Vetoes Cybersecurity “Safe Harbor” Bill

Florida Governor Vetoes Cybersecurity “Safe Harbor” Bill

By Judy Miller, ERMProtect Managing Director

Florida Governor Ron DeSantis today vetoed a bill that would have extended “safe harbor” from data breach litigation to businesses compliant with certain industry-recognized cybersecurity standards.

The governor said HB 473 would “result in Floridians’ data being less secure as the bill provides across-the-board protections for only substantially complying with standards. This incentivizes doing the minimum when protecting consumer data.’’

The governor said the bill, as passed, “may result in a consumer having inadequate recourse if a breach occurs.’’

DeSantis encouraged the Legislature to come up with an alternative bill that provides “a level of liability protection while also ensuring critical data and operations against cyberattacks are protected as much as possible …”

The bill would have had a major impact on government and businesses, offering them safe harbor from expensive litigation, if they “substantially” implemented security measures considered as best practices within the industry. The bill passed the House on an 81-28 vote on March 1 and the Senate on a 32-8 vote on March 5.

Advocates of the bill said it would incentivize local governments, businesses, and third-party agents that maintain sensitive data to voluntarily comply with industry-recognized cybersecurity frameworks such as those developed by the National Institute for Standards and Technology (NIST) and the Center for Internet Security (CIS) Critical Security Controls.

 

Subscribe to Our Weekly Newsletter

Intelligence and Insights

Digital Forensics Investigation

What Are the 5 Stages of a Digital Forensics Investigation?

In this article, we delve deeply into the five stages of a digital forensics investigation and provide tips on how to select the right digital forensics company …
Comprehensive Guide to Penetration Testing

A Comprehensive Guide to Penetration Testing – Types, Methods, Benefits and Best Practices

This penetration testing guide explains the different types of penetration testing, their benefits, and their purpose …
GDPR Compliance Checklist

GDPR Compliance Checklist: A Guide for U.S. Companies

This article provides a GDPR compliance checklist to guide U.S. companies through a gap analysis and underscores the importance of GDPR compliance …