SECTION 627.352. Security of data and information technology in Citizens Property Insurance Corporation.
Latest version.
1(1) 2The following data and information from technology systems owned by, under contract with, or maintained by Citizens Property Insurance Corporation are confidential and exempt from s. 28119.07(1)29and s. 24(a), Art. I of the State Constitution:
38(a) 39Records held by the corporation which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents, including suspected or confirmed breaches, if the disclosure of such records would facilitate unauthorized access to or unauthorized modification, disclosure, or destruction of:
821. 83Data or information, whether physical or virtual; or
96a. 97Information relating to the security of the corporation’s technologies, processes, and practices designed to protect networks, computers, data processing software, and data from attack, damage, or unauthorized access; or
126b. 127Security information, whether physical or virtual, which relates to the corporation’s existing or proposed information technology systems.
144(b) 145Those portions of risk assessments, evaluations, audits, and other reports of the corporation’s information technology security program for its data, information, and information technology resources which are held by the corporation, if the disclosure of such records would facilitate unauthorized access to or the unauthorized modification, disclosure, or destruction of:
1951. 196Data or information, whether physical or virtual; or
2042. 205Information technology resources, which include:
210a. 211Information relating to the security of the corporation’s technologies, processes, and practices designed to protect networks, computers, data processing software, and data from attack, damage, or unauthorized access; or
240b. 241Security information, whether physical or virtual, which relates to the corporation’s existing or proposed information technology systems.
258(2) 259Those portions of a public meeting as specified in s. 269286.011270which would reveal data and information described in subsection (1) are exempt from s. 284286.011285and s. 24(b), Art. I of the State Constitution. No exempt portion of an exempt meeting may be off the record. All exempt portions of such a meeting must be recorded and transcribed. The recording and transcript of the meeting must remain confidential and exempt from disclosure under s. 334119.07(1)335and s. 24(a), Art. 1 of the State Constitution unless a court of competent jurisdiction, following an in camera review, determines that the meeting was not restricted to the discussion of data and information made confidential and exempt by this section. In the event of such a judicial determination, only that portion of the transcript which reveals nonexempt data and information may be disclosed to a third party.
403(3) 404The records and portions of public meeting recordings and transcripts described in subsection (2) must be available to the Auditor General, the Cybercrime Office of the Department of Law Enforcement, and the Office of Insurance Regulation. Such records and portions of meetings, recordings, and transcripts may be made available to a state or federal agency for security purposes or in furtherance of the agency’s official duties.
470(4) 471The exemptions provided by this section apply to records held by the corporation before, on, or after the effective date of this act.
494(5) 495This section is subject to the Open Government Sunset Review Act in accordance with s. 510119.15511and shall stand repealed on October 2, 2023, unless reviewed and saved from repeal through reenactment by the Legislature.
