Florida Senate - 2022                                    SB 1740
       
       
        
       By Senator Wright
       
       
       
       
       
       14-00739-22                                           20221740__
    1                        A bill to be entitled                      
    2         An act relating to public records and public meetings;
    3         amending s. 119.0713, F.S.; providing an exemption
    4         from public records requirements for certain
    5         information held by a utility owned or operated by a
    6         unit of local government; providing for retroactive
    7         application; providing for future legislative review
    8         and repeal of the exemption; reenacting s.
    9         286.0113(3), F.S., relating to an exemption from
   10         public meetings requirements for portions of meetings
   11         held by a utility owned or operated by a unit of local
   12         government which would reveal certain information, to
   13         incorporate the amendment made to s. 119.0713, F.S.,
   14         in a reference thereto; providing a statement of
   15         public necessity; providing an effective date.
   16          
   17  Be It Enacted by the Legislature of the State of Florida:
   18  
   19         Section 1. Subsection (5) of section 119.0713, Florida
   20  Statutes, is amended to read:
   21         119.0713 Local government agency exemptions from inspection
   22  or copying of public records.—
   23         (5)(a) The following information held by a utility owned or
   24  operated by a unit of local government is exempt from s.
   25  119.07(1) and s. 24(a), Art. I of the State Constitution:
   26         1. Information related to the security of the technology,
   27  processes, or practices of a utility owned or operated by a unit
   28  of local government that are designed to protect the utility’s
   29  networks, computers, programs, and data from attack, damage, or
   30  unauthorized access, which information, if disclosed, would
   31  facilitate the alteration, disclosure, or destruction of such
   32  data or information technology resources.
   33         2. Information related to the security of existing or
   34  proposed information technology systems or industrial control
   35  technology systems of a utility owned or operated by a unit of
   36  local government, which, if disclosed, would facilitate
   37  unauthorized access to, and alteration or destruction of, such
   38  systems in a manner that would adversely impact the safe and
   39  reliable operation of the systems and the utility.
   40         3. Information related to threat detection, defense,
   41  deterrence, or response plans and actions for information
   42  technology and operational technology systems of a utility owned
   43  or operated by a unit of local government, including, but not
   44  limited to, plans and actions made or taken in response to a
   45  ransomware attack or other cyberattack on, or threat to,
   46  information technology or operational technology systems.
   47         4.Information related to insurance or other risk
   48  mitigation products or coverages, including, but not limited to,
   49  deductible or self-insurance amounts, coverage limits, and
   50  policy terms and conditions for the protection of the
   51  information technology and operational technology systems and
   52  data of a utility owned or operated by a unit of local
   53  government.
   54         5.Information created or received by a utility owned or
   55  operated by a unit of local government which has been submitted
   56  for review as, or designated as, critical energy/electric
   57  infrastructure information (CEII) pursuant to federal law by the
   58  Federal Energy Regulatory Commission or the United States
   59  Department of Energy.
   60         6. Customer meter-derived data and billing information in
   61  increments less than one billing cycle.
   62         (b) This exemption applies to such information held by a
   63  utility owned or operated by a unit of local government before,
   64  on, or after the effective date of this exemption.
   65         (c) This subsection is subject to the Open Government
   66  Sunset Review Act in accordance with s. 119.15 and shall stand
   67  repealed on October 2, 2024, unless reviewed and saved from
   68  repeal through reenactment by the Legislature.
   69         Section 2. For the purpose of incorporating the amendment
   70  made by this act to section 119.0713, Florida Statutes, in a
   71  reference thereto, subsection (3) of section 286.0113, Florida
   72  Statutes, is reenacted to read:
   73         286.0113 General exemptions from public meetings.—
   74         (3)(a) That portion of a meeting held by a utility owned or
   75  operated by a unit of local government which would reveal
   76  information that is exempt under s. 119.0713(5) is exempt from
   77  s. 286.011 and s. 24(b), Art. I of the State Constitution. All
   78  exempt portions of such a meeting must be recorded and
   79  transcribed. The recording and transcript of the meeting are
   80  exempt from disclosure under s. 119.07(1) and s. 24(a), Art. I
   81  of the State Constitution unless a court of competent
   82  jurisdiction, following an in camera review, determines that the
   83  meeting was not restricted to the discussion of data and
   84  information made exempt by this section. In the event of such a
   85  judicial determination, only the portion of the recording or
   86  transcript which reveals nonexempt data and information may be
   87  disclosed to a third party.
   88         (b) This subsection is subject to the Open Government
   89  Sunset Review Act in accordance with s. 119.15 and shall stand
   90  repealed on October 2, 2024, unless reviewed and saved from
   91  repeal through reenactment by the Legislature.
   92         Section 3. (1)The Legislature finds that it is a public
   93  necessity that information related to threat detection, defense,
   94  deterrence, or response plans and actions for information
   95  technology and operational technology systems of a utility owned
   96  or operated by a unit of local government; information related
   97  to insurance or other risk mitigation products or coverages for
   98  the protection of the information technology and operational
   99  technology systems and data of a utility owned or operated by a
  100  unit of local government; and information created or received by
  101  a utility owned or operated by a unit of local government which
  102  has been submitted for review as, or designated as, critical
  103  energy/electric infrastructure information (CEII) pursuant to
  104  federal law by the Federal Energy Regulatory Commission or the
  105  United States Department of Energy be made exempt from s.
  106  119.07(1), Florida Statutes, and s. 24(a), Article I of the
  107  State Constitution. The Legislature further finds that it is a
  108  public necessity that those portions of meetings held by a
  109  utility owned or operated by a unit of local government which
  110  would reveal such information be made exempt from s. 286.011,
  111  Florida Statutes, and s. 24(b), Article I of the State
  112  Constitution.
  113         (2)The Legislature finds that multiple states are
  114  developing rules to better facilitate the exchange of sensitive
  115  information needed to protect critical energy, water, natural
  116  gas, and wastewater infrastructure from cyberattacks and other
  117  threats. As the electric grid continues to integrate more
  118  information and communication technologies and as states look to
  119  partner more closely with utilities on energy assurance and
  120  resiliency, the sensitivity of information being shared and the
  121  threats from increased connectivity will grow. Maintaining safe
  122  and reliable utility systems is vital to protecting the public
  123  health and safety and ensuring the economic well-being of this
  124  state.
  125         (3)The Legislature finds that the public and private harm
  126  in disclosing the information under subsection (1) outweighs any
  127  public benefit derived from the disclosure of cybersecurity
  128  threat detection, defense, and informational or operational
  129  technology systems of a utility owned or operated by a unit of
  130  local government. Cyber criminals continually seek information
  131  relating to the insurance coverage or other risk mitigation
  132  products that utilities employ to defend against such attacks.
  133  Critical infrastructure, as well as the assets of such
  134  utilities, should be protected, and the protection of
  135  information under subsection (1) will ensure the sensitive
  136  information held by utilities is not publicly available to be
  137  used against them at a later date.
  138         Section 4. This act shall take effect July 1, 2022.