The Florida Senate

282.003  Short title.

282.0041  Definitions.

282.0055  Assignment of information technology.

282.0056  Development of work plan; development of implementation plans; and policy recommendations.

282.201  State data center system; agency duties and limitations.

282.203  Primary data centers.

282.204  Northwood Shared Resource Center.

282.205  Southwood Shared Resource Center.

282.3055  Agency chief information officer; appointment; duties.

282.315  Agency Chief Information Officers Council; creation.

282.318  Enterprise security of data and information technology.

282.322  Special monitoring process for designated information resources management projects.

282.33  Objective standards for data center energy efficiency.

282.34  Statewide e-mail system.

282.003  Short title.--This part may be cited as the "Enterprise Information Technology Services Management Act."

History.--s. 8, ch. 87-137; s. 1, ch. 92-98; s. 93, ch. 92-142; s. 4, ch. 96-390; s. 7, ch. 97-286; s. 45, ch. 99-13; s. 4, ch. 2008-116; s. 5, ch. 2009-80.

282.0041  Definitions.--As used in this chapter, the term:

(1)  "Agency" has the same meaning as in s. 216.011(1)(qq).

(2)  "Agency chief information officer" means the person employed by the agency head to coordinate and manage the information technology functions and responsibilities applicable to that agency, to participate and represent the agency in developing strategies for implementing enterprise information technology services established pursuant to this part, and to develop recommendations for enterprise information technology policy.

(3)  "Agency Chief Information Officers Council" means the council created in s. 282.315.

(4)  "Agency for Enterprise Information Technology" means the agency created in s. 14.204.

(5)  "Agency information technology service" means a service that directly helps an agency fulfill its statutory or constitutional responsibilities and policy objectives and is usually associated with the agency's primary or core business functions.

(6)  "Annual budget meeting" means a meeting of the board of trustees of a primary data center to review data center usage to determine the apportionment of board members for the following fiscal year, review rates for each service provided, and determine any other required changes.

(7)  "Breach" has the same meaning as in s. 817.5681(4).

(8)  "Business continuity plan" means a plan for disaster recovery which provides for the continued functioning of a primary data center during and after a disaster.

(9)  "Computing facility" means agency space containing fewer than a total of 10 physical or logical servers, any of which supports a strategic or nonstrategic information technology service, as described in budget instructions developed pursuant to s. 216.023, but excluding single, logical-server installations that exclusively perform a utility function such as file and print servers.

(10)  "Customer entity" means an entity that obtains services from a primary data center.

(11)  "Data center" means agency space containing 10 or more physical or logical servers any of which supports a strategic or nonstrategic information technology service, as described in budget instructions developed pursuant to s. 216.023.

(12)  "Department" means the Department of Management Services.

(13)  "Enterprise information technology service" means an information technology service that is used in all agencies or a subset of agencies and is established in law to be designed, delivered, and managed at the enterprise level.

(14)  "E-mail, messaging, and calendaring service" means the enterprise information technology service that enables users to send, receive, file, store, manage, and retrieve electronic messages, attachments, appointments, and addresses.

(15)  "Information-system utility" means a full-service information-processing facility offering hardware, software, operations, integration, networking, and consulting services.

(16)  "Information technology" means equipment, hardware, software, firmware, programs, systems, networks, infrastructure, media, and related material used to automatically, electronically, and wirelessly collect, receive, access, transmit, display, store, record, retrieve, analyze, evaluate, process, classify, manipulate, manage, assimilate, control, communicate, exchange, convert, converge, interface, switch, or disseminate information of any kind or form.

(17)  "Information technology policy" means statements that describe clear choices for how information technology will deliver effective and efficient government services to residents and improve state agency operations. A policy may relate to investments, business applications, architecture, or infrastructure. A policy describes its rationale, implications of compliance or noncompliance, the timeline for implementation, metrics for determining compliance, and the accountable structure responsible for its implementation.

(18)  "Performance metrics" means the measures of an organization's activities and performance.

(19)  "Primary data center" means a state or nonstate agency data center that is a recipient entity for consolidation of nonprimary data centers and computing facilities. A primary data center may be authorized in law or designated by the Agency for Enterprise Information Technology pursuant to s. 282.201.

(20)  "Project" means an endeavor that has a defined start and end point; is undertaken to create or modify a unique product, service, or result; and has specific objectives that, when attained, signify completion.

(21)  "Risk analysis" means the process of identifying security risks, determining their magnitude, and identifying areas needing safeguards.

(22)  "Service level" means the key performance indicators (KPI) of an organization or service which must be regularly performed, monitored, and achieved.

(23)  "Service-level agreement" means a written contract between a data center and a customer entity which specifies the scope of services provided, service level, the duration of the agreement, the responsible parties, and service costs. A service-level agreement is not a rule pursuant to chapter 120.

(24)  "Standards" means required practices, controls, components, or configurations established by an authority.

(25)  "Threat" means any circumstance or event that may cause harm to the integrity, availability, or confidentiality of information technology resources.

(26)  "Total cost" means all costs associated with information technology projects or initiatives, including, but not limited to, value of hardware, software, service, maintenance, incremental personnel, and facilities. Total cost of a loan or gift of information technology resources to an agency includes the fair market value of the resources; however, the total cost of loans or gifts of information technology to state universities to be used in instruction or research does not include fair market value.

(27)  "Usage" means the billing amount charged by the primary data center, less any pass-through charges, to the customer entity.

(28)  "Usage rate" means a customer entity's usage or billing amount as a percentage of total usage.

History.--ss. 3, 11, ch. 83-92; s. 17, ch. 87-137; ss. 10, 11, ch. 90-160; s. 4, ch. 91-171; s. 10, ch. 91-221; s. 5, ch. 91-429; s. 3, ch. 92-98; s. 95, ch. 92-142; s. 14, ch. 94-226; s. 11, ch. 94-340; s. 9, ch. 97-286; s. 16, ch. 2000-164; s. 51, ch. 2001-61; s. 10, ch. 2001-261; s. 4, ch. 2007-105; s. 5, ch. 2008-116; s. 6, ch. 2009-80.

Note.--Former s. 282.303.

282.0055  Assignment of information technology.--In order to ensure the most effective and efficient use of the state's information technology and information technology resources and notwithstanding other provisions of law to the contrary, policies for the design, planning, project management, and implementation of enterprise information technology services shall be the responsibility of the Agency for Enterprise Information Technology for executive branch agencies created or authorized in statute to perform legislatively delegated functions. The supervision, design, delivery, and management of agency information technology shall remain within the responsibility and control of the individual state agency.

History.--s. 5, ch. 2007-105; s. 6, ch. 2008-116.

282.0056  Development of work plan; development of implementation plans; and policy recommendations.--

(1)  For the purposes of carrying out its responsibilities under s. 282.0055, the Agency for Enterprise Information Technology shall develop an annual work plan within 60 days after the beginning of the fiscal year describing the activities that the agency intends to undertake for that year, including proposed outcomes and completion timeframes. The work plan must be presented at a public hearing that includes the Agency Chief Information Officers Council, which may review and comment on the plan. The work plan must thereafter be approved by the Governor and Cabinet and submitted to the President of the Senate and the Speaker of the House of Representatives. The work plan may be amended as needed, subject to approval by the Governor and Cabinet.

(2)  The agency may develop and submit to the President of the Senate, the Speaker of the House of Representatives, and the Governor by October 1 of each year implementation plans for proposed enterprise information technology services to be established in law.

(3)  In developing policy recommendations and implementation plans for established and proposed enterprise information technology services, the agency shall describe the scope of operation, conduct costs and requirements analyses, conduct an inventory of all existing information technology resources that are associated with each service, and develop strategies and timeframes for statewide migration.

(4)  For the purpose of completing its work activities, each state agency shall provide to the agency all requested information, including, but not limited to, the state agency's costs, service requirements, and equipment inventories.

(5)  Within 60 days after the end of each fiscal year, the agency shall report to the Governor and Cabinet, the President of the Senate, and the Speaker of the House of Representatives on what was achieved or not achieved in the prior year's work plan.

History.--s. 6, ch. 2007-105; s. 7, ch. 2008-116; s. 7, ch. 2009-80.

282.201  State data center system; agency duties and limitations.--A state data center system that includes all primary data centers, other nonprimary data centers, and computing facilities, and that provides an enterprise information technology service as defined in s. 282.0041, is established.

(1)  INTENT.--The Legislature finds that the most efficient and effective means of providing quality utility data processing services to state agencies requires that computing resources be concentrated in quality facilities that provide the proper security, infrastructure, and staff resources to ensure that the state's data is maintained reliably and safely, and is recoverable in the event of a disaster. Efficiencies resulting from such consolidation include the increased ability to leverage technological expertise and hardware and software capabilities; increased savings through consolidated purchasing decisions; and the enhanced ability to deploy technology improvements and implement new policies consistently throughout the consolidated organization. Therefore it is the intent of the Legislature that agency data centers and computing facilities be consolidated into primary data centers to the maximum extent possible by 2019.

(2)  AGENCY FOR ENTERPRISE INFORMATION TECHNOLOGY DUTIES.--The Agency for Enterprise Information Technology shall:

(a)  Collect and maintain information necessary for developing policies relating to the data center system, including, but not limited to, an inventory of facilities.

(b)  Annually approve cost-recovery mechanisms and rate structures for primary data centers which recover costs through charges to customer entities.

(c)  By December 31 of each year beginning in 2009, submit to the Legislature recommendations to improve the efficiency and effectiveness of computing services provided by state data center system facilities. Such recommendations may include, but need not be limited to:

1.  Policies for improving the cost-effectiveness and efficiency of the state data center system.

2.  Infrastructure improvements supporting the consolidation of facilities or preempting the need to create additional data centers or computing facilities.

3.  Standards for an objective, credible energy performance rating system that data center boards of trustees can use to measure state data center energy consumption and efficiency on a biannual basis.

4.  Uniform disaster recovery standards.

5.  Standards for primary data centers providing transparent financial data to user agencies.

6.  Consolidation of contract practices or coordination of software, hardware, or other technology-related procurements.

7.  Improvements to data center governance structures.

(d)  By October 1 of each year beginning in 2009, recommend to the Governor and Legislature at least two nonprimary data centers for consolidation into a primary data center or nonprimary data center facility.

1.  The consolidation proposal must provide a transition plan that includes:

a.  Estimated transition costs for each data center or computing facility recommended for consolidation;

b.  Detailed timeframes for the complete transition of each data center or computing facility recommended for consolidation;

c.  Proposed recurring and nonrecurring fiscal impacts, including increased or decreased costs and associated budget impacts for affected budget entities;

d.  Substantive legislative changes necessary to implement the transition; and

e.  Identification of computing resources to be transferred and those that will remain in the agency. The transfer of resources must include all hardware, software, staff, contracted services, and facility resources performing data center management and operations, security, backup and recovery, disaster recovery, system administration, database administration, system programming, job control, production control, print, storage, technical support, help desk, and managed services but excluding application development.

2.  Recommendations shall be based on the goal of maximizing current and future cost savings. The agency shall consider the following criteria in selecting consolidations that maximize efficiencies by providing the ability to:

a.  Consolidate purchase decisions;

b.  Leverage expertise and other resources to gain economies of scale;

c.  Implement state information technology policies more effectively;

d.  Maintain or improve the level of service provision to customer entities; and

e.  Make progress towards the state's goal of consolidating data centers and computing facilities into primary data centers.

3.  The agency shall establish workgroups as necessary to ensure participation by affected agencies in the development of recommendations related to consolidations.

(e)  By December 31, 2010, the agency shall develop and submit to the Legislature an overall consolidation plan for state data centers. The plan shall indicate a timeframe for the consolidation of all remaining nonprimary data centers into primary data centers, including existing and proposed primary data centers, by 2019.

(f)  Develop and establish rules relating to the operation of the state data center system which comply with applicable federal regulations, including 2 C.F.R. part 225 and 45 C.F.R. The rules may address:

1.  Ensuring that financial information is captured and reported consistently and accurately.

2.  Requiring the establishment of service-level agreements executed between a data center and its customer entities for services provided.

3.  Requiring annual full cost recovery on an equitable rational basis. The cost-recovery methodology must ensure that no service is subsidizing another service and may include adjusting the subsequent year's rates as a means to recover deficits or refund surpluses from a prior year.

4.  Requiring that any special assessment imposed to fund expansion is based on a methodology that apportions the assessment according to the proportional benefit to each customer entity.

5.  Requiring that rebates be given when revenues have exceeded costs, that rebates be applied to offset charges to those customer entities that have subsidized the costs of other customer entities, and that such rebates may be in the form of credits against future billings.

6.  Requiring that all service-level agreements have a contract term of up to 3 years, but may include an option to renew for up to 3 additional years contingent on approval by the board, and require at least a 180-day notice of termination.

7.  Designating any nonstate data centers as primary data centers if the center:

a.  Has an established governance structure that represents customer entities proportionally.

b.  Maintains an appropriate cost-allocation methodology that accurately bills a customer entity based on the actual direct and indirect costs to the customer entity, and prohibits the subsidization of one customer entity's costs by another entity.

c.  Has sufficient raised floor space, cooling, and redundant power capacity, including uninterruptible power supply and backup power generation, to accommodate the computer processing platforms and support necessary to host the computing requirements of additional customer entities.

8.  Removing nonstate data centers from primary data center designation if the nonstate data center fails to meet standards necessary to ensure that the state's data is maintained pursuant to subparagraph 7.

(3)  STATE AGENCY DUTIES.--

(a)  For the purpose of completing its work activities as described in subsection (1), each state agency shall provide to the Agency for Enterprise Information Technology all requested information and any other information relevant to the agency's ability to effectively transition its computer services into a primary data center. The agency shall also participate as required in workgroups relating to specific consolidation planning and implementation tasks as assigned by the Agency for Enterprise Information Technology and determined necessary to accomplish consolidation goals.

(b)  Each state agency shall submit to the Agency for Enterprise Information Technology information relating to its data centers and computing facilities as required in instructions issued by July 1 of each year by the Agency for Enterprise Information Technology. The information required may include:

1.  Amount of floor space used and available.

2.  Numbers and capacities of mainframes and servers.

3.  Storage and network capacity.

4.  Amount of power used and the available capacity.

5.  Estimated expenditures by service area, including hardware and software, numbers of full-time equivalent positions, personnel turnover, and position reclassifications.

6.  A list of contracts in effect for the fiscal year, including, but not limited to, contracts for hardware, software and maintenance, including the expiration date, the contract parties, and the cost of the contract.

7.  Service-level agreements by customer entity.

(c)  The chief information officer of each state agency shall assist the Agency for Enterprise Information Technology at the request of the Agency for Enterprise Information Technology.

(4)  AGENCY LIMITATIONS.--

(a)  Unless authorized by the Legislature or as provided in paragraphs (b) and (c), a state agency may not:

1.  Create a new computing facility or data center, or expand the capability to support additional computer equipment in an existing computing facility or nonprimary data center;

2.  Transfer existing computer services to a nonprimary data center or computing facility;

3.  Terminate services with a primary data center or transfer services between primary data centers without giving written notice of intent to terminate or transfer services 180 days before such termination or transfer; or

4.  Initiate a new computer service if it does not currently have an internal data center except with a primary data center.

(b)  Exceptions to the limitations in subparagraphs (a)1., 2., and 4. may be granted by the Agency for Enterprise Information Technology if there is insufficient capacity in a primary data center to absorb the workload associated with agency computing services.

1.  A request for an exception must be submitted in writing to the Agency for Enterprise Information Technology. The agency must accept, accept with conditions, or deny the request within 60 days after receipt of the written request. The agency's decision is not subject to chapter 120.

2.  At a minimum, the agency may not approve a request unless it includes:

a.  Documentation approved by the primary data center's board of trustees which confirms that the center cannot meet the capacity requirements of the agency requesting the exception within the current fiscal year.

b.  A description of the capacity requirements of the agency requesting the exception.

c.  Documentation from the agency demonstrating why it is critical to the agency's mission that the expansion or transfer must be completed within the fiscal year rather than when capacity is established at a primary data center.

(c)  Exceptions to subparagraph (a)3. may be granted by the board of trustees of the primary data center if the termination or transfer of services can be absorbed within the current cost-allocation plan.

(d)  Upon the termination of or transfer of agency computing services from the primary data center, the primary data center shall require information sufficient to determine compliance with this section. If a primary data center determines that an agency is in violation of this section, it shall report the violation to the Agency for Enterprise Information Technology.

(5)  RULES.--The Agency for Enterprise Information Technology is authorized to adopt rules pursuant to ss. 120.536(1) and 120.54 to administer the provisions of this part relating to the state data center system including the primary data centers.

History.--s. 8, ch. 2008-116; s. 24, ch. 2009-21; s. 8, ch. 2009-80.

282.203  Primary data centers.--

(1)  DATA CENTER DUTIES.--Each primary data center shall:

(a)  Serve customer entities as an information-system utility.

(b)  Cooperate with customer entities to offer, develop, and support the services and applications as defined and provided by the center's board of trustees and customer entities.

(c)  Comply with rules adopted by the Agency for Enterprise Information Technology, pursuant to this section, and coordinate with the agency in the consolidation of data centers.

(d)  Provide transparent financial statements to customer entities and the Agency for Enterprise Information Technology.

(e)  Maintain the performance of the facility, which includes ensuring proper data backup, data backup recovery, an effective disaster recovery plan, and appropriate security, power, cooling and fire suppression, and capacity.

(f)  Develop a business continuity plan and conduct a live exercise of the plan at least annually. The plan must be approved by the board and the Agency for Enterprise Information Technology.

(g)  Enter into a service-level agreement with each customer entity to provide services as defined and approved by the board in compliance with rules of the Agency for Enterprise Information Technology. A service-level agreement may not have a term exceeding 3 years but may include an option to renew for up to 3 years contingent on approval by the board.

1.  A service-level agreement, at a minimum, must:

a.  Identify the parties and their roles, duties, and responsibilities under the agreement;

b.  Identify the legal authority under which the service-level agreement was negotiated and entered into by the parties;

c.  State the duration of the contractual term and specify the conditions for contract renewal;

d.  Prohibit the transfer of computing services between primary data center facilities without at least 180 days' notice of service cancellation;

e.  Identify the scope of work;

f.  Identify the products or services to be delivered with sufficient specificity to permit an external financial or performance audit;

g.  Establish the services to be provided, the business standards that must be met for each service, the cost of each service, and the process by which the business standards for each service are to be objectively measured and reported;

h.  Identify applicable funds and funding streams for the services or products under contract;

i.  Provide a timely billing methodology for recovering the cost of services provided to the customer entity;

j.  Provide a procedure for modifying the service-level agreement to address changes in projected costs of service;

k.  Provide that a service-level agreement may be terminated by either party for cause only after giving the other party and the Agency for Enterprise Information Technology notice in writing of the cause for termination and an opportunity for the other party to resolve the identified cause within a reasonable period; and

l.  Provide for mediation of disputes by the Division of Administrative Hearings pursuant to s. 120.573.

2.  A service-level agreement may include:

a.  A dispute resolution mechanism, including alternatives to administrative or judicial proceedings;

b.  The setting of a surety or performance bond for service-level agreements entered into with nonstate agency primary data centers, which may be designated by the Agency for Enterprise Information Technology; or

c.  Additional terms and conditions as determined advisable by the parties if such additional terms and conditions do not conflict with the requirements of this section or rules adopted by the Agency for Enterprise Information Technology.

3.  The failure to execute a service-level agreement within 60 days after service commencement shall, in the case of an existing customer entity, result in a continuation of the terms of the service-level agreement from the prior fiscal year, including any amendments that were formally proposed to the customer entity by the primary data center within the 3 months before service commencement, and a revised cost-of-service estimate. If a new customer entity fails to execute an agreement within 60 days after service commencement, the data center may cease services.

(h)  Plan, design, establish pilot projects for, and conduct experiments with information technology resources, and implement enhancements in services if such implementation is cost-effective and approved by the board.

(i)  Enter into a memorandum of understanding with the agency where the data center is administratively located which establishes the services to be provided by that agency to the data center and the cost of such services.

(j)  Be the custodian of resources and equipment that are located, operated, supported, and managed by the center for the purposes of chapter 273.

(2)  BOARD OF TRUSTEES.--Each primary data center shall be headed by a board of trustees as defined in s. 20.03.

(a)  The members of the board shall be appointed by the agency head or chief executive officer of the representative customer entities of the primary data center and shall serve at the pleasure of the appointing customer entity.

1.  For each of the first 2 fiscal years that a center is in operation, membership shall be as provided in subparagraph 3. based on projected customer entity usage rates for the fiscal operating year of the primary data center. However, at a minimum:

a.  During the Southwood Shared Resource Center's first 2 operating years, the Department of Transportation, the Department of Highway Safety and Motor Vehicles, the Department of Health, and the Department of Revenue must each have at least one trustee.

b.  During the Northwood Shared Resource Center's first operating year, the Department of State and the Department of Education must each have at least one trustee.

2.  After the second full year of operation, membership shall be as provided in subparagraph 3. based on the most recent estimate of customer entity usage rates for the prior year and a projection of usage rates for the first 9 months of the next fiscal year. Such calculation must be completed before the annual budget meeting held before the beginning of the next fiscal year so that any decision to add or remove board members can be voted on at the budget meeting and become effective on July 1 of the subsequent fiscal year.

3.  Each customer entity that has a projected usage rate of 4 percent or greater during the fiscal operating year of the primary data center shall have one trustee on the board.

4.  The total number of votes for each trustee shall be apportioned as follows:

a.  Customer entities of a primary data center whose usage rate represents 4 but less than 15 percent of total usage shall have one vote.

b.  Customer entities of a primary data center whose usage rate represents 15 but less than 30 percent of total usage shall have two votes.

c.  Customer entities of a primary data center whose usage rate represents 30 but less than 50 percent of total usage shall have three votes.

d.  A customer entity of a primary data center whose usage rate represents 50 percent or more of total usage shall have four votes.

e.  A single trustee having one vote shall represent those customer entities that represent less than 4 percent of the total usage. The trustee shall be selected by a process determined by the board.

(b)  Before July 1 of each year, each board of trustees of a primary data center shall elect a chair and a vice chair to a term of 1 year or until a successor is elected. The vice chair shall serve in the absence of the chair. The chair may be elected to serve one additional successive term.

(c)  Members of the board representing customer entities who fail to timely pay for data center services do not have voting rights.

(d)  The board shall take action by majority vote. If there is a tie, the chair shall be on the prevailing side.

(e)  The executive director of the Agency for Enterprise Information Technology shall be the advisor to the board.

(f)  To facilitate planned data center consolidations, board membership may be adjusted as provided in the General Appropriations Act.

(3)  BOARD DUTIES.--Each board of trustees of a primary data center shall:

(a)  Employ an executive director, pursuant to s. 20.05, who serves at the pleasure of the board. The executive director is responsible for the daily operation of the primary data center, ensuring compliance with all laws and rules regulating the primary data center, managing primary data center employees, and the performance of the primary data center.

(b)  Establish procedures for the primary data center to ensure that budgeting and accounting procedures, cost-recovery methodologies, and operating procedures are in compliance with laws governing the state data center system, rules adopted by the Agency for Enterprise Information Technology, and applicable federal regulations, including 2 C.F.R. part 225 and 45 C.F.R.

(c)  Monitor the operation of the primary data center to ensure compliance by the executive director and employees with laws and rules governing the primary data center, and ensure that staff members are accountable for the performance of the primary data center.

(d)  Provide each customer entity with full disclosure concerning plans for new, additional, or reduced service requirements, including expected achievable service levels and performance metrics.

(e)  Ensure the sufficiency and transparency of the primary data center financial information by:

1.  Establishing policies that ensure that cost-recovery methodologies, billings, receivables, expenditure, budgeting, and accounting data are captured and reported timely, consistently, accurately, and transparently and, upon adoption of rules by the Agency for Enterprise Information Technology, are in compliance with such rules.

2.  Requiring execution of service-level agreements by the data center and each customer entity for services provided by the data center to the customer entity.

3.  Requiring cost recovery for the full cost of services, including direct and indirect costs. The cost-recovery methodology must ensure that no service is subsidizing another service without an affirmative vote of approval by the customer entity providing the subsidy.

4.  Establishing special assessments to fund expansions based on a methodology that apportions the assessment according to the proportional benefit to each customer entity.

5.  Providing rebates to customer entities when revenues exceed costs and offsetting charges to those who have subsidized other customer entity costs based on actual prior year final expenditures. Rebates may be credited against future billings.

6.  Approving all expenditures committing over $50,000 in a fiscal year.

7.  Projecting costs and revenues at the beginning of the third quarter of each fiscal year through the end of the fiscal year. If in any given fiscal year the primary data center is projected to earn revenues that are below costs for that fiscal year after first reducing operating costs where possible, the board shall implement any combination of the following remedies to cover the shortfall:

a.  The board may direct the primary data center to adjust current year chargeback rates through the end of the fiscal year to cover the shortfall. The rate adjustments shall be implemented using actual usage rate and billing data from the first three quarters of the fiscal year and the same principles used to set rates for the fiscal year.

b.  The board may direct the primary data center to levy one-time charges on all customer entities to cover the shortfall. The one-time charges shall be implemented using actual usage rate and billing data from the first three quarters of the fiscal year and the same principles used to set rates for the fiscal year.

c.  The customer entities represented by each board member may provide payments to cover the shortfall in proportion to the amounts each entity paid in the prior fiscal year.

(f)  Meet as often as necessary, but not less than once per quarter, and hold the annual budget meeting between April 1 and June 30 of each year.

(g)  Approve the portfolio of services offered by the data center.

(h)  By July 1 of each year, submit to the Agency for Enterprise Information Technology proposed cost-recovery mechanisms and rate structures for all customer entities for the fiscal year including the cost-allocation methodology for administrative expenditures and the calculation of administrative expenditures as a percent of total costs.

(i)  Consider energy-efficient products and their total cost of ownership when replacing, upgrading, or expanding:

1.  Data center facilities, including, but not limited to, environmental, power, and control systems; and

2.  Data center network, storage, and computer equipment. If the total cost of ownership, including initial acquisition cost, is estimated to be equal to or lower than existing infrastructure, technical specifications for energy-efficient products should be incorporated into the replacement, upgrade, or expansion planning and acquisition process.

(j)  Maintain the capabilities of the primary data center's facilities. Maintenance responsibilities include, but are not limited to, ensuring that adequate conditioned floor space, fire suppression, cooling, and power is in place; replacing aging equipment when necessary; and making decisions related to data center expansion and renovation, periodic upgrades, and improvements that are required to ensure the ongoing suitability of the facility as an enterprise data center consolidation site in the state data center system. To the extent possible, the board shall ensure that its approved annual cost-allocation plan recovers sufficient funds from its customers to provide for these needs pursuant to s. 282.201(2)(e).

History.--s. 9, ch. 2008-116; s. 9, ch. 2009-80.

282.204  Northwood Shared Resource Center.--

(1)  A workgroup shall be established within the Department of Children and Family Services for the purpose of developing a plan for converting its data center to a primary data center.

(a)  The workgroup shall be chaired by a member appointed by the secretary of the department. Workgroup members may include other state agencies who will be customers of the data center during the 2009-2010 fiscal year. The workgroup shall include staff members who have appropriate financial and technical skills as determined by the chair of the workgroup.

(b)  The conversion plan shall address organizational changes, personnel changes, cost-allocation plan changes, and any other changes necessary to effectively convert to a primary state data center capable of providing computer services as required by s. 282.201.

(c)  The workgroup shall submit recommendations for facilitating the conversion to the Governor and Cabinet, the President of the Senate, and the Speaker of the House of Representatives by December 31, 2008.

(2)  Effective July 1, 2009, the Northwood Shared Resource Center is an agency established within the Department of Children and Family Services for administrative purposes only.

(a)  The center is a primary data center and shall be a separate budget entity that is not subject to control, supervision, or direction of the department in any manner, including, but not limited to, purchasing, transactions involving real or personal property, personnel, or budgetary matters.

(b)  The center shall be headed by a board of trustees as provided in s. 282.203, who shall comply with all requirements of that section related to the operation of the center and with the rules of the Agency for Enterprise Information Technology related to the design and delivery of enterprise information technology services. The secretary of the department may appoint a temporary board chair for the purpose of convening the board of trustees, selecting a chair, and determining board membership.

(3)  The Department of Children and Family Services and the center shall identify resources associated with information technology functions which are not related to the support, management, and operation of the data center but which currently exist within the same budget entity as the data center. By October 1, 2009, the center shall submit a budget amendment to transfer resources associated with these functions to the department.

History.--s. 10, ch. 2008-116; s. 10, ch. 2009-80.

282.205  Southwood Shared Resource Center.--The Southwood Shared Resource Center is an agency established within the department for administrative purposes only.

(1)  The center is designated as a primary data center and shall be a separate budget entity that is not subject to control, supervision, or direction of the department in any manner, including, but not limited to, purchasing, transactions involving real or personal property, personnel, or budgetary matters.

(2)  The center shall be headed by a board of trustees as provided in s. 282.203, who shall comply with all requirements of that section related to the operation of the center and with the rules of the Agency for Enterprise Information Technology related to the design and delivery of enterprise information technology services.

History.--s. 11, ch. 2008-116; s. 11, ch. 2009-80.

282.3055  Agency chief information officer; appointment; duties.--

(1)(a)  Each agency head shall appoint or contract for an agency chief information officer.

(b)  The agency chief information officer must, at a minimum, have knowledge and experience in both management and information technology resources.

(2)  The duties of the agency chief information officer include, but are not limited to:

(a)  Coordinating and facilitating the planning and management of agency information technology services.

(b)  Implementing agency information technology planning and management procedures, guidelines, and standards that are consistent with the procedures and standards adopted by the Agency for Enterprise Information Technology.

(c)  Advising agency senior management as to the information technology resource planning and management needs of the agency.

(d)  Assisting in the development and prioritization of the information technology resource needs for the agency's legislative budget request.

(e)  Assisting the Agency for Enterprise Information Technology in the development of strategies for implementing the enterprise information technology services established in law and developing recommendations for enterprise information technology policy.

History.--s. 10, ch. 97-286; s. 20, ch. 2000-164; s. 23, ch. 2001-261; s. 8, ch. 2007-105.

282.315  Agency Chief Information Officers Council; creation.--The Legislature finds that enhancing communication, consensus building, coordination, and facilitation with respect to issues concerning enterprise information technology resources are essential to improving the management of such resources.

(1)  There is created an Agency Chief Information Officers Council to:

(a)  Enhance communication and collaboration among the Agency Chief Information Officers and the Agency for Enterprise Information Technology.

(b)  Identify and recommend best practices that are characteristic of highly successful technology organizations, as well as exemplary information technology applications for use by state agencies, and assist the Agency for Enterprise Information Technology in developing strategies for implementing the enterprise information technology services established in law and developing recommendations for enterprise information technology policy.

(c)  Identify efficiency opportunities among state agencies and make recommendations for action to the Agency for Enterprise Information Technology. This includes recommendations relating to the consolidation of agency data center and computing facilities, including operational policies, procedures and standards for the consolidated facilities, and procedures and standards for planning the migration to consolidated facilities.

(d)  Assist the Agency for Enterprise Information Technology in identifying critical enterprise information technology issues and, when appropriate, make recommendations for solving enterprise resource planning and management deficiencies.

(2)  Members of the council shall include the Agency Chief Information Officers, including the Chief Information Officers of the agencies and governmental entities, except that there shall be one Chief Information Officer selected by the state attorneys and one Chief Information Officer selected by the public defenders. The council shall appoint a chair, vice chair, and secretary from among its members to a 1-year term each. The council shall establish procedures governing council business.

(3)  The Agency for Enterprise Information Technology shall provide administrative support to the council.

History.--s. 10, ch. 97-286; s. 24, ch. 2000-164; s. 25, ch. 2001-261; s. 9, ch. 2007-105; s. 12, ch. 2008-116.

282.318  Enterprise security of data and information technology.--

(1)  This section may be cited as the "Enterprise Security of Data and Information Technology Act."

(2)  Information technology security is established as an enterprise information technology service as defined in ¹s. 282.0041.

(3)  The Office of Information Security within the Agency for Enterprise Information Technology is responsible for establishing rules and publishing guidelines for ensuring an appropriate level of security for all data and information technology resources for executive branch agencies. The office shall also perform the following duties and responsibilities:

(a)  Develop, and annually update by February 1, an enterprise information security strategic plan that includes security goals and objectives for the strategic issues of information security policy, risk management, training, incident management, and survivability planning.

(b)  Develop enterprise security rules and published guidelines for:

1.  Comprehensive risk analyses and information security audits conducted by state agencies.

2.  Responding to suspected or confirmed information security incidents, including suspected or confirmed breaches of personal information or exempt data.

3.  Agency security plans, including strategic security plans and security program plans.

4.  The recovery of information technology and data following a disaster.

5.  The managerial, operational, and technical safeguards for protecting state government data and information technology resources.

(c)  Assist agencies in complying with the provisions of this section.

(d)  Pursue appropriate funding for the purpose of enhancing domestic security.

(e)  Provide training for agency information security managers.

(f)  Annually review the strategic and operational information security plans of executive branch agencies.

(4)  To assist the Office of Information Security in carrying out its responsibilities, each agency head shall, at a minimum:

(a)  Designate an information security manager to administer the security program of the agency for its data and information technology resources. This designation must be provided annually in writing to the office by January 1.

(b)  Submit to the office annually by July 31, the agency's strategic and operational information security plans developed pursuant to the rules and guidelines established by the office.

1.  The agency strategic information security plan must cover a 3-year period and define security goals, intermediate objectives, and projected agency costs for the strategic issues of agency information security policy, risk management, security training, security incident response, and survivability. The plan must be based on the enterprise strategic information security plan created by the office. Additional issues may be included.

2.  The agency operational information security plan must include a progress report for the prior operational information security plan and a project plan that includes activities, timelines, and deliverables for security objectives that, subject to current resources, the agency will implement during the current fiscal year. The cost of implementing the portions of the plan which cannot be funded from current resources must be identified in the plan.

(c)  Conduct, and update every 3 years, a comprehensive risk analysis to determine the security threats to the data, information, and information technology resources of the agency. The risk analysis information is confidential and exempt from the provisions of s. 119.07(1), except that such information shall be available to the Auditor General and the Agency for Enterprise Information Technology for performing postauditing duties.

(d)  Develop, and periodically update, written internal policies and procedures, which include procedures for notifying the office when a suspected or confirmed breach, or an information security incident, occurs. Such policies and procedures must be consistent with the rules and guidelines established by the office to ensure the security of the data, information, and information technology resources of the agency. The internal policies and procedures that, if disclosed, could facilitate the unauthorized modification, disclosure, or destruction of data or information technology resources are confidential information and exempt from s. 119.07(1), except that such information shall be available to the Auditor General and the Agency for Enterprise Information Technology for performing postauditing duties.

(e)  Implement appropriate cost-effective safeguards to address identified risks to the data, information, and information technology resources of the agency.

(f)  Ensure that periodic internal audits and evaluations of the agency's security program for the data, information, and information technology resources of the agency are conducted. The results of such audits and evaluations are confidential information and exempt from s. 119.07(1), except that such information shall be available to the Auditor General and the Agency for Enterprise Information Technology for performing postauditing duties.

(g)  Include appropriate security requirements in the written specifications for the solicitation of information technology and information technology resources and services, which are consistent with the rules and guidelines established by the office.

(h)  Provide security awareness training to employees and users of the agency's communication and information resources concerning information security risks and the responsibility of employees and users to comply with policies, standards, guidelines, and operating procedures adopted by the agency to reduce those risks.

(i)  Develop a process for detecting, reporting, and responding to suspected or confirmed security incidents, including suspected or confirmed breaches consistent with the security rules and guidelines established by the office.

1.  Suspected or confirmed information security incidents and breaches must be immediately reported to the office.

2.  For incidents involving breaches, agencies shall provide notice in accordance with s. 817.5681 and to the office in accordance with this subsection.

(5)  Each state agency shall include appropriate security requirements in the specifications for the solicitation of contracts for procuring information technology or information technology resources or services which are consistent with the rules and guidelines established by the Office of Information Security.

(6)  The Agency for Enterprise Information Technology may adopt rules relating to information security and to administer the provisions of this section.

(7)  By December 31, 2010, the Agency for Enterprise Information Technology shall develop, and submit to the Governor, the President of the Senate, and the Speaker of the House of Representatives a proposed implementation plan for information technology security. The agency shall describe the scope of operation, conduct costs and requirements analyses, conduct an inventory of all existing security information technology resources, and develop strategies, timeframes, and resources necessary for statewide migration.

History.--ss. 1, 2, 3, ch. 84-236; s. 28, ch. 87-137; s. 1, ch. 89-14; s. 7, ch. 90-160; s. 13, ch. 91-171; s. 234, ch. 92-279; s. 55, ch. 92-326; s. 22, ch. 94-340; s. 863, ch. 95-148; s. 131, ch. 96-406; s. 15, ch. 97-286; s. 25, ch. 2000-164; s. 26, ch. 2001-261; s. 18, ch. 2006-26; s. 10, ch. 2007-105; s. 12, ch. 2009-80.

¹Note.--Substituted by the editors for a reference to s. 287.0041, which does not exist; the term "enterprise information technology service" is defined in s. 282.0041.

282.322  Special monitoring process for designated information resources management projects.--For each information resources management project which is designated for special monitoring in the General Appropriations Act, with a proviso requiring a contract with a project monitor, the Technology Review Workgroup established pursuant to s. 216.0446, in consultation with each affected agency, shall be responsible for contracting with the project monitor. Upon contract award, funds equal to the contract amount shall be transferred to the Technology Review Workgroup upon request and subsequent approval of a budget amendment pursuant to s. 216.292. With the concurrence of the Legislative Auditing Committee, the office of the Auditor General shall be the project monitor for other projects designated for special monitoring. However, nothing in this section precludes the Auditor General from conducting such monitoring on any project designated for special monitoring. In addition to monitoring and reporting on significant communications between a contracting agency and the appropriate federal authorities, the project monitoring process shall consist of evaluating each major stage of the designated project to determine whether the deliverables have been satisfied and to assess the level of risks associated with proceeding to the next stage of the project. The major stages of each designated project shall be determined based on the agency's information systems development methodology. Within 20 days after an agency has completed a major stage of its designated project or at least 90 days, the project monitor shall issue a written report, including the findings and recommendations for correcting deficiencies, to the agency head, for review and comment. Within 20 days after receipt of the project monitor's report, the agency head shall submit a written statement of explanation or rebuttal concerning the findings and recommendations of the project monitor, including any corrective action to be taken by the agency. The project monitor shall include the agency's statement in its final report, which shall be forwarded, within 7 days after receipt of the agency's statement, to the agency head, the inspector general's office of the agency, the Executive Office of the Governor, the appropriations committees of the Legislature, the Joint Legislative Auditing Committee, the Technology Review Workgroup, the President of the Senate, the Speaker of the House of Representatives, and the Office of Program Policy Analysis and Government Accountability. The Auditor General shall also receive a copy of the project monitor's report for those projects in which the Auditor General is not the project monitor.

History.--s. 23, ch. 94-340; s. 11, ch. 97-100; s. 16, ch. 97-286; s. 23, ch. 98-73; s. 30, ch. 98-136; s. 40, ch. 99-399; s. 27, ch. 2001-261; s. 11, ch. 2007-105; s. 20, ch. 2008-116.

282.33  Objective standards for data center energy efficiency.--

(1)  By July 1, 2009, the Agency for Enterprise Information Technology shall define objective standards for:

(a)  Measuring data center energy consumption and efficiency, including, but not limited to, airflow and cooling, power consumption and distribution, and environmental control systems in a data center facility.

(b)  Calculating total cost of ownership of energy-efficient information technology products, including initial purchase, installation, ongoing operation and maintenance, and disposal costs over the life cycle of the product.

(2)  State shared resource data centers and other data centers that the Agency for Enterprise Information Technology has determined will be recipients for consolidating data centers, which are designated by the Agency for Enterprise Information Technology, shall evaluate their data center facilities for energy efficiency using the standards established in this section.

(a)  Results of these evaluations shall be reported to the Agency for Enterprise Information Technology, the President of the Senate, and the Speaker of the House of Representatives. Reports shall enable the tracking of energy performance over time and comparisons between facilities.

(b)  By December 31, 2010, and biennially thereafter, the Agency for Enterprise Information Technology shall submit to the Legislature recommendations for reducing energy consumption and improving the energy efficiency of state primary data centers.

(3)  The primary means of achieving maximum energy savings across all state data centers and computing facilities shall be the consolidation of data centers and computing facilities as determined by the Agency for Enterprise Information Technology. State data centers and computing facilities in the state data center system shall be established as an enterprise information technology service as defined in s. 282.0041. The Agency for Enterprise Information Technology shall make recommendations on consolidating state data centers and computing facilities, pursuant to s. 282.0056, by December 31, 2009.

(4)  When the total cost of ownership of an energy-efficient product is less than or equal to the cost of the existing data center facility or infrastructure, technical specifications for energy-efficient products should be incorporated in the plans and processes for replacing, upgrading, or expanding data center facilities or infrastructure, including, but not limited to, network, storage, or computer equipment and software.

History.--s. 111, ch. 2008-227; s. 13, ch. 2009-80.

282.34  Statewide e-mail system.--A state e-mail system that includes the service delivery and support for a statewide e-mail, messaging, and calendaring service is established as an enterprise information technology service as defined in s. 282.0041. The service shall be designed to meet the needs of all executive branch agencies and reduce the current cost of operation and support.

(1)  The Southwood Shared Resource Center, a primary data center, shall be the provider of the statewide e-mail system. The center shall centrally host, manage, and operate the e-mail system.

(2)  By December 31, 2009, the Agency for Enterprise Information Technology shall submit a proposed plan for the establishment of the e-mail system to the Governor, the President of the Senate, and the Speaker of the House of Representatives. The plan shall be developed to reduce costs to the state and include, at a minimum:

(a)  An analysis of the in-house and external sourcing options that should be considered for delivery and support of the service. The analysis shall include an internally hosted system option, an externally sourced system option, and, if necessary, a combined in-house and externally sourced option.

(b)  A cost-benefit analysis that estimates all major cost elements associated with each sourcing option, including the nonrecurring and recurring costs of each option. The analysis must also include a comparison of the total cost of each enterprise e-mail sourcing option and the total cost of existing e-mail services in order to determine the level of savings that can be expected.

(c)  Estimated expenditures for each state agency associated with e-mail costs for the 2009-2010 fiscal year.

(d)  The plan must identify any existing e-mail infrastructure that should be considered for reuse.

(e)  A concise analysis of the ability of each sourcing option to meet major system requirements, including federal and state requirements for confidentiality, privacy, security, and records retention.

(f)  A complete description of the scope of functionality, operations, and required resources associated with each sourcing option.

(g)  Recommendations for standardizing the format of state e-mail addresses.

(h)  A reliable schedule for the decommissioning of all state agency e-mail systems and the migration of all agencies to the new system beginning by July 1, 2010, and completing by June 30, 2013.

(3)  In order to develop the recommended plan for the new system, the Agency for Enterprise Information Technology shall consult with and, as necessary, form workgroups consisting of agency e-mail management staff, agency chief information officers, and agency budget directors. State agencies must cooperate with the Agency for Enterprise Technology in its development of the plan.

(4)  Unless authorized by the Legislature or as provided in subsection (5), a state agency shall not:

(a)  Initiate a new e-mail service with any entity other than the provider of the statewide e-mail system service;

(b)  Terminate a statewide e-mail system service without giving written notice of termination 180 days in advance; or

(c)  Transfer e-mail system services from the provider of the statewide e-mail system service.

(5)  Exceptions to paragraphs (4)(a), (b), and (c) may be granted by the Agency for Enterprise Information Technology only if the Southwood Shared Resource Center is unable to meet agency e-mail service requirements. Requests for exceptions must be submitted in writing to the Agency for Enterprise Information Technology and include confirmation by the Southwood Shared Resource Center board of trustees that it cannot meet the requesting agency's e-mail service requirements.

History.--s. 14, ch. 2009-80.

282.5001  Short title.

282.5002  Definitions.

282.5003  Exclusive remedies for failure to be year 2000 compliant.

282.5004  Damages for failure to be year 2000 compliant; mediation; limitation on class actions; statute of limitations.

282.5005  Immunity from liability for directors and officers of businesses.

282.5006  Antitrust exemption with respect to exchanges of information.

282.5007  Alternative dispute resolution procedures.

282.5008  Construction of act.

282.5001  Short title.--This act may be cited as the "Commerce Protection Act."

History.--s. 1, ch. 99-230.

282.5002  Definitions.--For the purposes of this act, the following terms have the following meanings:

(1)  BUSINESS.--The term "business" means a person or an entity engaged in providing goods or services in this state, but the term excludes any governmental agency or any agency of the legislative or judicial branch of state government.

(2)  DATE DATA.--The term "date data" means data that contain dates or that contain both dates and times.

(3)  DIRECT ECONOMIC DAMAGES.--The term "direct economic damages" includes only economic compensatory damages that follow both immediately and necessarily from the failure of the information technology products of a business or governmental agency to be year 2000 compliant. The term excludes special damages, incidental damages, and exemplary or punitive damages.

(4)  GOVERNMENTAL AGENCY.--The term "governmental agency" includes any agency of the executive branch of state government or any political subdivision of the state as defined in s. 1.01 or any agency of such a political subdivision. For purposes of this section, the term also includes any public or private university school of medicine that is part of a public or private university supported in whole or in part by state funds and that has an affiliation with a local government or state instrumentality under which the medical school's computer systems, or diagnostic or therapeutic equipment dependent upon date logic, are used to provide clinical patient care services to the public.

(5)  INFORMATION TECHNOLOGY PRODUCT.--

(a)  The term "information technology product" includes software, firmware, microcode, hardware, and equipment containing embedded chips or microprocessors that create, read, write, calculate, compare, sequence, or otherwise operate on date data.

(b)  The "information technology products" of a business or governmental agency are those that are owned, leased, or licensed by or under the exclusive control of the business or governmental agency and are used by it in providing its goods or services.

(6)  YEAR 2000 COMPLIANT.--An information technology product is "year 2000 compliant" if the product, when used in accordance with its associated documentation or recommended user intervention, is capable of correctly processing, providing, and receiving date data, and will do so for all dates occurring between February 28, 1996, and March 1, 2000, when all other information technology products that are used with the product properly exchange date data with it. An information technology product does not fail to be year 2000 compliant merely because it contains a defect that is unrelated to the manner in which the product processes, provides, or receives date data and that only incidentally causes the product to fail to properly process, provide, or receive date data.

History.--s. 2, ch. 99-230.

282.5003  Exclusive remedies for failure to be year 2000 compliant.--The exclusive remedies in this state for recovering from a business or governmental agency damages resulting from the failure of its information technology products to be year 2000 compliant are those available for breach of a contract with or a tariff filed by the business or governmental agency; and all terms of that contract or tariff, including limitations on and exclusions of liability and disclaimers of warranty, remain fully enforceable and are unaffected by the provisions of this act. If there is no contract or tariff, the exclusive remedies in this state for recovering from a business or governmental agency damages resulting from the failure of its information technology products to be year 2000 compliant are those provided in s. 282.5004.

History.--s. 3, ch. 99-230.

282.5004  Damages for failure to be year 2000 compliant; mediation; limitation on class actions; statute of limitations.--

(1)  Unless otherwise provided by a contract or tariff, any business may be liable only for direct economic damages caused by the failure of its information technology products to be year 2000 compliant, as provided in this section.

(2)  Unless otherwise provided by a contract or tariff, any governmental agency may be liable only for direct economic damages caused by the failure of its information technology products to be year 2000 compliant, and only within the limits on the waiver of sovereign immunity established in s. 768.28.

(3)  The provisions of s. 768.81 apply to the award of damages under this section.

(4)  Damages awarded under this section shall exclude any damages that the plaintiff:

(a)  Could have avoided or mitigated with the exercise of reasonable care; or

(b)  Could have reasonably avoided or mitigated as a result of any written or otherwise communicated disclosure actually made by the defendant before December 1, 1999, in a manner consistent with that used in the past to give notifications to the plaintiff or persons similarly situated, concerning whether any of the information technology products of the business or governmental agency was year 2000 compliant.

(5)(a)  A business or governmental agency is not liable for direct economic damages if it proves by a preponderance of the evidence that it has:

1.  Secured an assessment, by a person who possesses the technical skills, experience, or competence with respect to information technology resources to evaluate information technology products for year 2000 compliance, to determine actions necessary to make the information technology products of the business or governmental agency year 2000 compliant and, based on that assessment, holds before December 1, 1999, a reasonable good faith belief that those products are year 2000 compliant; or

2.  Before December 1, 1999, conducted a date-data test of its information technology products and as a result of such test has a reasonable good faith belief that they are year 2000 compliant; or

3.  If it has five or fewer employees and has a net worth of $100,000 or less, made reasonable efforts to assess whether the entities on whose goods or services it relies and with whom it is in privity have provided information technology products that are year 2000 compliant and, with respect to each such entity, either:

a.  Holds before December 1, 1999, a reasonable good faith belief, based on the response to inquiries or on research, that the entity has provided information technology products that are year 2000 compliant; or

b.  Discloses in writing to the other party before December 1, 1999, in a manner consistent with that used in the past to give written notifications to that party, that the entity has provided information technology products that are presumed not to be year 2000 compliant or that, based on the response to inquiries, the entity is making reasonable good faith efforts to make its information technology products become year 2000 compliant.

(b)  All defenses that would otherwise be available to a business or governmental agency in any other action, including an action based on negligence, remain available with respect to an action under this section. Moreover, the failure of a business or governmental agency to comply with paragraph (a) shall not create a presumption of liability and no inference may be drawn from such failure.

(6)  Beginning January 1, 2000, upon the filing of any lawsuit or the presentation of a claim for arbitration under s. 282.5007 seeking damages under this section, and prior to the filing of an answer or response, the court having jurisdiction shall refer the claim to mediation under s. 44.102 unless the court determines that the interests of justice would not be served. The time to file the answer or response shall be tolled for up to 60 days after service of process on the defendant or until the conclusion of the mediation, whichever is earlier.

(7)  A class action may not be maintained in this state:

(a)  Against a governmental agency for damages caused by the failure of its information technology products to be year 2000 compliant.

(b)  Against a business for damages caused by the failure of its information technology products to be year 2000 compliant, unless each member of the class has suffered direct economic damages in excess of $50,000.

(8)  Any action for damages under this section must be commenced on or before March 1, 2002, but the running of this time is tolled from the date any offer is made to submit the claim to mediation until the conclusion of mediation.

History.--s. 4, ch. 99-230.

282.5005  Immunity from liability for directors and officers of businesses.--

(1)  A director or officer of a business has absolute and complete immunity from personal liability for any damages resulting from the failure of the information technology products of the business to be year 2000 compliant if the officer or director has either instructed the business or received written assurance from another officer or director that the business has been instructed to:

(a)  Take steps to determine whether those products are year 2000 compliant;

(b)  Develop and implement a plan to take actions necessary to make those products year 2000 compliant; and

(c)  Inquire whether the information technology products of the entities on whose goods or services the business relies are year 2000 compliant.

(2)  A director or officer who does not have absolute and complete immunity from personal liability under subsection (1) nevertheless has immunity from personal liability to the extent provided in chapter 607 or chapter 617.

History.--s. 5, ch. 99-230.

282.5006  Antitrust exemption with respect to exchanges of information.--The exchange of information among businesses concerning measures that have been taken or are to be taken in order for a business to make its information technology products year 2000 compliant does not constitute an activity or conduct in restraint of trade or commerce under chapter 542.

History.--s. 6, ch. 99-230.

282.5007  Alternative dispute resolution procedures.--

(1)  VOLUNTARY BINDING ARBITRATION.--

(a)  Any party to a dispute under this act for which there is no prior arbitration agreement may, before a lawsuit has been filed, make an offer to the other party to submit the dispute to voluntary binding arbitration under s. 44.104. An offer made under this paragraph must set out the maximum amount of damages that may be imposed pursuant to arbitration.

(b)  If at trial the court finds that an offer was made under paragraph (a) and was rejected, the court shall award attorney's fees and costs in accordance with this paragraph.

1.  If the offer was made by the plaintiff and rejected by the defendant, and if the defendant is ultimately found to be liable for damages in an amount equal to or exceeding that specified in the plaintiff's highest offer, the defendant must pay the plaintiff's costs and reasonable attorney's fees.

2.  If the offer was made by the defendant and rejected by the plaintiff, and if the plaintiff is not ultimately awarded damages in an amount exceeding that specified in the defendant's highest offer, the plaintiff must pay the defendant's costs and reasonable attorney's fees.

(2)  MEDIATION.--

(a)  The court may submit a claim for damages under this act to mediation pursuant to s. 44.102.

(b)  A party may serve its last best offer made in mediation upon another party as an offer of judgment under s. 768.79, and may make use of all the rights and remedies provided by this section.

(c)  The court shall have discretion to require that the costs of mediation be shared equally by the parties.

History.--s. 7, ch. 99-230; s. 35, ch. 2000-152.

282.5008  Construction of act.--This act shall not be construed to create a new cause of action or a duty to provide notice concerning year 2000 compliance nor be construed to mandate the content or timing of any notice concerning year 2000 compliance.

History.--s. 8, ch. 99-230.

282.601  Accessibility of electronic information and information technology.

282.602  Definitions.

282.603  Access to electronic and information technology for persons with disabilities; undue burden; limitations.

282.604  Adoption of rules.

282.605  Exceptions.

282.606  Intent.

282.601  Accessibility of electronic information and information technology.--

(1)  In order to improve the accessibility of electronic information and information technology and increase the successful education, employment, access to governmental information and services, and involvement in community life, the executive, legislative, and judicial branches of state government shall, when developing, competitively procuring, maintaining, or using electronic information or information technology acquired on or after July 1, 2006, ensure that state employees with disabilities have access to and are provided with information and data comparable to the access and use by state employees who are not individuals with disabilities, unless an undue burden would be imposed on the agency.

(2)  Individuals with disabilities who are members of the public seeking information or services from state agencies that are subject to this part shall be provided with access to and use of information and data comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the agency.

History.--s. 73, ch. 2006-227.

282.602  Definitions.--As used in this part, the term:

(1)  "Accessible electronic information and information technology" means electronic information and information technology that conforms to the standards for accessible electronic information and information technology as set forth by s. 508 of the Rehabilitation Act of 1973, as amended, and 29 U.S.C. s. 794(d), including the regulations set forth under 36 C.F.R. part 1194.

(2)  "Alternate methods" means a different means of providing information to people with disabilities, including product documentation. The term includes, but is not limited to, voice, facsimile, relay service, TTY, Internet posting, captioning, text-to-speech synthesis, and audio description.

(3)  "Electronic information and information technology" includes information technology and any equipment or interconnected system or subsystem of equipment that is used in creating, converting, or duplicating data or information. The term includes, but is not limited to, telecommunications products such as telephones, information kiosks and transaction machines, Internet websites, multimedia systems, and office equipment such as copiers and facsimile machines. The term does not include any equipment that contains embedded information technology that is an integral part of the product if the principal function of the technology is not the acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information.

(4)  "Information technology" means any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term includes computers, ancillary equipment, software, firmware and similar procedures, services, and support services, and related resources.

(5)  "Undue burden" means significant difficulty or expense. In determining whether an action would result in an undue burden, a state agency shall consider all agency resources that are available to the program or component for which the product is being developed, procured, maintained, or used.

(6)  "State agency" means any agency of the executive, legislative, or judicial branch of state government.

History.--s. 73, ch. 2006-227.

282.603  Access to electronic and information technology for persons with disabilities; undue burden; limitations.--

(1)  Each state agency shall develop, procure, maintain, and use accessible electronic information and information technology acquired on or after July 1, 2006, that conforms to the applicable provisions set forth by s. 508 of the Rehabilitation Act of 1973, as amended, and 29 U.S.C. s. 794(d), including the regulations set forth under 36 C.F.R. part 1194, except when compliance with this section imposes an undue burden; however, in such instance, a state agency must provide individuals with disabilities with the information and data involved by an alternative method of access that allows the individual to use the information and data.

(2)  This section does not require a state agency to install specific accessibility-related software or attach an assistive technology device at a work station of a state employee who is not an individual with a disability.

(3)  This section does not require a state agency, when providing the public with access to information or data through electronic information technology, to make products owned by the state agency available for access and use by individuals with disabilities at a location other than the location at which the electronic information and information technology are normally provided to the public. This section does not require a state agency to purchase products for access and use by individuals with disabilities at a location other than at the location where the electronic information and information technology are normally provided to the public.

History.--s. 73, ch. 2006-227.

282.604  Adoption of rules.--The Department of Management Services shall, with input from stakeholders, adopt rules pursuant to ss. 120.536(1) and 120.54 for the development, procurement, maintenance, and use of accessible electronic information technology by governmental units.

History.--s. 73, ch. 2006-227.

282.605  Exceptions.--

(1)  This part does not apply to electronic information and information technology of the Department of Military Affairs or the Florida National Guard if the function, operation, or use of the information or technology involves intelligence activities or cryptologic activities related to national security, the command and control of military forces, equipment that is an integral part of a weapon or weapons system, or systems that are critical to the direct fulfillment of military or intelligence missions. Systems that are critical to the direct fulfillment of military or intelligence missions do not include a system that is used for routine administrative and business applications, including, but not limited to, payroll, finance, logistics, and personnel management applications.

(2)  This part does not apply to electronic information and information technology of a state agency if the function, operation, or use of the information or technology involves criminal intelligence activities. Such activities do not include information or technology that is used for routine administrative and business applications, including, but not limited to, payroll, finance, logistics, and personnel management applications.

(3)  This part does not apply to electronic information and information technology that is acquired by a contractor and that is incidental to the contract.

(4)  This part applies to competitive solicitations issued or new systems developed by a state agency on or after July 1, 2006.

History.--s. 73, ch. 2006-227.

282.606  Intent.--It is the intent of the Legislature that, in construing this part, due consideration and great weight be given to the interpretations of the federal courts relating to comparable provisions of s. 508 of the Rehabilitation Act of 1973, as amended, and 29 U.S.C. s. 794(d), including the regulations set forth under 36 C.F.R. part 1194, as of July 1, 2006.

History.--s. 73, ch. 2006-227.

282.701  Short title.

282.702  Powers and duties.

282.703  SUNCOM Network; exemptions from the required use.

282.704  Use of state SUNCOM Network by municipalities.

282.705  Use of state SUNCOM Network by nonprofit corporations.

282.706  Use of SUNCOM Network by libraries.

282.707  SUNCOM Network; criteria for usage.

282.708  Emergency assumption of control.

282.709  State agency law enforcement radio system and interoperability network.

282.7101  Statewide system of regional law enforcement communications.

282.711  Remote electronic access services.

282.701  Short title.--This part may be cited as the "Communication Information Technology Services Act."

History.--s. 16, ch. 2009-80.

282.702  Powers and duties.--The Department of Management Services shall have the following powers, duties, and functions:

(1)  To publish electronically the portfolio of services available from the department, including pricing information; the policies and procedures of the state communications network governing usage of available services; and a forecast of the priorities and initiatives for the state communications system for the ensuing 2 years.

(2)  To adopt technical standards for the state communications network which will ensure the interconnection of computer networks and information systems of agencies.

(3)  To enter into agreements related to information technology with state agencies and political subdivisions of the state.

(4)  To purchase from or contract with information technology providers for information technology, including private line services.

(5)  To apply for, receive, and hold such authorizations, patents, copyrights, trademarks, service marks, licenses, and allocations or channels and frequencies to carry out the purposes of this part.

(6)  To purchase, lease, or otherwise acquire and to hold, sell, transfer, license, or otherwise dispose of real, personal, and intellectual property, including, but not limited to, patents, trademarks, copyrights, and service marks.

(7)  To cooperate with any federal, state, or local emergency management agency in providing for emergency communications services.

(8)  To control and approve the purchase, lease, or acquisition and the use of communications services provided as part of any other total system to be used by the state or any of its agencies.

(9)  To adopt rules pursuant to ss. 120.536(1) and 120.54 relating to communications and to administer the provisions of this part.

(10)  To apply for and accept federal funds for any of the purposes of this part as well as gifts and donations from individuals, foundations, and private organizations.

(11)  To monitor issues relating to communications facilities and services before the Florida Public Service Commission and, when necessary, prepare position papers, prepare testimony, appear as a witness, and retain witnesses on behalf of state agencies in proceedings before the commission.

(12)  Unless delegated to the agencies by the department, to manage and control, but not intercept or interpret, communications within the SUNCOM Network by:

(a)  Establishing technical standards to physically interface with the SUNCOM Network.

(b)  Specifying how communications are transmitted within the SUNCOM Network.

(c)  Controlling the routing of communications within the SUNCOM Network.

(d)  Establishing standards, policies, and procedures for access to the SUNCOM Network.

(e)  Ensuring orderly and reliable communications services in accordance with the service level agreements executed with state agencies.

(13)  To plan, design, and conduct experiments for communications services, equipment, and technologies, and to implement enhancements in the state communications network when in the public interest and cost-effective. Funding for such experiments shall be derived from SUNCOM Network service revenues and shall not exceed 2 percent of the annual budget for the SUNCOM Network for any fiscal year or as provided in the General Appropriations Act. New services offered as a result of this subsection shall not affect existing rates for facilities or services.

(14)  To enter into contracts or agreements, with or without competitive bidding or procurement, to make available, on a fair, reasonable, and nondiscriminatory basis, property and other structures under departmental control for the placement of new facilities by any wireless provider of mobile service as defined in 47 U.S.C. ¹s. 153(27) or s. 332(d) and any telecommunications company as defined in s. 364.02 when it is determined to be practical and feasible to make such property or other structures available. The department may, without adopting a rule, charge a just, reasonable, and nondiscriminatory fee for the placement of the facilities, payable annually, based on the fair market value of space used by comparable communications facilities in the state. The department and a wireless provider or telecommunications company may negotiate the reduction or elimination of a fee in consideration of services provided to the department by the wireless provider or telecommunications company. All such fees collected by the department shall be deposited directly into the Law Enforcement Radio Operating Trust Fund, and may be used by the department to construct, maintain, or support the system.

History.--s. 22, ch. 69-106; s. 1, ch. 70-327; s. 36, ch. 83-334; s. 11, ch. 87-137; s. 220, ch. 92-279; s. 55, ch. 92-326; s. 16, ch. 95-143; s. 1, ch. 96-357; s. 9, ch. 96-390; s. 11, ch. 97-286; s. 65, ch. 98-279; s. 5, ch. 2000-164; s. 11, ch. 2001-261; s. 36, ch. 2002-1; s. 18, ch. 2007-105; s. 17, ch. 2009-80.

¹Note.--Substituted by the editors for a reference to 47 U.S.C. s. 153(n), which does not exist; the term "mobile service" is defined in 47 U.S.C. s. 153(27).

Note.--Former s. 287.25; s. 282.102.

282.703  SUNCOM Network; exemptions from the required use.--

(1)  There is created within the department the SUNCOM Network, which shall be developed to serve as the state communications system for providing local and long-distance communications services to state agencies, political subdivisions of the state, municipalities, state universities, and nonprofit corporations pursuant to this part. The SUNCOM Network shall be developed to transmit all types of communications signals, including, but not limited to, voice, data, video, image, and radio. State agencies shall cooperate and assist in the development and joint use of communications systems and services.

(2)  The department shall design, engineer, implement, manage, and operate through state ownership, commercial leasing, or some combination thereof, the facilities and equipment providing SUNCOM Network services, and shall develop a system of equitable billings and charges for communication services.

(3)  All state agencies and state universities shall use the SUNCOM Network for agency and state university communications services as the services become available; however, no agency or university is relieved of responsibility for maintaining communications services necessary for effective management of its programs and functions. If a SUNCOM Network service does not meet the communications requirements of an agency or university, the agency or university shall notify the department in writing and detail the requirements for that communications service. If the department is unable to meet an agency's or university's requirements by enhancing SUNCOM Network service, the department may grant the agency or university an exemption from the required use of specified SUNCOM Network services.

History.--s. 22, ch. 69-106; s. 13, ch. 87-137; s. 3, ch. 91-171; s. 222, ch. 92-279; s. 55, ch. 92-326; s. 10, ch. 96-390; s. 66, ch. 98-279; s. 6, ch. 2000-164; s. 12, ch. 2001-261; s. 935, ch. 2002-387; s. 19, ch. 2007-105; s. 18, ch. 2009-80.

Note.--Former s. 287.27; s. 282.103.

282.704  Use of state SUNCOM Network by municipalities.--Any municipality may request the department to provide any or all of the SUNCOM Network's portfolio of communications services upon such terms and conditions as the department may establish. The requesting municipality shall pay its share of installation and recurring costs according to the published rates for SUNCOM Network services and as invoiced by the department. Such municipality shall also pay for any requested modifications to existing SUNCOM Network services, if any charges apply.

History.--s. 3, ch. 82-56; s. 1, ch. 83-70; s. 14, ch. 87-137; s. 11, ch. 96-390; s. 67, ch. 98-279; s. 7, ch. 2000-164; s. 13, ch. 2001-261; s. 19, ch. 2009-80.

Note.--Former s. 287.251; s. 282.104.

282.705  Use of state SUNCOM Network by nonprofit corporations.--

(1)  The department shall provide a means whereby private nonprofit corporations under contract with state agencies or political subdivisions of the state may use the state SUNCOM Network, subject to the limitations in this section. In order to qualify to use the state SUNCOM Network, a nonprofit corporation shall:

(a)  Expend the majority of its total direct revenues for the provision of contractual services to the state, a municipality, or a political subdivision; and

(b)  Receive only a small portion of its total revenues from any source other than a state agency, a municipality, or a political subdivision during the time SUNCOM Network services are requested.

(2)  Each nonprofit corporation seeking authorization to use the state SUNCOM Network shall provide to the department, upon request, proof of compliance with subsection (1).

(3)  Nonprofit corporations established pursuant to general law and an association of municipal governments which is wholly owned by the municipalities are eligible to use the state SUNCOM Network, subject to the terms and conditions of the department.

(4)  Institutions qualified to participate in the William L. Boyd, IV, Florida Resident Access Grant Program pursuant to s. 1009.89 are eligible to use the state SUNCOM Network, subject to the terms and conditions of the department. Such entities are not required to satisfy the other criteria of this section.

(5)  Private, nonprofit elementary and secondary schools are eligible for rates and services on the same basis as public schools if such schools do not have an endowment in excess of $50 million.

History.--s. 1, ch. 80-107; s. 2, ch. 82-56; s. 3, ch. 83-70; s. 15, ch. 87-137; s. 223, ch. 92-279; s. 55, ch. 92-326; s. 197, ch. 95-148; s. 12, ch. 96-390; s. 19, ch. 97-296; s. 68, ch. 98-279; s. 36, ch. 99-399; s. 8, ch. 2000-164; s. 14, ch. 2001-261; s. 936, ch. 2002-387; s. 20, ch. 2009-80.

Note.--Former s. 287.272; s. 282.105.

282.706  Use of SUNCOM Network by libraries.--The department may provide SUNCOM Network services to any library in the state, including libraries in public schools, community colleges, state universities, and nonprofit private postsecondary educational institutions, and libraries owned and operated by municipalities and political subdivisions.

History.--s. 2, ch. 96-357; s. 9, ch. 2000-164; s. 15, ch. 2001-261; s. 937, ch. 2002-387; s. 21, ch. 2009-80.

Note.--Former s. 282.106.

282.707  SUNCOM Network; criteria for usage.--

(1)  The department shall periodically review the qualifications of subscribers using the state SUNCOM Network and shall terminate services provided to any facility not qualified under this part or rules adopted hereunder. In the event of nonpayment of invoices by subscribers whose SUNCOM Network invoices are paid from sources other than legislative appropriations, such nonpayment represents good and sufficient reason to terminate service.

(2)  The department shall adopt rules for implementing and operating the state SUNCOM Network, which include procedures for withdrawing and restoring authorization to use the state SUNCOM Network. Such rules shall provide a minimum of 30 days' notice to affected parties before terminating voice communications service.

(3)  This section does not limit or restrict the ability of the Florida Public Service Commission to set jurisdictional tariffs of telecommunications companies.

History.--s. 1, ch. 82-56; s. 2, ch. 83-70; s. 16, ch. 87-137; s. 13, ch. 96-390; s. 33, ch. 2000-152; s. 10, ch. 2000-164; s. 20, ch. 2007-105; s. 22, ch. 2009-80.

Note.--Former s. 287.255; s. 282.107.

282.708  Emergency assumption of control.--In the event of an emergency, the Governor may direct emergency management assumption of control over all or part of the state communications system.

History.--s. 22, ch. 69-106; s. 37, ch. 83-334; s. 23, ch. 2009-80.

Note.--Former s. 287.28; s. 282.109.

282.709  State agency law enforcement radio system and interoperability network.--

(1)  The department may acquire and administer a statewide radio communications system to serve law enforcement units of state agencies, and to serve local law enforcement agencies through mutual aid channels.

(a)  The department shall, in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, establish policies, procedures, and standards to be incorporated into a comprehensive management plan for the use and operation of the statewide radio communications system.

(b)  The department shall bear the overall responsibility for the design, engineering, acquisition, and implementation of the statewide radio communications system and for ensuring the proper operation and maintenance of all common system equipment.

(c)1.  The department may rent or lease space on any tower under its control and refuse to lease space on any tower at any site.

2.  The department may rent, lease, or sublease ground space as necessary to locate equipment to support antennae on the towers. The costs for the use of such space shall be established by the department for each site if it is determined to be practicable and feasible to make space available.

3.  The department may rent, lease, or sublease ground space on lands acquired by the department for the construction of privately owned or publicly owned towers. The department may, as a part of such rental, lease, or sublease agreement, require space on such towers for antennae as necessary for the construction and operation of the state agency law enforcement radio system or any other state need.

4.  All moneys collected by the department for rents, leases, and subleases under this subsection shall be deposited directly into the State Agency Law Enforcement Radio System Trust Fund established in subsection (3) and may be used by the department to construct, maintain, or support the system.

5.  The positions necessary for the department to accomplish its duties under this subsection shall be established in the General Appropriations Act and funded by the Law Enforcement Radio Operating Trust Fund or other revenue sources.

(d)  The department shall exercise its powers and duties under this part to plan, manage, and administer the mutual aid channels in the statewide radio communication system.

1.  In implementing such powers and duties, the department shall consult and act in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, and shall manage and administer the mutual aid channels in a manner that reasonably addresses the needs and concerns of the involved law enforcement agencies and emergency response agencies and entities.

2.  The department may make the mutual aid channels available to federal agencies, state agencies, and agencies of the political subdivisions of the state for the purpose of public safety and domestic security.

(e)  The department may allow other state agencies to use the statewide radio communications system under terms and conditions established by the department.

(2)  The Joint Task Force on State Agency Law Enforcement Communications is created adjunct to the department to advise the department of member-agency needs relating to the planning, designing, and establishment of the statewide communication system.

(a)  The Joint Task Force on State Agency Law Enforcement Communications shall consist of eight members, as follows:

1.  A representative of the Division of Alcoholic Beverages and Tobacco of the Department of Business and Professional Regulation who shall be appointed by the secretary of the department.

2.  A representative of the Division of Florida Highway Patrol of the Department of Highway Safety and Motor Vehicles who shall be appointed by the executive director of the department.

3.  A representative of the Department of Law Enforcement who shall be appointed by the executive director of the department.

4.  A representative of the Fish and Wildlife Conservation Commission who shall be appointed by the executive director of the commission.

5.  A representative of the Division of Law Enforcement of the Department of Environmental Protection who shall be appointed by the secretary of the department.

6.  A representative of the Department of Corrections who shall be appointed by the secretary of the department.

7.  A representative of the Division of State Fire Marshal of the Department of Financial Services who shall be appointed by the State Fire Marshal.

8.  A representative of the Department of Transportation who shall be appointed by the secretary of the department.

(b)  Each appointed member of the joint task force shall serve at the pleasure of the appointing official. Any vacancy on the joint task force shall be filled in the same manner as the original appointment. A joint task force member may, upon notification to the chair before the beginning of any scheduled meeting, appoint an alternative to represent the member on the task force and vote on task force business in his or her absence.

(c)  The joint task force shall elect a chair from among its members to serve a 1-year term. A vacancy in the chair of the joint task force must be filled for the remainder of the unexpired term by an election of the joint task force members.

(d)  The joint task force shall meet as necessary, but at least quarterly, at the call of the chair and at the time and place designated by him or her.

(e)  The per diem and travel expenses incurred by a member of the joint task force in attending its meetings and in attending to its affairs shall be paid pursuant to s. 112.061, from funds budgeted to the state agency that the member represents.

(f)  The department shall provide technical support to the joint task force.

(3)  The State Agency Law Enforcement Radio System Trust Fund is established in the department and funded from surcharges collected under ss. 318.18, 320.0802, and 328.72. Upon appropriation, moneys in the trust fund may be used by the department to acquire by competitive procurement the equipment, software, and engineering, administrative, and maintenance services it needs to construct, operate, and maintain the statewide radio system. Moneys in the trust fund collected as a result of the surcharges set forth in ss. 318.18, 320.0802, and 328.72 shall be used to help fund the costs of the system. Upon completion of the system, moneys in the trust fund may also be used by the department for payment of the recurring maintenance costs of the system.

(4)  The department may create and administer an interoperability network to enable interoperability between various radio communications technologies and to serve federal agencies, state agencies, and agencies of political subdivisions of the state for the purpose of public safety and domestic security.

(a)  The department shall, in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, exercise its powers and duties pursuant to this chapter to plan, manage, and administer the interoperability network. The office may:

1.  Enter into mutual aid agreements among federal agencies, state agencies, and political subdivisions of the state for the use of the interoperability network.

2.  Establish the cost of maintenance and operation of the interoperability network and charge subscribing federal and local law enforcement agencies for access and use of the network. The department may not charge state law enforcement agencies identified in paragraph (2)(a) to use the network.

3.  In consultation with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, amend and enhance the statewide radio communications system as necessary to implement the interoperability network.

(b)  The department, in consultation with the Joint Task Force on State Agency Law Enforcement Communications, and in conjunction with the Department of Law Enforcement and the Division of Emergency Management of the Department of Community Affairs, shall establish policies, procedures, and standards to incorporate into a comprehensive management plan for the use and operation of the interoperability network.

History.--s. 1, ch. 88-144; s. 1, ch. 92-72; s. 224, ch. 92-279; s. 55, ch. 92-326; s. 30, ch. 94-218; s. 111, ch. 94-356; s. 860, ch. 95-148; s. 5, ch. 95-283; s. 1, ch. 96-312; s. 5, ch. 96-357; s. 10, ch. 96-388; s. 14, ch. 96-390; s. 6, ch. 98-251; s. 69, ch. 98-279; s. 81, ch. 99-245; s. 3, ch. 99-289; s. 37, ch. 99-399; s. 11, ch. 2000-164; s. 16, ch. 2001-261; s. 2, ch. 2003-153; s. 308, ch. 2003-261; s. 24, ch. 2009-80.

Note.--Former s. 282.1095.

282.7101  Statewide system of regional law enforcement communications.--

(1)  It is the intent and purpose of the Legislature that a statewide system of regional law enforcement communications be developed whereby maximum efficiency in the use of existing radio channels is achieved in order to deal more effectively with the apprehension of criminals and the prevention of crime. To this end, all law enforcement agencies within the state are directed to provide the department with any information the department requests for the purpose of implementing the provisions of subsection (2).

(2)  The department is hereby authorized and directed to develop and maintain a statewide system of regional law enforcement communications. In formulating such a system, the department shall divide the state into appropriate regions and shall develop a program that includes, but is not limited to:

(a)  The communications requirements for each county and municipality comprising the region.

(b)  An interagency communications provision that depicts the communication interfaces between municipal, county, and state law enforcement entities operating within the region.

(c)  A frequency allocation and use provision that includes, on an entity basis, each assigned and planned radio channel and the type of operation, simplex, duplex, or half-duplex, on each channel.

(3)  The department shall adopt any necessary rules and regulations for administering and coordinating the statewide system of regional law enforcement communications.

(4)  The secretary of the department or his or her designee is designated as the director of the statewide system of regional law enforcement communications and, for the purpose of carrying out the provisions of this section, may coordinate the activities of the system with other interested state agencies and local law enforcement agencies.

(5)  A law enforcement communications system may not be established or expanded without the prior approval of the department.

(6)  Within the limits of its capability, the Department of Law Enforcement is encouraged to lend assistance to the department in the development of the statewide system of regional law enforcement communications proposed by this section.

History.--ss. 1, 2, 3, 4, 5, 6, ch. 72-296; s. 1, ch. 77-174; s. 12, ch. 79-8; s. 225, ch. 92-279; s. 55, ch. 92-326; s. 11, ch. 96-388; s. 15, ch. 96-390; s. 7, ch. 98-251; s. 70, ch. 98-279; s. 42, ch. 99-399; s. 12, ch. 2000-164; s. 17, ch. 2001-261; s. 25, ch. 2009-80.

Note.--Former s. 287.29; s. 282.111.

282.711  Remote electronic access services.--The department may collect fees for providing remote electronic access pursuant to s. 119.07(2). The fees may be imposed on individual transactions or as a fixed subscription for a designated period of time. All fees collected under this section shall be deposited in the appropriate trust fund of the program or activity that made the remote electronic access available.

History.--s. 13, ch. 97-241; s. 14, ch. 2000-164; s. 19, ch. 2001-261; s. 37, ch. 2004-335; s. 26, ch. 2009-80.

Note.--Former s. 282.21.