Cover Image

Not for Sale



View/Hide Left Panel
Click for next page ( 65


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 64
64 APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws510 The following exemptions are security exemptions unless otherwise noted. Additional exemptions are included for illustrative purposes only. Transit agencies should research their own state law (including the open records statutes cited in Appendix B) for other exemptions that may be used to retain confidentiality of security infor- mation. Such exemptions include those that include by reference specific federal exemptions or federal exemp- tions in general, as well as exemptions--such as the deliberative process exemption--that may protect security- related information on procedural grounds. Links to citations are provided for convenience; transit agencies should verify statutory language from official sources. Alabama: Ala. Code, 36-12-40, http://alisondb.legislature.state.al.us/acas/codeofalabama/1975/36-12- 40.htm. Notwithstanding the foregoing, records concerning security plans, procedures, assessments, measures, or sys- tems, and any other records relating to, or having an impact upon, the security or safety of persons, structures, facilities, or other infrastructures, including without limitation information concerning critical infrastructure (as defined at 42 U.S.C. 5195c(e) as amended) and critical energy infrastructure information (as defined at 18 C.F.R. 388.113(c)(1) as amended) the public disclosure of which could reasonably be expected to be detrimental to the public safety or welfare, and records the disclosure of which would otherwise be detrimental to the best interests of the public shall be exempted from this section. Any public officer who receives a request for records that may appear to relate to critical infrastructure or critical energy infrastructure information, shall notify the owner of such infrastructure in writing of the request and provide the owner an opportunity to comment on the request and on the threats to public safety or welfare that could reasonably be expected from public disclosure on the records. Alaska: Alaska Stat. 40.25.120. Public Records; Exceptions; Certified Copies, www.touchngo.com/lglcntr/akstats/Statutes/Title40/Chapter25/Section120.htm. Arizona: Ariz. Rev. Stat. 39-126. Federal risk assessments of infrastructure; confidentiality [specifies "critical energy, water or telecommunications infrastructure"], www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/39/00126.htm&Title=39&DocType=ARS. Arkansas: Ark. Code Ann. 25-19-105. Examination and copying of public records, http://ag.arkansas.gov/pdfs/foia-ocr.pdf. (b) It is the specific intent of this section that the following shall not be deemed to be made open to the public under the provisions of this chapter: *** (9)(A) Files that if disclosed would give advantage to competitors or bidders and records maintained by the Arkansas Economic Development Commission related to any business entity's planning, site location, expan- sion, operations, or product development and marketing, unless approval for release of those records is granted by the business entity. *** (16)(A) Records, including analyses, investigations, studies, reports, recommendations, requests for proposals, drawings, diagrams, blueprints, and plans containing information relating to security for any public water sys- tem. (B) The records shall include: (i) Risk and vulnerability assessments; (ii) Plans and proposals for preventing and mitigating security risks; (iii) Emergency response and recovery records; (iv) Security plans and procedures; and (v) Any other records containing information that if disclosed might jeopardize or compromise efforts to secure and protect the public water system. (C) This subdivision (b)(16) shall expire on July 1, 2007. 510 Some of these provisions exclude certain security-related information from the definition of public record altogether. GANSLER, supra note 53.

OCR for page 64
65 [According to the Arkansas Attorney General, the Homeland Security Information Act, A.C.A. 12-75-subch.1 (note) (Act 1366 of 2003) shields certain terrorism threat assessments, plans, operational policies or procedures, and training developed or maintained by "emergency service agencies" and records received from federal gov- ernment and other states and cities if shielded in those jurisdictions. www.arkansasag.gov/pdfs/FOIA-Seminar- 2007.ppt.]. California: Government Code, Article 1, General Provisions, Section 6254 [exemptions] *** (k) Records, the disclosure of which is exempted or prohibited pursuant to federal or state law, including, but not limited to, provisions of the Evidence Code relating to privilege. *** (p) Records of state agencies related to activities governed by Chapter 10.3 (commencing with Section 3512), Chapter 10.5 (commencing with Section 3525), and Chapter 12 (commencing with Section 3560) of Division 4, that reveal a state agency's deliberative processes, impressions, evaluations, opinions, recommendations, meet- ing minutes, research, work products, theories, or strategy, or that provide instruction, advice, or training to employees who do not have full collective bargaining and representation rights under these chapters. Nothing in this subdivision shall be construed to limit the disclosure duties of a state agency with respect to any other re- cords relating to the activities governed by the employee relations acts referred to in this subdivision. *** (aa) A document prepared by or for a state or local agency that assesses its vulnerability to terrorist attack or other criminal acts intended to disrupt the public agency's operations and that is for distribution or considera- tion in a closed session. (ab) Critical infrastructure information, as defined in Section 131(3) of Title 6 of the United States Code, that is voluntarily submitted to the California Emergency Management Agency for use by that office, including the identity of the person who or entity that voluntarily submitted the information. As used in this subdivision, "voluntarily submitted" means submitted in the absence of the office exercising any legal authority to compel access to or submission of critical infrastructure information. This subdivision shall not affect the status of in- formation in the possession of any other state or local governmental agency. www.leginfo.ca.gov/cgi-bin/displaycode?section=gov&group=06001-07000&file=6250-6270. 6254.15 [exemption from disclosure requirements for corporate proprietary information including trade se- crets]. 6254.23. Nothing in this chapter or any other provision of law shall require the disclosure of a risk assessment or railroad infrastructure protection program filed with the Public Utilities Commission, the Director of Home- land Security, and the Office of Emergency Services pursuant to Article 7.3 (commencing with Section 7665) of Chapter 1 of Division 4 of the Public Utilities Code. 6255 [requirement to justify withholding under exemption]. 6257.5 [purpose for request not relevant]. 6259 [court order to disclose improperly withheld records]. California Public Records Act, Government Code, Article 2, Other Exemptions from Disclosure, Section 6275 6276.48 www.leginfo.ca.gov/cgi-bin/displaycode?section=gov&group=06001-07000&file=6275-6276.48 [review for relevance]. 6254.5. [Disclosure of exempt public record is waiver, not applicable to a number of waivers, including public records: Made to any governmental agency which agrees to treat the disclosed material as confidential.]. Colorado: Colorado Open Records Act, Colo. Rev. Stat. Title 24, Article 72, Part 2, 24-72-204. Allowance or denial of inspection--grounds--procedure--appeal--definitions. [Exemption from disclosure for inspections con- trary to state law; federal law; contracts for security to remain open, except to extent they contain details of se- curity arrangements, such details may be withheld if disclosure found contrary to public interest; deliberative process records may be withheld if disclosure found contrary to public interest, but with explanation of why document is privileged and why disclosure would cause substantial injury to public interest.], www.michie.com/colorado/lpext.dll?f=templates&fn=main-h.htm&cp=. Connecticut: Connecticut Freedom of Information Act, Sec. 1-210(b). Exempt records; (b)(19) Records when there are reasonable grounds to believe disclosure may result in a safety risk, including the risk of harm to any person, any government-owned or -leased institution or facility or any fixture or appurtenance and equipment attached to, or contained in, such institution or facility, except that such records shall be disclosed to a law en- forcement agency upon the request of the law enforcement agency. [Includes security manuals, training manu-

OCR for page 64
66 als describing security procedures, and emergency plans.], www.state.ct.us/foi/2003FOIA/Full%202003%20FOI%20Act.htm. Delaware: 29 Del. Code 10002(g)(16), http://delcode.delaware.gov/title29/c100/index.shtml. District of Columbia: D.C. Code Ann. 2-534(a)(10), http://government.westlaw.com/linkedslice/default.asp?SP=DCC-1000. Florida: Fla. Stat. 119.071(1) [exemption for bids/proposals until agency decision is made], (3)(a) [security], www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Statute&Search_String=&URL=Ch0119/SEC071.HT M&Title=-%3E2008-%3ECh0119-%3ESection%20071#0119.071. Georgia: Ga. Code Ann. 50-18-72(a) [public disclosure not required for records in this category] (1) [specifi- cally required by federal government to be kept confidential], (15)(A)[security information in specified context, covers security plans and vulnerability assessments]; (b) [public records requirements do not apply to records in this category] (1) [trade secrets required to be submitted to government], http://sos.georgia.gov/Archives/who_are_we/rims/best_practices_resources/open_records_act.htm#50-18-72. Hawaii: Haw. Rev. Stat. 92F-13(3) [government records that, by their nature, must be confidential in order for the government to avoid the frustration of a legitimate government function], www.state.hi.us/oip/uipa.html#92F13. Idaho: Idaho Code 9-340A(1) [exemptions specifically provided for in federal or state law], www.legislature.idaho.gov/idstat/Title9/T9CH3SECT9-340A.htm; Idaho Code 9-340B(4)(b) [building records, only when disclosure would compromise public safety], www.legislature.idaho.gov/idstat/Title9/T9CH3SECT9- 340B.htm. Illinois: 5 Ill. Comp. Stat. 140/7(1)(a), (f), (g), (h) [proposal and bid information that could impede fair pro- curement if disclosed before award], (k), (ff) [directly relates to security portions of RTA/St. Clair County Transit District system safety program plans], (ll), www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=85&ChapAct=5%20ILCS%20140/&ChapterID=2&ChapterName= GENERAL+PROVISIONS&ActName=Freedom+of+Information+Act. Indiana: Ind. Code 5-14-3-4 (a) [may not be disclosed except under court order] (1)-(5); (b) [excepted from disclosure at agency's discretion] (6), (10), (19) [includes vulnerability assessments if disclosure likely to have reasonable likelihood of threatening public safety], www.in.gov/legislative/ic/code/title5/ar14/ch3.html. Iowa: Iowa Code 22.7. Confidential Records. 45 [critical asset protection plan]; 50 [security procedures, emergency preparedness, including vulnerability assessments]. http://coolice.legis.state.ia.us/Cool- ICE/default.asp?category=billinfo&service=IowaCode&ga=83#22.7. Kansas: Kan. Stat. Ann. 45-221(a)(45), accessible from www.kslegislature.org/legsrv-statutes/index.do. Kentucky: Ky. Rev. Stat. 61.878 Certain public records exempted from inspection except on order of court-- Restriction of state employees to inspect personnel files prohibited. (m), www.lrc.state.ky.us/krs/061- 00/878.PDF: (1) The following public records are excluded from the application of KRS 61.870 to 61.884 and shall be sub- ject to inspection only upon order of a court of competent jurisdiction, except that no court shall authorize the inspection by any party of any materials pertaining to civil litigation beyond that which is provided by the Rules of Civil Procedure governing pretrial discovery: *** (j) Preliminary recommendations, and preliminary memoranda in which opinions are expressed or policies formulated or recommended; (k) All public records or information the disclosure of which is prohibited by federal law or regulation; (l) Public records or information the disclosure of which is prohibited or restricted or otherwise made confi- dential by enactment of the General Assembly; (m) 1. Public records the disclosure of which would have a reasonable likelihood of threatening the public safety by exposing a vulnerability in preventing, protecting against, mitigating, or responding to a terrorist act and limited to:

OCR for page 64
67 a. Criticality lists resulting from consequence assessments; b. Vulnerability assessments; c. Antiterrorism protective measures and plans; d. Counterterrorism measures and plans; e. Security and response needs assessments; f. Infrastructure records that expose a vulnerability referred to in this subparagraph through the disclosure of the location, configuration, or security of critical systems, including public utility critical systems. These critical systems shall include but not be limited to information technology, communication, electrical, fire suppression, ventilation, water, wastewater, sewage, and gas systems; g. The following records when their disclosure will expose a vulnerability referred to in this subparagraph: de- tailed drawings, schematics, maps, or specifications of structural elements, floor plans, and operating, utility, or security systems of any building or facility owned, occupied, leased, or maintained by a public agency; and h. Records when their disclosure will expose a vulnerability referred to in this subparagraph and that de- scribe the exact physical location of hazardous chemical, radiological, or biological materials. *** 3. On the same day that a public agency denies a request to inspect a public record for a reason identified in this paragraph, that public agency shall forward a copy of the written denial of the request, referred to in KRS 61.880(1), to the executive director of the Office for Security Coordination and the Attorney General. 4. Nothing in this paragraph shall affect the obligations of a public agency with respect to disclosure and availability of public records under state environmental, health, and safety programs. (4) If any public record contains material which is not excepted under this section, the public agency shall separate the excepted and make the nonexcepted material available for examination. (5) The provisions of this section shall in no way prohibit or limit the exchange of public records or the sharing of information between public agencies when the exchange is serving a legitimate governmental need or is nec- essary in the performance of a legitimate government function. Louisiana: La. Rev. Stat. Ann. 44:3.1, Certain records pertaining to terrorist-related activity, www.legis.state.la.us/lss/lss.asp?doc=206916; 44:23.1, Department of Transportation and Development; excep- tion for certain sensitive security information or critical infrastructure information, www.legis.state.la.us/lss/lss.asp?doc=631240. Maine: 1 Me. Rev. Stat. Ann. 402.3.L, www.mainelegislature.org/legis/statutes/1/title1sec402.html. Maryland: M.S.A. 10-618(j), Discretionary Denials: Public Security. [Custodian may deny disclosure if cus- todian believes disclosure would be contrary to public interest.] www.oag.state.md.us/opengov/Appendix_C.pdf. Massachusetts: Mass. Gen. Laws c. 4, 7, cl. 26 (a), (b), (d), (g), (h) [bids and proposal before bid closing, agency deliberations prior to contract award], (n) [includes vulnerability assessments, allows record custodian 511 discretion not inherent in other statutory exception under Massachusetts law. ] www.mass.gov/legis/laws/mgl/4/4-7.htm. Michigan: Freedom of Information Act, Act 442 of 1976, Mich. Comp. Laws 15.243(1)(y), www.legislature.mi.gov/(S(m4by0iqwcqquvpauqp4z1eap))/mileg.aspx?page=getObject&objectName=mcl-15-243. Minnesota: No specific security exemption. Does contain specific exemption for transportation projects dur- ing bidding process. www.revisor.leg.state.mn.us/data/revisor/statute/2008/013/2008-13.72.pdf. Mississippi: No specific security exemption. Missouri: Mo. Rev. Stat. 610.021(18), (19), http://ago.mo.gov/sunshinelaw/chapter610.htm#header7 [In 2008 the security exemptions were extended through December 31, 2012. http://ago.mo.gov/pdf/MissouriSunshineLaw.pdf, pp. 54, 55.]. Montana: No specific security exemption. 511 A GUIDE TO THE MASSACHUSETTS PUBLIC RECORDS LAW 2324, www.sec.state.ma.us/pre/prepdf/guide.pdf.

OCR for page 64
68 Nebraska: Neb. Rev. Stat. 84-712.05(8), http://uniweb.legislature.ne.gov/laws/statutes.php?statute=s8407012005. [Note discretionary nature.512]. Nevada: Nev. Rev. Stat. 239C.210, 220, www.leg.state.nv.us/NRS/NRS-239C.html#NRS239CSec210. New Hampshire: N.H. Rev. Stat. Ann., 91-A:5, VI, www.gencourt.state.nh.us/rsa/html/VI/91-A/91-A-5.htm. New Jersey: N.J. Stat. Ann. 47:1A, http://www.njleg.state.nj.us/2000/Bills/PL01/404_.PDF. New Mexico: N.M. Stat. Ann. 14-2-1(A)(8), www.conwaygreene.com/nmsu/lpext.dll?f=templates&fn=main- h.htm&2.0. New York: N.Y. Pub. Off. 87(2)(f), (i) Freedom of Information Law, 87.2.(a) [specifically exempted by other law], (d) [trade secret/commercial information], (f) [endanger life or safety], (g) [certain inter-agency or intra- agency materials] of Article 6, Public Officers Law, http://public.leginfo.state.ny.us/menugetf.cgi [Select PBO, then Article 6]. North Carolina: N.C. Gen. Stat. 132.1.7, www.ncleg.net/EnactedLegislation/Statutes/HTML/ByChapter/Chapter_132.html. Note: 132.1.7(c): "Informa- tion relating to the general adoption of public security plans and arrangements, and budgetary information con- cerning the authorization or expenditure of public funds to implement public security plans and arrangements, or for the construction, renovation, or repair of public buildings and infrastructure facilities shall be public re- cords. (2001[ ]516, s. 3; 2003[ ]180, s. 1.)". North Dakota: N.D. Cent. Code 44-04-24, Security system plan Exemption; 44-04-25, Public health and security plans Exemption, www.legis.nd.gov/cencode/t44c04.pdf. Ohio: Ohio Rev. Code 149.433, Exempting security and infrastructure records, http://codes.ohio.gov/orc/149.433. Oklahoma: 51 Okla. Stat. 24A.28, www.lsb.state.ok.us/osstatuestitle.html. Oregon: No security exemption that would apply to transit facilities. Pennsylvania: 65 Pa. Stat. 67.708(b)(2) and (3), www.dced.state.pa.us/public/oor/pa_righttoknowlaw.pdf. Rhode Island: No specific security exemption. South Carolina: S.C. Code Ann. 30-4-45, www.scstatehouse.gov/code/t30c004.htm. South Dakota: No specific security exemption. Tennessee: Tenn. Code Ann. 10-7-503(e); 10-7-504(a)(21). Texas: Texas Homeland Security Act, Tex. Gov't Code Ann. 418.177, 418.181, www.statutes.legis.state.tx.us/SOTWDocs/GV/pdf/GV.418.pdf , material exempted from disclosure under Texas Public Information Act, Tex. Gov't Code Ann. 552.101. Utah: Utah Code Ann. 63-2-106, www.le.utah.gov/UtahCode/getCodeSection?code=63G-2-106. Vermont: 1 Vt. Stat. Ann. 317(c)(25), www.leg.state.vt.us/statutes/fullchapter.cfm?Title=01&Chapter=005. Virginia: Va. Code 2.2-3705.02 Exclusions to application of chapter; records relating to public safety, http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+2.2-3705.2. 512 Op. Att'y. Gen. No. 94080 (Oct. 14, 1994), http://www.ago.ne.gov/agopinions/details.htm?searchStr=1&_search_id=1663.

OCR for page 64
69 Washington: Wash. Rev. Code 4 2.56.420 Security, http://apps.leg.wa.gov/RCW/default.aspx?cite=42.56.420. West Virginia: W. Va. Code 28B-1-4(9), (10), (14), (15), www.legis.state.wv.us/WVCODE/ChapterEntire.cfm?chap=29b. Wisconsin: Wis. Stat. 19.36(9). Wyoming: Wyo. Stat. 16-4-203(b)(vi), http://legisweb.state.wy.us/statutes/titles/Title16/T16CH4AR2.htm.