 s. 119.07(1) and s. 24(a), Art. I of the State Constitution:
13 (a) Records held by the corporation which identify
14 detection, investigation, or response practices for suspected or
15 confirmed information technology security incidents, including
16 suspected or confirmed breaches, if the disclosure of such
17 records would facilitate unauthorized access to or unauthorized
18 modification, disclosure, or destruction of:
19 1. Data or information, whether physical or virtual; or
20 2. Information technology resources, including:
21 a. Information relating to the security of the
22 corporation’s technologies, processes, and practices designed to
23 protect networks, computers, data processing software, and data
24 from attack, damage, or unauthorized access; or
25 b. Security information, whether physical or virtual, which
26 relates to the corporation’s existing or proposed information
27 technology systems.
28 (b) Any portion Those portions of a risk assessment
29 assessments, an evaluation evaluations, an audit audits, and any
30 other report reports of the Citizens Property Insurance
31 Corporation’s information technology security program for its
32 data, information, and information technology resources which
33 are held by the corporation are confidential and exempt from s.
34 119.07(1) and s. 24(a), Art. I of the State Constitution, if the
35 disclosure of such records would facilitate unauthorized access
36 to or the unauthorized modification, disclosure, or destruction
37 of:
38 (a)1. Data or information, whether physical or virtual; or
39 (b)2. Information technology resources, which include:
40 1.a. Information relating to the security of the
41 corporation’s technologies, processes, and practices designed to
42 protect networks, computers, data processing software, and data
43 from attack, damage, or unauthorized access; or
44 2.b. Security information, whether physical or virtual,
45 which relates to the corporation’s existing or proposed
46 information technology systems.
47 (2) Those portions of a public meeting as specified in s.
48 286.011 which would reveal data and information described in
49 subsection (1) are exempt from s. 286.011 and s. 24(b), Art. I
50 of the State Constitution. No exempt portion of an exempt
51 meeting may be off the record. All exempt portions of such a
52 meeting must be recorded and transcribed. The recording and
53 transcript of the meeting must remain confidential and exempt
54 from disclosure under s. 119.07(1) and s. 24(a), Art. I of the
55 State Constitution unless a court of competent jurisdiction,
56 following an in camera review, determines that the meeting was
57 not restricted to the discussion of data and information made
58 confidential and exempt by this section. In the event of such a
59 judicial determination, only that portion of the transcript
60 which reveals nonexempt data and information may be disclosed to
61 a third party.
62 (3) The confidential and exempt records and portions of
63 public meeting recordings and transcripts described in
64 subsection (2) must be available to the Auditor General, the
65 Cybercrime Office of the Department of Law Enforcement, and the
66 Office of Insurance Regulation. Such records and portions of
67 public meeting meetings, recordings, and transcripts may be made
68 available to a state or federal agency for security purposes or
69 in furtherance of the agency’s official duties.
70 (4) The exemptions provided by this section apply to
71 records held by the corporation before, on, or after March 21,
72 2018 the effective date of this act.
73 (5) This section is subject to the Open Government Sunset
74 Review Act in accordance with s. 119.15 and shall stand repealed
75 on October 2, 2023, unless reviewed and saved from repeal
76 through reenactment by the Legislature.
77 Section 2. This act shall take effect October 1, 2023.
78
79 ================= T I T L E A M E N D M E N T ================
80 And the title is amended as follows:
81 Delete everything before the enacting clause
82 and insert:
83 A bill to be entitled
84 An act relating to a review under the Open Government
85 Sunset Review Act; amending s. 627.352, F.S., which
86 provides an exemption from public record and public
87 meeting requirements for certain data and information
88 relating to cybersecurity; repealing exemptions
89 relating to data and information from technology
90 systems; making technical changes; revising specified
91 information that is required to be made available to
92 certain entities; removing the scheduled repeal of the
93 exemption; providing an effective date.