summary
Introduced
02/26/2025
02/26/2025
In Committee
04/04/2025
04/04/2025
Crossed Over
Passed
Dead
Introduced Session
2025 Regular Session
Bill Summary
An act relating to cybersecurity incident liability; creating s. 768.401, F.S.; providing definitions; providing that a county, municipality, other political subdivision of the state, covered entity, or third- party agent that complies with certain requirements is not liable in connection with a cybersecurity incident under certain circumstances; requiring covered entities and third-party agents to implement revised frameworks, standards, laws, or regulations within a specified time period; providing that a private cause of action is not established; providing that the fact that a specified defendant could have obtained a liability shield or a presumption against liability is not admissible as evidence of negligence, does not constitute negligence per se, and cannot be used as evidence of fault; specifying that the defendant in certain actions has a certain burden of proof; providing applicability; providing an effective date.
AI Summary
This bill creates a new section of Florida law that addresses liability for cybersecurity incidents, establishing protections for counties, municipalities, political subdivisions, covered entities, and third-party agents. The bill defines key terms such as "covered entity" (which includes various types of commercial entities) and "cybersecurity standards or frameworks" (referencing multiple established security frameworks like NIST and ISO standards). It provides a liability shield for organizations that implement comprehensive cybersecurity measures, including specific policies, multi-factor authentication, and disaster recovery plans. Entities can obtain a presumption against liability in class action lawsuits by substantially complying with existing cybersecurity regulations or implementing approved security frameworks. The bill requires organizations to update their cybersecurity programs within one year of any relevant framework or regulatory revisions to maintain liability protection. Importantly, the bill does not create a private right of action, meaning individuals cannot sue directly under this law. If a civil action is filed, the fact that an organization could have obtained liability protection cannot be used as evidence of negligence. In such actions, the defendant bears the burden of proving substantial compliance with the bill's requirements. The law applies retroactively to class action lawsuits filed before, on, or after its effective date.
Committee Categories
Budget and Finance, Government Affairs, Justice
Sponsors (4)
Other Sponsors (2)
Civil Justice & Claims Subcommittee (H), Information Technology Budget & Policy Subcommittee (H)
Last Action
Indefinitely postponed and withdrawn from consideration (on 05/03/2025)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location |
|---|---|
| State Bill Page | https://www.flsenate.gov/Session/Bill/2025/1183 |
| BillText | https://www.flsenate.gov/Session/Bill/2025/1183/BillText/c2/PDF |
| Analysis - Civil Justice & Claims Subcommittee (Post-Meeting) | https://www.flsenate.gov/Session/Bill/2025/1183/Analyses/h1183c.CIV.PDF |
| Analysis - Civil Justice & Claims Subcommittee (Post-Meeting) | https://www.flsenate.gov/Session/Bill/2025/1183/Analyses/h1183b.CIV.PDF |
| Analysis - Information Technology Budget & Policy Subcommittee (Post-Meeting) | https://www.flsenate.gov/Session/Bill/2025/1183/Analyses/h1183a.ITP.PDF |
| BillText | https://www.flsenate.gov/Session/Bill/2025/1183/BillText/c1/PDF |
| https://www.flsenate.gov/Session/Bill/2025/1183/Amendment/456363/PDF | |
| Analysis - Information Technology Budget & Policy Subcommittee (Post-Meeting) | https://www.flsenate.gov/Session/Bill/2025/1183/Analyses/h1183.ITP.PDF |
| BillText | https://www.flsenate.gov/Session/Bill/2025/1183/BillText/Filed/PDF |
Loading...