DeSantis vetoes bill that would have exempted certain entities from liability for cybersecurity incidents

Related video above: DeSantis signs bill to ban intentional balloon launches

TAMPA, Fla. (WFLA) – Florida Governor Ron DeSantis on Wednesday vetoed a bill that would have exempted certain companies from liability for cybersecurity incidents.

DeSantis vetoed HB 473, saying the bill was too broad and would make Florida citizens’ data less secure.

The bill stated that counties, municipalities, political subdivisions, covered entities or third-party agents that met certain requirements would not be held liable for a cybersecurity incident.

If a company implements a cybersecurity program that meets a set of current standards, it cannot be held liable in the event of a cybersecurity incident.

“As passed, the bill could result in Florida citizens’ data being less secure because it provides broad protections for compliance standards,” DeSantis wrote. “This creates incentives to do only the minimum in protecting consumer data. While my administration has prioritized measures to reduce frivolous lawsuits, the bill before me today may result in a consumer lacking adequate recourse in the event of a violation.”

DeSantis urged lawmakers to explore possible alternatives with the Florida Cybersecurity Advisory Council to find a solution that “provides some level of liability protection while ensuring that critical data and operations are as protected as possible from cyberattacks – the disruptions that come with the release of potentially sensitive information.”