Florida Senate - 2023                   (PROPOSED BILL) SPB 7042
       
       
        
       FOR CONSIDERATION By the Committee on Banking and Insurance
       
       
       
       
       
       597-02523-23                                          20237042pb
    1                        A bill to be entitled                      
    2         An act relating to a review under the Open Government
    3         Sunset Review Act; amending s. 627.352, F.S., which
    4         provides an exemption from public records requirements
    5         for certain data and information from technology
    6         systems owned by, under contract with, or maintained
    7         by Citizens Property Insurance Corporation and an
    8         exemption from public meetings requirements for
    9         portions of meetings which would reveal such data and
   10         information; removing the scheduled repeal of the
   11         exemptions; providing an effective date.
   12          
   13  Be It Enacted by the Legislature of the State of Florida:
   14  
   15         Section 1. Section 627.352, Florida Statutes, is amended to
   16  read:
   17         627.352 Security of data and information technology in
   18  Citizens Property Insurance Corporation.—
   19         (1) The following data and information from technology
   20  systems owned by, under contract with, or maintained by Citizens
   21  Property Insurance Corporation are confidential and exempt from
   22  s. 119.07(1) and s. 24(a), Art. I of the State Constitution:
   23         (a) Records held by the corporation which identify
   24  detection, investigation, or response practices for suspected or
   25  confirmed information technology security incidents, including
   26  suspected or confirmed breaches, if the disclosure of such
   27  records would facilitate unauthorized access to or unauthorized
   28  modification, disclosure, or destruction of:
   29         1. Data or information, whether physical or virtual; or
   30         2. Information technology resources, including:
   31         a. Information relating to the security of the
   32  corporation’s technologies, processes, and practices designed to
   33  protect networks, computers, data processing software, and data
   34  from attack, damage, or unauthorized access; or
   35         b. Security information, whether physical or virtual, which
   36  relates to the corporation’s existing or proposed information
   37  technology systems.
   38         (b) Those portions of risk assessments, evaluations,
   39  audits, and other reports of the corporation’s information
   40  technology security program for its data, information, and
   41  information technology resources which are held by the
   42  corporation, if the disclosure of such records would facilitate
   43  unauthorized access to or the unauthorized modification,
   44  disclosure, or destruction of:
   45         1. Data or information, whether physical or virtual; or
   46         2. Information technology resources, which include:
   47         a. Information relating to the security of the
   48  corporation’s technologies, processes, and practices designed to
   49  protect networks, computers, data processing software, and data
   50  from attack, damage, or unauthorized access; or
   51         b. Security information, whether physical or virtual, which
   52  relates to the corporation’s existing or proposed information
   53  technology systems.
   54         (2) Those portions of a public meeting as specified in s.
   55  286.011 which would reveal data and information described in
   56  subsection (1) are exempt from s. 286.011 and s. 24(b), Art. I
   57  of the State Constitution. No exempt portion of an exempt
   58  meeting may be off the record. All exempt portions of such a
   59  meeting must be recorded and transcribed. The recording and
   60  transcript of the meeting must remain confidential and exempt
   61  from disclosure under s. 119.07(1) and s. 24(a), Art. I of the
   62  State Constitution unless a court of competent jurisdiction,
   63  following an in camera review, determines that the meeting was
   64  not restricted to the discussion of data and information made
   65  confidential and exempt by this section. In the event of such a
   66  judicial determination, only that portion of the transcript
   67  which reveals nonexempt data and information may be disclosed to
   68  a third party.
   69         (3) The records and portions of public meeting recordings
   70  and transcripts described in subsection (2) must be available to
   71  the Auditor General, the Cybercrime Office of the Department of
   72  Law Enforcement, and the Office of Insurance Regulation. Such
   73  records and portions of meetings, recordings, and transcripts
   74  may be made available to a state or federal agency for security
   75  purposes or in furtherance of the agency’s official duties.
   76         (4) The exemptions provided by this section apply to
   77  records held by the corporation before, on, or after the
   78  effective date of this act.
   79         (5) This section is subject to the Open Government Sunset
   80  Review Act in accordance with s. 119.15 and shall stand repealed
   81  on October 2, 2023, unless reviewed and saved from repeal
   82  through reenactment by the Legislature.
   83         Section 2. This act shall take effect October 1, 2023.