Bill
Bill > S1216
summary
Introduced
02/25/2025
02/25/2025
In Committee
03/03/2025
03/03/2025
Crossed Over
Passed
Dead
06/16/2025
06/16/2025
Introduced Session
2025 Regular Session
Bill Summary
An act relating to cybersecurity of mortgage brokers and lenders and money services businesses; creating ss. 494.00170 and 560.1215, F.S.; defining terms; requiring licensees to develop and maintain a specified information security program; requiring that such program meet certain criteria; requiring licensees to establish a specified incident response plan; providing requirements for such plan; providing applicability; specifying that a licensee has a specified timeframe to comply with certain provisions; requiring the licensee to maintain a copy of the information security program for a specified period of time; requiring such program to be available upon request or examination; requiring licensees to make a prompt investigation of a cybersecurity event that has occurred or may occur; specifying requirements for such investigation; requiring licensees to complete an investigation or confirm and document that a third party service provider has completed an investigation under certain circumstances; requiring the licensee to maintain specified records and documentation for a specified period of time; requiring the licensee to produce such records and documentation to be available upon request; requiring licensees to provide a specified notice to the Office of Financial Regulation; requiring the licensee to provide a quarterly update of the investigation under certain circumstances; providing construction; authorizing the Financial Services Commission to adopt rules; amending ss. 494.00255 and 560.114, F.S.; revising the actions that constitute grounds for disciplinary actions for mortgage brokers and lenders and grounds for the issuance of a cease and desist order or removal order or the denial, suspension, or revocation of a license of a money service business, respectively; providing an effective date.
AI Summary
This bill establishes comprehensive cybersecurity requirements for mortgage brokers, lenders, and money services businesses in Florida. The legislation mandates that these financial service providers develop and maintain a detailed information security program designed to protect customer nonpublic personal information. The program must include administrative, technical, and physical safeguards tailored to the size and complexity of the business, with specific requirements such as regularly testing systems for potential cyber attacks, monitoring and adjusting security measures, and establishing a written incident response plan for addressing potential cybersecurity events. Businesses must promptly investigate any cybersecurity incidents, determine the nature and scope of the event, and take reasonable measures to restore system security and prevent further unauthorized access. The bill applies to businesses with 20 or more workforce members and 500 or more customers, giving such entities 180 days to comply once they no longer qualify for exemption. Notably, the law requires businesses to maintain investigation records for five years and provide notification to the Office of Financial Regulation for security breaches affecting 500 or more persons. Failure to comply with these notification requirements can result in disciplinary actions, including potential license suspension or revocation. The legislation aims to enhance digital security and protect sensitive customer information in the financial services sector.
Sponsors (1)
Last Action
Died in Banking and Insurance (on 06/16/2025)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location |
|---|---|
| State Bill Page | https://www.flsenate.gov/Session/Bill/2025/1216 |
| BillText | https://www.flsenate.gov/Session/Bill/2025/1216/BillText/Filed/HTML |
Loading...