A new bill recently signed by Florida Governor Rick Scott exempts the state's agencies from publicly releasing some critical information about security breaches and audits.
The new law allows agencies to withhold the disclosure of critical information from a breach that could lead to further unauthorized access or destruction of the data, according to a report by On The Wire. Florida state agencies still must disclose general information about a case, including the type of data and the number of individuals affected in the breach.
Agencies also still must provide all information about a breach to law enforcement agencies such as the Florida Department of Law Enforcement and the state inspector general.
The law says that “Records held by a state agency which identify detection, investigation, or response practices for suspected or confirmed information technology security incidents, including suspected or confirmed breaches, are confidential and exempt from s. 38 119.07(1) and s. 24(a), Art. I of the State Constitution, if the disclosure of such records would facilitate unauthorized access to or the unauthorized modification, disclosure, or destruction of: a. Data or information, whether physical or virtual; or b. Information technology resources.”
For more information on Florida's new data disclosure law, read the On The Wire article.