Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Florida · Title X — Public Officers, Employees, and Records · Chapter 119

119.0725 Agency cybersecurity information; public records exemption; public meetings exemption.

591 words·~3 min read·/fl/title-x/chapter-119/119-0725

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(1)As used in this section, the term:
(a)“Breach” means unauthorized access of data in electronic form containing personal information. Good faith access of personal information by an employee or agent of an agency does not constitute a breach, provided that the information is not used for a purpose unrelated to the business or subject to further unauthorized use.
(b)“Critical infrastructure” means existing and proposed information technology and operational technology systems and assets, whether physical or virtual, the incapacity or destruction of which would negatively affect security, economic security, public health, or public safety.
(c)“Cybersecurity” has the same meaning as in s. 282.0041 .
(d)“Data” has the same meaning as in s. 282.0041 .
(e)“Incident” means a violation or imminent threat of violation, whether such violation is accidental or deliberate, of information technology resources, security, policies, or practices. As used in this paragraph, the term “imminent threat of violation” means a situation in which the agency has a factual basis for believing that a specific incident is about to occur.
(f)“Information technology” has the same meaning as in s. 282.0041 .
(g)“Operational technology” means the hardware and software that cause or detect a change through the direct monitoring or control of physical devices, systems, processes, or events.
(2)The following information held by an agency is confidential and exempt from s. 119.07
(1)and s. 24(a), Art. I of the State Constitution:
(a)Coverage limits and deductible or self-insurance amounts of insurance or other risk mitigation coverages acquired for the protection of information technology systems, operational technology systems, or data of an agency.
(b)Information relating to critical infrastructure.
(c)Cybersecurity incident information reported pursuant to s. 282.318 or s. 282.3185 .
(d)Network schematics, hardware and software configurations, or encryption information or information that identifies detection, investigation, or response practices for suspected or confirmed cybersecurity incidents, including suspected or confirmed breaches, if the disclosure of such information would facilitate unauthorized access to or unauthorized modification, disclosure, or destruction of:
1. Data or information, whether physical or virtual; or
2. Information technology resources, which include an agency’s existing or proposed information technology systems.
(3)Any portion of a meeting that would reveal information made confidential and exempt under subsection
(2)is exempt from s. 286.011 and s. 24(b), Art. I of the State Constitution. An exempt portion of a meeting may not be off the record and must be recorded and transcribed. The recording and transcript are confidential and exempt from s. 119.07
(1)and s. 24(a), Art. I of the State Constitution.
(4)The public records exemptions contained in this section apply to information held by an agency before, on, or after July 1, 2022.
(5)(a) Information made confidential and exempt pursuant to this section shall be made available to a law enforcement agency, the Auditor General, the Cybercrime Office of the Department of Law Enforcement, the Florida Digital Service within the Department of Management Services, and, for agencies under the jurisdiction of the Governor, the Chief Inspector General.
(b)Such confidential and exempt information may be disclosed by an agency in the furtherance of its official duties and responsibilities or to another agency or governmental entity in the furtherance of its statutory duties and responsibilities.
(6)Agencies may report information about cybersecurity incidents in the aggregate.
(7)This section is subject to the Open Government Sunset Review Act in accordance with s. 119.15 and shall stand repealed on October 2, 2026, unless reviewed and saved from repeal through reenactment by the Legislature.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.