FL H1037

Creates public records exemptions for state agency records identifying detection, investigation, or response practices for suspected or confirmed IT security incidents, including breaches, if disclosure would facilitate unauthorized access or modification of data or IT resources

Makes portions of risk assessments, evaluations, external audits, and other IT security program reports confidential and exempt from public disclosure under the same conditions

Requires all IT security incidents and breaches to be reported to the Agency for State Technology, with breach notifications following s. 501.171 requirements

Authorizes disclosure of confidential records to the Auditor General, Agency for State Technology, FDLE Cybercrime Office, Chief Inspector General (for agencies under the Governor), and may be shared with local governments, other state agencies, or federal agencies for security purposes

Exemptions apply retroactively and are subject to automatic repeal on October 2, 2021, unless reenacted by the Legislature under the Open Government Sunset Review Act