Florida Senate - 2023                             CS for SB 7042
       
       
        
       By the Committees on Rules; and Banking and Insurance
       
       
       
       
       
       595-04042-23                                          20237042c1
    1                        A bill to be entitled                      
    2         An act relating to a review under the Open Government
    3         Sunset Review Act; amending s. 627.352, F.S., which
    4         provides an exemption from public record and public
    5         meeting requirements for certain data and information
    6         relating to cybersecurity; repealing exemptions
    7         relating to data and information from technology
    8         systems; making technical changes; revising specified
    9         information that is required to be made available to
   10         certain entities; removing the scheduled repeal of the
   11         exemption; providing an effective date.
   12          
   13  Be It Enacted by the Legislature of the State of Florida:
   14  
   15         Section 1. Section 627.352, Florida Statutes, is amended to
   16  read:
   17         627.352 Security of data and information technology in
   18  Citizens Property Insurance Corporation.—
   19         (1) The following data and information from technology
   20  systems owned by, under contract with, or maintained by Citizens
   21  Property Insurance Corporation are confidential and exempt from
   22  s. 119.07(1) and s. 24(a), Art. I of the State Constitution:
   23         (a) Records held by the corporation which identify
   24  detection, investigation, or response practices for suspected or
   25  confirmed information technology security incidents, including
   26  suspected or confirmed breaches, if the disclosure of such
   27  records would facilitate unauthorized access to or unauthorized
   28  modification, disclosure, or destruction of:
   29         1. Data or information, whether physical or virtual; or
   30         2. Information technology resources, including:
   31         a. Information relating to the security of the
   32  corporation’s technologies, processes, and practices designed to
   33  protect networks, computers, data processing software, and data
   34  from attack, damage, or unauthorized access; or
   35         b. Security information, whether physical or virtual, which
   36  relates to the corporation’s existing or proposed information
   37  technology systems.
   38         (b) Any portion Those portions of a risk assessment
   39  assessments, an evaluation evaluations, an audit audits, and any
   40  other report reports of the Citizens Property Insurance
   41  Corporation’s information technology security program for its
   42  data, information, and information technology resources which
   43  are held by the corporation are confidential and exempt from s.
   44  119.07(1) and s. 24(a), Art. I of the State Constitution, if the
   45  disclosure of such records would facilitate unauthorized access
   46  to or the unauthorized modification, disclosure, or destruction
   47  of:
   48         (a)1. Data or information, whether physical or virtual; or
   49         (b)2. Information technology resources, which include:
   50         1.a. Information relating to the security of the
   51  corporation’s technologies, processes, and practices designed to
   52  protect networks, computers, data processing software, and data
   53  from attack, damage, or unauthorized access; or
   54         2.b. Security information, whether physical or virtual,
   55  which relates to the corporation’s existing or proposed
   56  information technology systems.
   57         (2) Those portions of a public meeting as specified in s.
   58  286.011 which would reveal data and information described in
   59  subsection (1) are exempt from s. 286.011 and s. 24(b), Art. I
   60  of the State Constitution. No exempt portion of an exempt
   61  meeting may be off the record. All exempt portions of such a
   62  meeting must be recorded and transcribed. The recording and
   63  transcript of the meeting must remain confidential and exempt
   64  from disclosure under s. 119.07(1) and s. 24(a), Art. I of the
   65  State Constitution unless a court of competent jurisdiction,
   66  following an in camera review, determines that the meeting was
   67  not restricted to the discussion of data and information made
   68  confidential and exempt by this section. In the event of such a
   69  judicial determination, only that portion of the transcript
   70  which reveals nonexempt data and information may be disclosed to
   71  a third party.
   72         (3) The confidential and exempt records and portions of
   73  public meeting recordings and transcripts described in
   74  subsection (2) must be available to the Auditor General, the
   75  Cybercrime Office of the Department of Law Enforcement, and the
   76  Office of Insurance Regulation. Such records and portions of
   77  public meeting meetings, recordings, and transcripts may be made
   78  available to a state or federal agency for security purposes or
   79  in furtherance of the agency’s official duties.
   80         (4) The exemptions provided by this section apply to
   81  records held by the corporation before, on, or after March 21,
   82  2018 the effective date of this act.
   83         (5) This section is subject to the Open Government Sunset
   84  Review Act in accordance with s. 119.15 and shall stand repealed
   85  on October 2, 2023, unless reviewed and saved from repeal
   86  through reenactment by the Legislature.
   87         Section 2. This act shall take effect October 1, 2023.