Vetoes Cybersecurity “Safe Harbor” Bill

Florida Governor Vetoes Cybersecurity “Safe Harbor” Bill

By Judy Miller, ERMProtect Managing Director

Florida Governor Ron DeSantis today vetoed a bill that would have extended “safe harbor” from data breach litigation to businesses compliant with certain industry-recognized cybersecurity standards.

The governor said HB 473 would “result in Floridians’ data being less secure as the bill provides across-the-board protections for only substantially complying with standards. This incentivizes doing the minimum when protecting consumer data.’’

The governor said the bill, as passed, “may result in a consumer having inadequate recourse if a breach occurs.’’

DeSantis encouraged the Legislature to come up with an alternative bill that provides “a level of liability protection while also ensuring critical data and operations against cyberattacks are protected as much as possible …”

The bill would have had a major impact on government and businesses, offering them safe harbor from expensive litigation, if they “substantially” implemented security measures considered as best practices within the industry. The bill passed the House on an 81-28 vote on March 1 and the Senate on a 32-8 vote on March 5.

Advocates of the bill said it would incentivize local governments, businesses, and third-party agents that maintain sensitive data to voluntarily comply with industry-recognized cybersecurity frameworks such as those developed by the National Institute for Standards and Technology (NIST) and the Center for Internet Security (CIS) Critical Security Controls.

 

Subscribe to Our Weekly Newsletter

Intelligence and Insights

pci dss compliance

Why PCI Standards Are Just the Starting Point for Securing Payment Data

While PCI DSS compliance offers a solid baseline, it is not an all-encompassing solution to build a proactive and resilient data security framework …
pci dss in the cloud

How to Achieve PCI Compliance in the Cloud as Security Controls Evolve

The integration of cloud services with PCI DSS compliance is particularly crucial for enterprises that handle sensitive payment card information …
Digital Forensics Investigation

What Are the 5 Stages of a Digital Forensics Investigation?

In this article, we delve deeply into the five stages of a digital forensics investigation and provide tips on how to select the right digital forensics company …