Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms

We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions of the State Cybersecurity Act (the Act), which became effective on July 1.

Among other things, the Act now requires that if a Florida state agency, county or municipality experiences a ransomware incident, it must provide notice to Florida’s Cybersecurity Operations Center[1] and the Cybercrime Office of the Department of Law Enforcement[2] (and in the case of a local government, to the sheriff with jurisdiction over that local government) within 12 hours of discovery. The report must include at least the following:

A summary of the facts surrounding the incident. The date on which the agency most recently backed up its data, the physical location of the backup, whether the backup was encrypted by

Read more

Explore the site

More from the blog

Latest News