SB 7024, 1st Eng. — OGSR/Cybersecurity, Information Technology, and Operational Technology Information
by Governmental Oversight and Accountability Committee
This summary is provided for information only and does not represent the opinion of any Senator, Senate Officer, or Senate Office.
Prepared by: Governmental Oversight and Accountability Committee (GO)
The bill consolidates several agency-specific cybersecurity public records and public meeting exemptions into the agency-wide cybersecurity public records and public meeting exemption codified in s. 119.0725, F.S. This, therefore, expands the following agency-specific cybersecurity-related public records exemptions to apply to each state or local governmental agency and any private entity that is acting on its behalf:
- Information relating to processes or practices designed to protect data, information, or existing or proposed information technology (IT) or operational technology.
- Portions of risk assessments, evaluations, audits, and other reports of an agency’s cybersecurity program.
- Login credentials.
- Internet protocol addresses, geolocation data, and other information describing how and when users access public-facing portals.
- Insurance and self-insurance coverage limits, deductibles, and other coverages acquired for the protection of IT, operational technology, or data of an agency.
The exemption repeals on October 2, 2031, unless reviewed and saved by the Legislature.
If approved by the Governor, or allowed to become law without the Governor's signature, these provisions take effect upon becoming law.
Vote: Senate 36-1; House 107-0