FL S0624

Create public records exemptions for state agency records identifying detection, investigation, or response practices for information technology security incidents and breaches if disclosure would facilitate unauthorized access to data or IT resources.

Exempt portions of risk assessments, evaluations, external audits, and other reports of state agency information technology security programs that contain information about vulnerabilities or security practices.

Make exempted records available to the Auditor General, Agency for State Technology, Cybercrime Office, Chief Inspector General, and other government entities for IT security purposes or official duties.

Apply exemptions retroactively to records held by state agencies before, on, or after the effective date of the law.

Repeal both exemptions on October 2, 2021, unless the Legislature reviews and reenacts them through the Open Government Sunset Review Act process.