CS/CS/HB 1127 — Pub. Rec. and Meetings/Citizens Property Insurance Corporation
by Government Accountability Committee; Oversight, Transparency and Administration Subcommittee and Rep. Lee (CS/CS/CS/SB 1880 by Rules Committee; Governmental Oversight and Accountability Committee; Banking and Insurance Committee; and Senators Broxson and Mayfield)
This summary is provided for information only and does not represent the opinion of any Senator, Senate Officer, or Senate Office.
Prepared by: Banking and Insurance Committee (BI)
The bill creates public record and public meeting exemptions to protect data and records pertaining to the security of Citizens Property Insurance Corporation’s information networks from disclosure. The bill provides that records held by the corporation that identify detection, investigation, or response practices for suspected or confirmed information technology security incidents, including suspected or confirmed breaches, are confidential and exempt from public record requirements. Portions of risk assessments, evaluations, audits, and other reports of Citizen’s information technology security program are also exempt from public disclosure. The exemption applies if the disclosure would facilitate unauthorized access to, or unauthorized modification, disclosure, or destruct of data or information or information technology resources.
The bill also creates a public meeting exemption for meetings and portions thereof that would reveal the above-described information technology security information. Recordings or transcripts of such closed portions of meetings must be taken. Recordings or transcripts are confidential and exempt from public record requirements, unless a court, following an in-camera review, determines that the meeting was not restricted to the discussion of confidential and exempt data and information. In the event of such a judicial determination, only that portion of a transcript that reveals nonexempt data and information may be disclosed to a third party.
The bill requires the confidential and exempt records related to the public meeting exemption to be available to the Auditor General, the Cybercrime Office of the Department of Law Enforcement, and the Office of Insurance Regulation. Such records and portions of meetings, recordings, and transcripts may also be available to a state or federal agency for security purposes or in furtherance of the agency’s official duties.
The public record exemptions apply to records or portions of public meetings, recordings, and transcripts held by the corporation. The public records exemption applies retroactively.
This section is subject to the Open Government Sunset Review and stands repealed on October 2, 2023, unless reviewed and saved from repeal through reenactment by the Legislature.
If approved by the Governor, these provisions take effect upon becoming law.
Vote: Senate 36-0; House 108-5