CS/SB 624 — Public Records/State Agency Information Technology Security Programs
by Governmental Oversight and Accountability Committee and Senator Hays
This summary is provided for information only and does not represent the opinion of any Senator, Senate Officer, or Senate Office.
Prepared by: Governmental Oversight and Accountability Committee (GO)
This bill makes confidential and exempt from public disclosure requirements information relating to how an agency detects, investigates or responds to information technology (IT) security incidents if the disclosure of such IT security information would facilitate the unauthorized access, modification, disclosure or destruction of data or IT resources. The bill provides that IT resources include an agency’s networks, computers, software, as well as information related to an agency’s IT systems.
The bill also makes confidential and exempt from public disclosure requirements portions of risk assessments, external audits, evaluations or other reports of a state agency’s IT security program. Such information is confidential and exempt if the information would facilitate unauthorized modification, disclosure or destruction of data or IT resources.
Both exemptions require agencies to release confidential and exempt information to the Auditor General, AST, FDLE, and the Chief Inspector General. Agencies have the discretion to release confidential and exempt information to local governments, state agencies or federal agencies.
These exemptions have retroactive application and will be repealed on October 2, 2021, unless saved from repeal by the Legislature, pursuant to the Open Government Sunset Review Act. Finally, the bill includes legislative findings which provide the public necessity for each exemption.
If approved by the Governor, these provisions take effect upon becoming law.
Vote: Senate 37-0; House 112-0