Florida Senate - 2022 SB 7004 By the Committee on Education 581-01010-22 20227004__ 1 A bill to be entitled 2 An act relating to a review under the Open Government 3 Sunset Review Act; amending s. 1004.055, F.S., which 4 provides exemptions from public records and public 5 meetings requirements for specified data or 6 information from technology systems owned, under 7 contract, or maintained by a state university or a 8 Florida College System institution and portions of 9 meetings which would reveal such data and information; 10 removing the scheduled repeal of the exemptions; 11 providing an effective date. 12 13 Be It Enacted by the Legislature of the State of Florida: 14 15 Section 1. Section 1004.055, Florida Statutes, is amended 16 to read: 17 1004.055 Security of data and information technology in 18 state postsecondary education institutions.— 19 (1) All of the following data or information from 20 technology systems owned, under contract, or maintained by a 21 state university or a Florida College System institution is 22 confidential and exempt from s. 119.07(1) and s. 24(a), Art. I 23 of the State Constitution: 24 (a) Records held by the university or institution which 25 identify detection, investigation, or response practices for 26 suspected or confirmed information technology security 27 incidents, including suspected or confirmed breaches, if the 28 disclosure of such records would facilitate unauthorized access 29 to or unauthorized modification, disclosure, or destruction of: 30 1. Data or information, whether physical or virtual; or 31 2. Information technology resources, which include: 32 a. Information relating to the security of the university’s 33 or institution’s technologies, processes, and practices designed 34 to protect networks, computers, data processing software, and 35 data from attack, damage, or unauthorized access; or 36 b. Security information, whether physical or virtual, which 37 relates to the university’s or institution’s existing or 38 proposed information technology systems. 39 (b) Those portions of risk assessments, evaluations, 40 audits, and other reports of the university’s or institution’s 41 information technology security program for its data, 42 information, and information technology resources which are held 43 by the university or institution, if the disclosure of such 44 records would facilitate unauthorized access to or the 45 unauthorized modification, disclosure, or destruction of: 46 1. Data or information, whether physical or virtual; or 47 2. Information technology resources, which include: 48 a. Information relating to the security of the university’s 49 or institution’s technologies, processes, and practices designed 50 to protect networks, computers, data processing software, and 51 data from attack, damage, or unauthorized access; or 52 b. Security information, whether physical or virtual, which 53 relates to the university’s or institution’s existing or 54 proposed information technology systems. 55 (2) Those portions of a public meeting as specified in s. 56 286.011 which would reveal data and information described in 57 subsection (1) are exempt from s. 286.011 and s. 24(b), Art. I 58 of the State Constitution. No exempt portion of an exempt 59 meeting may be off the record. All exempt portions of such a 60 meeting must be recorded and transcribed. The recording and 61 transcript of the meeting must remain confidential and exempt 62 from disclosure under s. 119.07(1) and s. 24(a), Art. 1 of the 63 State Constitution unless a court of competent jurisdiction, 64 following an in camera review, determines that the meeting was 65 not restricted to the discussion of data and information made 66 confidential and exempt by this section. In the event of such a 67 judicial determination, only that portion of the transcript 68 which reveals nonexempt data and information may be disclosed to 69 a third party. 70 (3) The records and portions of public meeting recordings 71 and transcripts described in subsection (1) must be available to 72 the Auditor General; the Cybercrime Office of the Department of 73 Law Enforcement; for a state university, the Board of Governors; 74 and for a Florida College System institution, the State Board of 75 Education. Such records and portions of meetings, recordings, 76 and transcripts may be made available to a state or federal 77 agency for security purposes or in furtherance of the agency’s 78 official duties. 79 (4) The exemptions listed in this section apply to such 80 records or portions of public meetings, recordings, and 81 transcripts held by the university or institution before, on, or 82 after June 14, 2017. 83(5) This section is subject to the Open Government Sunset84Review Act in accordance with s. 119.15 and shall stand repealed85on October 2, 2022, unless reviewed and saved from repeal86through reenactment by the Legislature.87 Section 2. This act shall take effect October 1, 2022.