Senate committee advances cybersecurity bill that creates liability presumption for compliant entities
January 26, 2026 | 2026 Legislature FL, Florida
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
The Senate Committee on Governmental Oversight and Accountability on Tuesday advanced SB 692, a bill proposing a presumption against liability for businesses and protections for local governments that align with updated cybersecurity frameworks.
Sponsor Senator Leith said the proposal is “a proactive attempt to incentivize businesses to do everything they can to prevent cyberattacks and data breaches,” explaining that entities that demonstrate compliance with the updated frameworks and incident-reporting rules would receive a presumption against negligence claims.
The committee adopted amendment barcode 434400, explained by Senator Leake, which bars local governments from imposing cybersecurity requirements on vendors that exceed the state standard (pegged to generally accepted best practices including the NIST framework) and applies to contracts entered into or amended on or after July 1, 2026. Chair Mayfield called the amendment adopted after two organizations waived in support.
Opponents raised concerns about the bill’s practical effect on accountability. Laura Yeoman of the Florida Justice Association said the local-government provision “would get this immunity simply for adopting a policy without any regard for actual operational compliance,” arguing that a policy-only approach could shield governments from scrutiny and that a retroactivity clause could affect pending class actions.
Supporters from the business and policy community said the bill strikes a balance by encouraging reporting and adoption of modern cybersecurity practices. Adam Bassford of the Association of Industry of Florida said, “We feel like this bill strikes that fantastic balance,” while Turner Lozel of the James Madison Institute said protections will incentivize reporting to law enforcement and strengthen statewide awareness of threats.
Sponsor closing remarks emphasized compliance obligations beyond policy adoption, including disaster recovery plans and multi-factor authentication, and said the protections require proof of operational compliance. The committee later reported the committee substitute for SB 692 favorably by roll call.
What’s next: SB 692 will move on from committee as reported favorably; committees and chambers next in line will consider the committee substitute per the Senate process.
Sponsor Senator Leith said the proposal is “a proactive attempt to incentivize businesses to do everything they can to prevent cyberattacks and data breaches,” explaining that entities that demonstrate compliance with the updated frameworks and incident-reporting rules would receive a presumption against negligence claims.
The committee adopted amendment barcode 434400, explained by Senator Leake, which bars local governments from imposing cybersecurity requirements on vendors that exceed the state standard (pegged to generally accepted best practices including the NIST framework) and applies to contracts entered into or amended on or after July 1, 2026. Chair Mayfield called the amendment adopted after two organizations waived in support.
Opponents raised concerns about the bill’s practical effect on accountability. Laura Yeoman of the Florida Justice Association said the local-government provision “would get this immunity simply for adopting a policy without any regard for actual operational compliance,” arguing that a policy-only approach could shield governments from scrutiny and that a retroactivity clause could affect pending class actions.
Supporters from the business and policy community said the bill strikes a balance by encouraging reporting and adoption of modern cybersecurity practices. Adam Bassford of the Association of Industry of Florida said, “We feel like this bill strikes that fantastic balance,” while Turner Lozel of the James Madison Institute said protections will incentivize reporting to law enforcement and strengthen statewide awareness of threats.
Sponsor closing remarks emphasized compliance obligations beyond policy adoption, including disaster recovery plans and multi-factor authentication, and said the protections require proof of operational compliance. The committee later reported the committee substitute for SB 692 favorably by roll call.
What’s next: SB 692 will move on from committee as reported favorably; committees and chambers next in line will consider the committee substitute per the Senate process.
Don't Miss a Word: See the Full Meeting!
Go beyond summaries. Unlock every video, transcript, and key insight with a Founder Membership.
✓
Get instant access to full meeting videos
✓
Search and clip any phrase from complete transcripts
✓
Receive AI-powered summaries & custom alerts
✓
Enjoy lifetime, unrestricted access to government data
30-day money-back guarantee
