This document does not reflect the intent or official position of the bill sponsor or House of Representatives.
STORAGE NAME: h7047z1.EEG.DOCX
DATE: 3/25/2024
HOUSE OF REPRESENTATIVES STAFF FINAL BILL ANALYSIS
BILL #: HB 7047 PCB EEG 24-07 OGSR/Utility Owned or Operated by a Unit of Local
Government
SPONSOR(S): Ethics, Elections & Open Government Subcommittee; Porras
TIED BILLS: IDEN./SIM. BILLS: CS/SB 7006
FINAL HOUSE FLOOR ACTION: 115 Y’s
0 N’s GOVERNOR’S ACTION: Approved
SUMMARY ANALYSIS
HB 7047 passed the House on March 5, 2024, as CS/SB 7006.
The Open Government Sunset Review Act (OGSR Act) requires the Legislature to review each public record
exemption and each public meeting exemption five years after enactment. If the Legislature does not reenact
the exemption, it automatically repeals on October 2
nd
of the fifth year after enactment.
Municipalities are authorized by general law to provide water and sewer utility services, as well as electric and
natural gas utility services. Counties are authorized to provide water and sewer utility services both within their
individual boundaries and in adjoining counties.
Current law provides public record exemptions for information held by a utility owned or operated by a unit of
local government (local government utility) related to the security of its information technology (I.T.) and
customer meter-derived data and billing information in increments of less than one billing cycle. Current law
also provides a public meeting exemption for those portions of meetings held by a local government utility that
would reveal information related to the security of its I.T. and customer meter-derived data and billing
information. Any closed portion of such meeting must be recorded and transcribed and such recordings and
transcripts are exempt from public record requirements.
Current law provides a general public record exemption, applicable to all agencies, for certain information
related to cybersecurity. Pursuant to the OGSR Act, the general public record exemption for cybersecurity
information will repeal on October 2, 2027, unless reviewed and saved from repeal by the Legislature.
The bill extends the repeal date for the public record exemptions related to local government utility I.T. security
information and the public meeting exemption to October 2, 2027, to coincide with the OGSR repeal date of the
general cybersecurity exemption. The bill saves from repeal the public record exemption for customer meter-
derived data and billing information, which will repeal on October 2, 2024, if this bill does not become law.
The bill does not appear to have a fiscal impact on state government or local governments.
The bill was approved by the Governor on March 22, 2024, ch. 2024-24, L.O.F., and will become effective on
October 1, 2024.
STORAGE NAME: h7047z1.EEG.DOCX PAGE: 2
DATE: 3/25/2024
I. SUBSTANTIVE INFORMATION
A. EFFECT OF CHANGES:
Background
Open Government Sunset Review Act
The Open Government Sunset Review Act (OGSR Act)
1
sets forth a legislative review process for
newly created or substantially amended public record or public meeting exemptions. It requires an
automatic repeal of the exemption on October 2
nd
of the fifth year after creation or substantial
amendment, unless the Legislature reenacts the exemption.
2
The OGSR Act provides that a public record or public meeting exemption may be created or
maintained only if it serves an identifiable public purpose. In addition, it may be no broader than is
necessary to meet one of the following purposes:
Allow the state or its political subdivisions to effectively and efficiently administer a
governmental program, which administration would be significantly impaired without the
exemption.
Protect sensitive personal information that, if released, would be defamatory or would
jeopardize an individual’s safety; however, only the identity of an individual may be exempted
under this provision.
Protect trade or business secrets.
3
If, and only if, in reenacting an exemption that will repeal, the exemption is expanded, then a public
necessity statement and a two-thirds vote for passage are required. If the exemption is reenacted with
grammatical or stylistic changes that do not expand the exemption, if the exemption is narrowed, or if
an exception to the exemption is created, then a public necessity statement and a two-thirds vote are
not required.
4
Local Government Utilities
The Florida Constitution grants municipalities the governmental, corporate, and proprietary powers
necessary to enable them to conduct municipal government, perform municipal functions, and render
municipal services, and permits them to exercise any power for municipal purposes, except when
expressly prohibited by law.
5
Counties not operating under a charter have the power of self-government as provided by general or
special law, while charter counties have all powers of self-government not inconsistent with general law
or with special law approved by the county electors.
6
Counties are authorized by general law to provide
water and sewer utility services both within their individual boundaries and in adjoining counties.
7
Municipalities are authorized by general law to provide water and sewer utility services
8
as well as
natural gas services
9
and electric and gas utilities
10
1
Section 119.15, F.S.
2
Section 119.15(3), F.S.
3
Section 119.15(6)(b), F.S.
4
Article I, s. 24(c), FLA. CONST.
5
Article VIII, s. 2(b), FLA. CONST.
6
Article VIII, s. 1(f)-(g), FLA. CONST.
7
Sections. 125.01(1)(k)1., F.S. and 153.03, F.S.
8
Pursuant to s. 180.06, F.S., a municipality may “provide water and alternative water supplies;” “provide for the collection and
disposal of sewage, including wastewater reuse, and other liquid wastes;” and “construct reservoirs, sewerage systems, trunk sewers,
intercepting sewers, pumping stations, wells, siphons, intakes, pipelines, distribution systems, purification works, collection systems,
treatment and disposal works” to accomplish these purposes.
9
Section 180.06(8), F.S.
10
Chapter. 366, F.S.
STORAGE NAME: h7047z1.EEG.DOCX PAGE: 3
DATE: 3/25/2024
Florida Public Service Commission
The Florida Public Service Commission (PSC) ensures Florida’s consumers receive utility services,
including electric, natural gas, telephone, water, and wastewater, “in a safe, affordable, and reliable
manner.”
11
The PSC primarily regulates investor owned utilities but is able to exercise limited authority
over publicly owned utilities in the following areas:
12
Rate base or economic regulation.
Competitive market oversight.
Monitoring of safety, reliability, and service.
Utility Customer Consumption Data
Traditional, analog utility meters record consumption at a utility customer’s premises. On a regular,
periodic basis, the meter is “read” in person by a utility employee to determine how much of the utility’s
service — electric, natural gas, or water/wastewater — was used at the premises since the last meter
reading. This data is used by the utility for purposes of customer billing. In recent years, utilities have
deployed, to varying degrees, newer “smart meter”
13
technologies that measure a utility customer’s
consumption on a more frequent basis (e.g., hourly) and transmit this data automatically and wirelessly
to the utility. The utility still uses this data for billing purposes but can also use it to monitor its system
and identify and locate problems more quickly.
14
Cybersecurity Public Record Exemption
In 2022, the Legislature created a general public record exemption applicable to all agencies
15
for the
certain information related to cybersecurity.
16
Specifically, s. 119.0725, F.S., provides that the following
information is confidential and exempt
17
from public record requirements:
Information related to critical infrastructure.
18
Network schematics, hardware and software configurations, or encryption information or
information that identifies detection, investigation, or response practices for suspected or
confirmed cybersecurity incidents, including suspected or confirmed breaches, if the disclosure
of such information would facilitate unauthorized access to or unauthorized modification,
disclosure, or destruction of:
o Data or information, whether physical or virtual; or
o Information technology (I.T.) resources, which include an agency’s existing or proposed
I.T. systems.
Coverage limits and deductible or self-insurance amounts of insurance or other risk mitigation
coverages acquired for the protection of I.T. systems, operational technology systems, or data
of an agency.
11
Florida Public Service Commission, About, available at https://www.psc.state.fl.us/about (last visited March 13, 2024).
12
Florida Public Service Commission, 2022 Annual Report, available at https://www.floridapsc.com/pscfiles/website-
files/PDF/Publications/Reports/General/AnnualReports/2022.pdf (last visited March 13, 2024)
13
See Florida Public Service Commission, Smart Meters, available at https://www.floridapsc.com/pscfiles/website-
files/pdf/Utilities/Electricgas/SmartMeters/SmartMeter.pdf (last visited March 13, 2024).
14
Id.
15
“Agency” means any state, county, district, authority, or municipal officer, department, division, board, bureau, commission, or
other separate unit of government created or established by law including, for the purposes of ch. 119, F.S., the Commission on Ethics,
the Public Service Commission, and the Office of Public Counsel, and any other public or private agency, person, partnership,
corporation, or business entity acting on behalf of any public agency. Section 119.011(2), F.S.
16
See s. 119.0725, F.S.
17
There is a difference between records the Legislature designates exempt from public record requirements and those the Legislature
designates confidential and exempt. A record classified as exempt from public disclosure may be disclosed under certain
circumstances. See WFTV, Inc. v. Sch. Bd. of Seminole, 874 So.2d 48, 53 (Fla. 5th DCA 2004), review denied, 892 So.2d 1015 (Fla.
2004); State v. Wooten, 260 So. 3d 1060, 1070 (Fla. 4th DCA 2018); City of Rivera Beach v. Barfield, 642 So.2d 1135 (Fla. 4th DCA
1994); Williams v. City of Minneola, 575 So.2d 683, 687 (Fla. 5th DCA 1991). If the Legislature designates a record as confidential
and exempt from public disclosure, such record may not be released by the custodian of public records to anyone other than the
persons or entities specifically designated in statute. See Op. Att’y Gen. Fla. 04- 09 (2004).
18
“Critical infrastructure” means existing and proposed information technology and operation technology systems and assets, whether
physical and virtual, the incapacity or destruction of which would negatively affect security, economic security, public health, or
public safety. Section 119.0725(1)(b), F.S.
STORAGE NAME: h7047z1.EEG.DOCX PAGE: 4
DATE: 3/25/2024
Cybersecurity incident information contained in certain reports.
The Legislature also created a public meeting exemption for any portion of a meeting that would reveal
the confidential and exempt information, and required any portion of an exempt meeting to be recorded
and transcribed.
19
The recording and transcript are confidential and exempt from public record
requirements.
20
Public Record and Public Meeting Exemptions under Review
In 2016, the Legislature created a public record exemption for the following information held by a
utility
21
owned or operated by a unit of local government (local government utility):
Information related to the security of a local government utility's technology, processes, and
practices designed to protect the utility’s networks, computers, programs, and data from attack,
damage, or unauthorized access that, if disclosed, would facilitate the alteration, disclosure, or
destruction of such data or I.T. resources.
Information related to the security of a local government utility’s existing or proposed I.T.
systems or industrial control technology systems that, if disclosed, would facilitate unauthorized
access to, and alteration or destruction of, such systems in a manner that would adversely
impact the safe and reliable operations of the systems and the utility.
22
The 2016 public necessity statement
23
for the public record exemption for certain I.T. security
information provided that:
[M]any utilities have adopted technologies, processes, and practices designed to
secure data, information technology systems, and industrial control technology
systems. Disclosure of sensitive information related to these security measures
could result in the identification of vulnerabilities that allow a security breach that
damages utility systems and disrupts the safe and reliable operation of such
systems, adversely impacting the public health and safety and the economic well-
being of the state. Because of the interconnected nature of utility systems, a
security breach may also impact national security concerns.
24
In 2019, the Legislature created a public record exemption for customer meter-derived data and billing
information in increments of less than one billing cycle held by a local government utility,
25
and a public
meeting exemption for any portion of a meeting held by a local government utility wherein the protected
local government utility I.T. security information or customer meter-derived data and bill information
would be discussed.
26
All closed portions of the exempt meeting must be recorded and transcribed and
such recording or transcription is exempt from public record requirements.
27
19
Section 119.0725(3), F.S.
20
Id.
21
“Utility” means a person or entity that provides electricity, natural gas, telecommunications, water, chilled water, reuse water, or
wastewater. Section 119.011(15), F.S.
22
Chapter 2016-95, L.O.F., codified as s. 119.0713(5), F.S.
23
Article I, s. 24(c), FLA. CONST., requires each public record exemption to “state with specificity the public necessity justifying the
exemption.”
24
Chapter 2016-95, L.O.F.
25
Chapter 2019-38, LO.F., codified as s. 119.0713(5)(a)3., F.S.
26
Chapter 2019-37, L.O.F., codified as s. 286.0113(3), F.S.
27
Section 286.0113(3)(a), F.S. However, a court of competent jurisdiction, following an in-camera review, may determine that the
meeting was not restricted to the discussion of data and information made exempt, and in that event, the portion of the recording or
transcript which reveals nonexempt data and information may be disclosed to a third party.
STORAGE NAME: h7047z1.EEG.DOCX PAGE: 5
DATE: 3/25/2024
The 2019 public necessity statement for the public record exemption for customer meter-derived data
and billing information provided that:
Smart meters, which can record and transmit detailed data on a customer's use of
utility services, present unique security concerns. These concerns were addressed
in a report released in October 2010 by the United States Department of Energy
titled “Data Access and Privacy Issues related to Smart Grid Technologies.” The
report recommended that customer data be protected from release to third parties.
This detailed customer data can be used to specifically identify minute-by-minute
usage patterns, including the exact appliance or service being used. This
information creates significant security issues for both businesses and
homeowners.
28
The 2019 public necessity statement for the public meeting exemption provided that:
[A]s utility system infrastructure becomes more connected and integrated through
information and communications technology, the exposure to damage from attacks
through such technology grows. These attacks may result in the disruption of utility
services and damage to utility systems. Maintaining safe and reliable utility
systems is vital to protecting the public health and safety and to ensuring the
economic well-being of this state.
29
Pursuant to the OGSR Act, each of the above exemptions will repeal on October 2, 2024, unless
reenacted by the Legislature.
During the 2023 interim, House and Senate committee staff jointly sent questionnaires to city and
county governments. In total, staff received 39 responses from those entities.
30
Most respondents
indicated that they were unaware of any litigation concerning the exemptions under review and had not
encountered any issues interpreting or applying the exemptions. The vast majority of respondents
recommended that the exemptions be reenacted as is, and no respondent recommended eliminating
the public record or public meeting exemptions. As a part of the questionnaire, respondents were asked
whether the local government utility I.T. security exemptions were duplicative of the general
cybersecurity exemption in s. 119.0725, F.S. Some respondents noted there may be overlap between
the exemptions.
Effect of the Bill
The bill extends the repeal date for the public record exemption for local government utility I.T. security
information and the public meeting exemption. The repeal date is extended from October 2, 2024, to
October 2, 2027, to coincide with the OGSR repeal date of the general cybersecurity exemption in s.
119.0725, F.S.
The bill saves from repeal the public record exemption for customer meter-derived data and billing
information in increments of less than one billing cycle held by a local government utility, which
will repeal on October 2, 2024, if this bill does not become law.
28
Chapter 2019-38, L.O.F.
29
Chapter 2019-37, L.O.F.
30
Open Government Sunset Review Questionnaire, Public Records and Public Meetings Related to utilities owned or operated by a
unit of local government, responses on file with the Ethics, Elections & Open Government Subcommittee.
STORAGE NAME: h7047z1.EEG.DOCX PAGE: 6
DATE: 3/25/2024
II. FISCAL ANALYSIS & ECONOMIC IMPACT STATEMENT
A. FISCAL IMPACT ON STATE GOVERNMENT:
1. Revenues:
None.
2. Expenditures:
None.
B. FISCAL IMPACT ON LOCAL GOVERNMENTS:
1. Revenues:
None.
2. Expenditures:
None.
C. DIRECT ECONOMIC IMPACT ON PRIVATE SECTOR:
None.
D. FISCAL COMMENTS:
None.