Florida Senate - 2014 SB 1338
By Senator Ring
29-01179-14 20141338__
1 A bill to be entitled
2 An act relating to public records; amending s.
3 282.318, F.S.; creating an exemption from public
4 records requirements for information relating to the
5 detection or investigation of, or response to,
6 suspected or confirmed security incidents; providing
7 exceptions; providing for retroactive application of
8 the exemption; providing for future review and repeal
9 under the Open Government Sunset Review Act; providing
10 a statement of public necessity; providing an
11 effective date.
12
13 Be It Enacted by the Legislature of the State of Florida:
14
15 Section 1. Paragraph (i) of subsection (4) of section
16 282.318, Florida Statutes, is amended to read:
17 282.318 Enterprise security of data and information
18 technology.—
19 (4) To assist the Agency for Enterprise Information
20 Technology in carrying out its responsibilities, each agency
21 head shall, at a minimum:
22 (i) Develop a process for detecting, reporting, and
23 responding to suspected or confirmed security incidents,
24 including suspected or confirmed breaches consistent with the
25 security rules and guidelines established by the Agency for
26 Enterprise Information Technology.
27 1. Suspected or confirmed information security incidents
28 and breaches must be immediately reported to the Agency for
29 Enterprise Information Technology.
30 2. For incidents involving breaches, agencies shall provide
31 notice in accordance with s. 817.5681 and to the Agency for
32 Enterprise Information Technology in accordance with this
33 subsection.
34 3.a. Information relating to the detection, investigation,
35 or response to any suspected or confirmed security incidents,
36 including suspected or confirmed breaches, which, if disclosed,
37 could facilitate unauthorized access to or unauthorized
38 modification, disclosure, or destruction of data or information
39 technology resources is confidential and exempt from s.
40 119.07(1) and s. 24(a), Art. I of the State Constitution, except
41 that such information shall be available to the Auditor General
42 in performing his or her postauditing duties or to a law
43 enforcement agency in the performance of its official duties and
44 responsibilities.
45 b. This exemption applies to such information held by an
46 agency before, on, or after the effective date of this
47 exemption.
48 c. This subparagraph is subject to the Open Government
49 Sunset Review Act in accordance with s. 119.15 and shall stand
50 repealed on October 2, 2019, unless reviewed and saved from
51 repeal through reenactment by the Legislature.
52 Section 2. The Legislature finds that it is a public
53 necessity that information relating to the detection or
54 investigation of, or response to, suspected or confirmed
55 security incidents, including suspected or confirmed breaches,
56 which, if disclosed, could facilitate unauthorized access to or
57 unauthorized modification, disclosure, or destruction of data or
58 information technology resources be made confidential and exempt
59 from s. 119.07(1), Florida Statutes and s. 24(a), Article I of
60 the State Constitution. The exemption authorizes that such
61 information shall be available to the Auditor General in
62 performing his or her postauditing duties or to a law
63 enforcement agency in the performance of its official duties and
64 responsibilities. The disclosure of such information could
65 potentially compromise the confidentiality, integrity, and
66 availability of agency data and information technology resources
67 which would significantly impair the administration of
68 governmental programs. In addition, the release of such
69 information could result in the identification of other
70 vulnerabilities and further breaches of information technology
71 systems. The sensitive nature of such information necessitates
72 that this information be confidential and exempt from public
73 records requirements to ensure the protection of agency
74 technology, resources, and data.
75 Section 3. This act shall take effect upon becoming a law.