Florida Gov. Ron DeSantis (R) last week vetoed legislation that would have made companies immune from data breach lawsuits in certain instances.
CS/CS/HB 473 was passed by the Florida House of Representatives and the Florida Senate on March 1 and March 5, respectively. The legislation was meant to protect counties and municipalities from legal action as long as they followed certain protocols to prevent a data breach.
“The bill also would have shielded companies from liability lawsuits over data breaches if they had implemented specific notice protocols and cybersecurity programs,” Florida Politics reported.
As passed, the governor wrote in his June 26 veto, “the legislation could result in Floridians’ data being less secure as the bill provides across-the-board protections for only substantially complying with standards. This incentivizes doing the minimum when protecting consumer data.”
Proponents of the bill claimed the legislation could have helped business and consumers.
“It’s great for consumers,” Bradley Arant attorney Alexis Buese told Spectrum Bay News 9. “It’s encouraging businesses to be as scrupulous as they can to protect their data, but it’s also great for businesses, because, hopefully, it can protect some of the costs from the class action lawsuits.” Buese also testified in January before the Florida House’s Commerce Committee.
DeSantis encouraged lawmakers to work with the Florida Cybersecurity Advisory Council to develop alternatives to the bill that would “provide a level of liability protection while also ensuring critical data and operations against cyberattacks are protected as much as possible — the disruption that comes with the release of potentially sensitive information.”
