Access Control Requirements Under HB 837

Florida Statute 768.0706 lists specific access control requirements that multifamily property owners must implement to qualify for the presumption against liability. These are not suggestions. They are statutory minimums, and missing even one can void the liability protection the statute provides.

This post covers exactly what the law requires, where most properties fail, and how access control failures become negligent security claims.

What the statute requires

768.0706 applies to multifamily residential properties with five or more dwelling units. To qualify for the presumption against liability, property owners must substantially implement all of the following:

Unit doors

Every dwelling unit door must have a 1-inch deadbolt. Not a half-inch. Not a spring latch. The statute specifies a minimum 1-inch throw.

Each unit door must also have a peephole or door viewer, unless the door includes a window or has a window next to it. This is one of the most commonly missed requirements because it feels minor. It is not minor in a lawsuit.

Windows and sliding doors

All windows, exterior sliding doors, and any non-community-use doors must have functional locking devices. "Functional" is the operative word. A lock that exists but does not engage fully, or a sliding door bar that has been removed, does not meet the standard.

Pool areas

Pool fence areas must have locked gates accessible only by key or key fob. A gate that does not latch, a lock that is jammed open for convenience, or a fence section with a gap all create exposure.

Security cameras

A camera system must cover all points of entry and exit. Footage must be recorded and maintained in a retrievable format for at least 30 days. Two common failures: cameras that cover common areas but miss secondary entry points, and recording systems that overwrite footage before the 30-day retention window.

Lighting

Parking lots must maintain an average illumination of at least 1.8 foot-candles per square foot, measured at 18 inches above the surface, from dusk to dawn. Walkways, laundry rooms, common areas, and porches must also be lit from dusk to dawn, controlled by photocell or similar automatic technology.

Lighting degrades over time. A parking lot that met the 1.8 foot-candle standard at installation may fall below it within two years due to bulb degradation, fixture damage, or tree growth blocking light paths.

CPTED assessment

A documented CPTED assessment performed by an FCP-certified practitioner or law enforcement agency must be on file, dated within the last three years. The property must remain in substantial compliance with the assessment's recommendations. Learn about the 3-year reassessment requirement.

Employee training

All current employees must complete crime deterrence and safety training. New hires must complete training within 60 days of their start date. Training must be reviewed and updated every three years. Learn about training requirements.

Where most properties fail

The hardware is usually in place. The failures are in maintenance, documentation, and the details that seem trivial until they appear in a deposition:

Deadbolts that don't fully engage. A deadbolt that sticks, requires excessive force, or only extends half an inch does not meet the 1-inch requirement. Maintenance staff replace broken fixtures but often don't verify throw length on replacements.

Missing peepholes on replacement doors. When a unit door is replaced after damage, the new door may not include a peephole. If the original door had one and the replacement does not, the unit is now out of compliance.

Pool gates propped open. Maintenance props the gate for pool cleaning, residents prop it for convenience, and it stays open. A single afternoon with an unsecured pool gate, captured on a plaintiff's timeline, creates a documented compliance failure.

Camera blind spots from property changes. A camera system installed to cover the original layout may miss new entry points created by construction, renovations, or changes in traffic patterns. Camera coverage needs to be revalidated after any layout change.

Expired or unaudited access credentials. Former residents, past employees, and completed contractors with active fobs or keys represent a documented vulnerability. Most properties do not have a systematic process for deactivating credentials at turnover.

Lighting below standard with no recent measurement. The 1.8 foot-candle requirement is measurable and objective. If your last light meter reading was two years ago, you cannot demonstrate current compliance. Schedule a lighting assessment.

How access control failures become negligent security claims

Under HB 837, a property owner who fails to meet the 768.0706 requirements does not receive the presumption against liability. Without that presumption, the plaintiff's burden of proof is lower and the property owner's financial exposure increases significantly.

HB 837 also changed two other aspects of negligent security litigation in Florida. The statute of limitations was reduced from four years to two years. And Florida moved from pure comparative negligence to a modified system that bars recovery if the plaintiff is more than 50% at fault. Juries now apportion fault among all parties, including the criminal actor.

These changes help compliant property owners. They do not help non-compliant ones. If your property cannot demonstrate that access control measures meet the statutory requirements, you lose the benefit of every liability protection HB 837 provides.

How to evaluate your property today

Walk every access point during both daytime and nighttime. Check:

• Does every unit door deadbolt extend a full inch?
• Does every unit door have a peephole or door viewer (unless it has a window)?
• Do all windows and sliding doors have functional locks?
• Do pool gates latch and lock automatically?
• Do cameras cover every entry and exit point?
• Is footage retained and retrievable for 30 days?
• Does parking lot lighting measure at least 1.8 foot-candles at 18 inches?
• Are walkways, laundry rooms, common areas, and porches lit from dusk to dawn?

Then check your documentation. Compliance under 768.0706 requires records, not just hardware. If a lawsuit arises, you need to produce: your current CPTED assessment report, employee training records with dates and names, lighting measurement logs, and camera maintenance and retention records.

Properties that meet the physical requirements but cannot produce documentation face the same liability exposure as properties that never installed the hardware.

Frequently asked questions

What does "substantial compliance" mean?

The statute does not define a precise percentage. Substantial compliance means a documented, good-faith effort to implement all required security measures. Properties with minor gaps but a clear Management Action Plan to address them are in a stronger position than properties with undocumented partial implementation.

Do these requirements apply to commercial properties?

768.0706 specifically applies to multifamily residential properties with five or more dwelling units. Commercial properties face negligent security liability under different standards, but the access control principles are similar.

What if my property was built before HB 837?

The requirements apply regardless of when the property was built. Older properties may need retrofitting to meet the deadbolt, lighting, and camera requirements. The cost of retrofitting is significantly lower than the cost of defending a negligent security claim without the statutory presumption.

How often should access control be audited?

The CPTED assessment is required every three years. Between assessments, conduct quarterly walkthroughs of all access points and maintain documentation of any repairs or replacements. Credential audits (deactivating former resident and employee access) should happen at every turnover.