Florida League of Cities

Prohibited Applications on Government-Issued Devices (Monitor) – Passed 

CS/CS/SB 258 (Burgess) requires governmental entities to block all prohibited applications on government-issued devices (e.g., cell phones, laptops or other electronic devices), restrict access to prohibited applications on a government-issued device, and retain the ability remotely wipe and uninstall any prohibited application from a compromised government-issued device. The term “prohibited application” is defined as any internet application that is created, maintained or owned by a foreign principal of a foreign county of concern and that participates in activities that endanger cybersecurity or any internet application that the Department of Management Services (DMS) deems to present a security risk in the form of an unauthorized access to or temporary unavailability of the public employer’s records, digital assets, systems, networks, servers or information. The bill prohibits any person, including an officer or employee of a public employer, from downloading or accessing a prohibited application on a government-issued device. The prohibition does not apply to a law enforcement officer if the use of the prohibited application is necessary to protect safety or to conduct an investigation within the scope of the officer’s employment. An employee or officer of a public employer may apply to the DMS for a waiver of the prohibition. DMS is tasked with compiling and maintaining a list of prohibited applications and publishing the list on its website. DMS is also required to update the list quarterly and provide notice of any update to public employers. Within 15 days after receiving notice of a list update, an employee or officer of a public employer must remove, delete or uninstall any prohibited application from their government-issued device. DMS must establish procedures for granting or denying waivers applied for by government officials or employees seeking to download or access a prohibited application based on the disclosures required to be made in the waiver application submitted to DMS. 

Effective date: July 1, 2023. (Taggart)