TALLAHASSEE, Fla. — Gov. Ron DeSantis vetoed a bill that would have limited when businesses and local governments could be sued after a cyber attack. 

"As passed, the bill could result in Floridians' data being less secure as the bill provides across-the-board protections for only substantially complying with standards. This incentivizes doing the minimum when protecting consumer data," DeSantis wrote in the veto.

Under House Bill 473, governments and businesses would have had to substantially comply with state laws on cybersecurity standards and securing personal information before they were protected. Businesses also would need to adopt a cybersecurity program that aligned with one of the bill's recommended frameworks.

Alexis Buese, a partner with law firm Bradley Arant's litigation group, testified before the Florida House of Representatives Commerce Committee in January in support of the bill.

"This bill is important, because it appropriately recognizes that covered entities can never fully eliminate the risk of cyber attacks," she said at the time.

Buese defends companies facing class action lawsuits after a data breach.

"It is everything from infrastructure, hospitals, retailers, law firms — I mean, you name it," she said of the impacted industries.

When it comes to the outcome, Buese said that may not be what consumers expect.

"Often what happens is the plaintiffs' attorneys make a huge sum of money, while the consumers rarely, if ever, see any meaningful impact, and the business is kind of stuck in the middle," she said.

She told Spectrum News the bill could've helped businesses and customers.

"It's great for consumers," she said. "It's encouraging businesses to be as scrupulous as they can to protect their data, but it's also great for businesses, because, hopefully, it can protect some of the costs from the class action lawsuits."

DeSantis wrote that the legislation could have led to consumers having inadequate recourse if they were impacted by a breach.

"The idea of incentivizing companies to implement security measures is never a bad thing," said Mason Clark, a visiting assistant professor with Stetson University College of Law.

Clark said while it seemed the legislature was trying to cut down on litigation costs for plaintiffs and companies, the bill could jave actually led to more litigation.

"Because they made it so broad and because they made it so flexible, we still are going to need the courts to help us answer this question: What is substantial alignment? And that flexibility can be a double-edged sword for both plaintiffs and for the company, I think," he said prior to the veto announcement.

The governor's veto encouraged interested parties to work with the Florida Cybersecurity Advisory Council on potential alternatives to the bill that offer liability protection, as well as safeguard consumer data.