Fla. Stat. § 119.0725 Agency Cybersecurity Information; Public Records Exemption; Public Meetings Exemption

LibraryFlorida Statutes
Edition2023
Year2023
CitationFla. Stat. § 119.0725

(1) As used in this section, the term:

(a) "Breach" means unauthorized access of data in electronic form containing personal information. Good faith access of personal information by an employee or agent of an agency does not constitute a breach, provided that the information is not used for a purpose unrelated to the business or subject to further unauthorized use.

(b) "Critical infrastructure" means existing and proposed information technology and operational technology systems and assets, whether physical or virtual, the incapacity or destruction of which would negatively affect security, economic security, public health, or public safety.

(c) "Cybersecurity" has the same meaning as in s. 282.0041.

(d) "Data" has the same meaning as in s. 282.0041.

(e) "Incident" means a violation or imminent threat of violation, whether such violation is accidental or deliberate, of information technology resources, security, policies, or practices. As used in this paragraph, the term "imminent threat of violation means a situation in which the agency has a factual basis for believing that a specific incident is about to occur.

(f) "Information technology" has the same meaning as in s. 282.0041.

(g) "Operational technology" means the hardware and software that cause or detect a change through the direct monitoring or control of physical devices, systems, processes, or events.

(2) The following information held by an agency is confidential and exempt from s. 119.07(1) and s. 24(a), Art. I of the State Constitution:

(a) Coverage limits and deductible or self-insurance amounts of insurance or other risk mitigation coverages acquired for the protection of information technology systems, operational technology systems, or data of an agency.

(b) Information relating to critical infrastructure.

(c) Cybersecurity incident information reported pursuant to s. 282.318 or s. 282.3185.

(d) Network schematics, hardware and software configurations, or encryption information or information that identifies detection, investigation, or response practices for suspected or confirmed cybersecurity incidents, including suspected or confirmed breaches, if the disclosure of such information would facilitate unauthorized access to or unauthorized modification, disclosure, or destruction of:

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT