(1) Any portion of a risk assessment, an evaluation, an audit, and any other report of the Citizens Property Insurance Corporation‘s information technology security program for its data, information, and information technology resources which are held by the corporation are confidential and exempt from s. 119.07(1) and s. 24(a), Art. I of the State Constitution if the disclosure of such records would facilitate unauthorized access to or the unauthorized modification, disclosure, or destruction of:

(a) Data or information, whether physical or virtual; or

Terms Used In Florida Statutes 627.352

  • Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
  • Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
  • Transcript: A written, word-for-word record of what was said, either in a proceeding such as a trial or during some other conversation, as in a transcript of a hearing or oral deposition.
(b) Information technology resources, which include:

1. Information relating to the security of the corporation’s technologies, processes, and practices designed to protect networks, computers, data processing software, and data from attack, damage, or unauthorized access; or
2. Security information, whether physical or virtual, which relates to the corporation’s existing or proposed information technology systems.
(2) Those portions of a public meeting as specified in s. 286.011 which would reveal data and information described in subsection (1) are exempt from s. 286.011 and s. 24(b), Art. I of the State Constitution. No exempt portion of an exempt meeting may be off the record. All exempt portions of such a meeting must be recorded and transcribed. The recording and transcript of the meeting must remain confidential and exempt from disclosure under s. 119.07(1) and s. 24(a), Art. I of the State Constitution unless a court of competent jurisdiction, following an in camera review, determines that the meeting was not restricted to the discussion of data and information made confidential and exempt by this section. In the event of such a judicial determination, only that portion of the transcript which reveals nonexempt data and information may be disclosed to a third party.
(3) The confidential and exempt records and portions of public meeting recordings and transcripts must be available to the Auditor General, the Cybercrime Office of the Department of Law Enforcement, and the Office of Insurance Regulation. Such records and portions of public meeting recordings and transcripts may be made available to a state or federal agency for security purposes or in furtherance of the agency’s official duties.
(4) The exemptions provided by this section apply to records held by the corporation before, on, or after March 21, 2018.