Elise Elam and Benjamin Wanger of BakerHostetler write:
We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions of the State Cybersecurity Act (the Act), which became effective on July 1.
Among other things, the Act now requires that if a Florida state agency, county or municipality experiences a ransomware incident, it must provide notice to Florida’s Cybersecurity Operations Center[1] and the Cybercrime Office of the Department of Law Enforcement[2] (and in the case of a local government, to the sheriff with jurisdiction over that local government) within 12 hours of discovery.
Read more at Data Counsel.