Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 64
64
APPENDIX C: Security Exemptions to State Public Records/Freedom of
Information Laws510
The following exemptions are security exemptions unless otherwise noted. Additional exemptions are included
for illustrative purposes only. Transit agencies should research their own state law (including the open records
statutes cited in Appendix B) for other exemptions that may be used to retain confidentiality of security infor-
mation. Such exemptions include those that include by reference specific federal exemptions or federal exemp-
tions in general, as well as exemptions--such as the deliberative process exemption--that may protect security-
related information on procedural grounds. Links to citations are provided for convenience; transit agencies
should verify statutory language from official sources.
Alabama: Ala. Code, § 36-12-40, http://alisondb.legislature.state.al.us/acas/codeofalabama/1975/36-12-
40.htm.
Notwithstanding the foregoing, records concerning security plans, procedures, assessments, measures, or sys-
tems, and any other records relating to, or having an impact upon, the security or safety of persons, structures,
facilities, or other infrastructures, including without limitation information concerning critical infrastructure
(as defined at 42 U.S.C. § 5195c(e) as amended) and critical energy infrastructure information (as defined at 18
C.F.R. § 388.113(c)(1) as amended) the public disclosure of which could reasonably be expected to be detrimental
to the public safety or welfare, and records the disclosure of which would otherwise be detrimental to the best
interests of the public shall be exempted from this section. Any public officer who receives a request for records
that may appear to relate to critical infrastructure or critical energy infrastructure information, shall notify the
owner of such infrastructure in writing of the request and provide the owner an opportunity to comment on the
request and on the threats to public safety or welfare that could reasonably be expected from public disclosure
on the records.
Alaska: Alaska Stat. 40.25.120. Public Records; Exceptions; Certified Copies,
www.touchngo.com/lglcntr/akstats/Statutes/Title40/Chapter25/Section120.htm.
Arizona: Ariz. Rev. Stat. 39-126. Federal risk assessments of infrastructure; confidentiality [specifies "critical
energy, water or telecommunications infrastructure"],
www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/39/00126.htm&Title=39&DocType=ARS.
Arkansas: Ark. Code Ann. § 25-19-105. Examination and copying of public records,
http://ag.arkansas.gov/pdfs/foia-ocr.pdf.
(b) It is the specific intent of this section that the following shall not be deemed to be made open to the public
under the provisions of this chapter:
***
(9)(A) Files that if disclosed would give advantage to competitors or bidders and records maintained by the
Arkansas Economic Development Commission related to any business entity's planning, site location, expan-
sion, operations, or product development and marketing, unless approval for release of those records is granted
by the business entity.
***
(16)(A) Records, including analyses, investigations, studies, reports, recommendations, requests for proposals,
drawings, diagrams, blueprints, and plans containing information relating to security for any public water sys-
tem.
(B) The records shall include:
(i) Risk and vulnerability assessments;
(ii) Plans and proposals for preventing and mitigating security risks;
(iii) Emergency response and recovery records;
(iv) Security plans and procedures; and
(v) Any other records containing information that if disclosed might jeopardize or compromise efforts to secure
and protect the public water system.
(C) This subdivision (b)(16) shall expire on July 1, 2007.
510
Some of these provisions exclude certain security-related information from the definition of public record altogether.
GANSLER, supra note 53.
OCR for page 65
65
[According to the Arkansas Attorney General, the Homeland Security Information Act, A.C.A. 12-75-subch.1
(note) (Act 1366 of 2003) shields certain terrorism threat assessments, plans, operational policies or procedures,
and training developed or maintained by "emergency service agencies" and records received from federal gov-
ernment and other states and cities if shielded in those jurisdictions. www.arkansasag.gov/pdfs/FOIA-Seminar-
2007.ppt.].
California: Government Code, Article 1, General Provisions, Section 6254 [exemptions]
***
(k) Records, the disclosure of which is exempted or prohibited pursuant to federal or state law, including, but
not limited to, provisions of the Evidence Code relating to privilege.
***
(p) Records of state agencies related to activities governed by Chapter 10.3 (commencing with Section 3512),
Chapter 10.5 (commencing with Section 3525), and Chapter 12 (commencing with Section 3560) of Division 4,
that reveal a state agency's deliberative processes, impressions, evaluations, opinions, recommendations, meet-
ing minutes, research, work products, theories, or strategy, or that provide instruction, advice, or training to
employees who do not have full collective bargaining and representation rights under these chapters. Nothing in
this subdivision shall be construed to limit the disclosure duties of a state agency with respect to any other re-
cords relating to the activities governed by the employee relations acts referred to in this subdivision.
***
(aa) A document prepared by or for a state or local agency that assesses its vulnerability to terrorist attack or
other criminal acts intended to disrupt the public agency's operations and that is for distribution or considera-
tion in a closed session.
(ab) Critical infrastructure information, as defined in Section 131(3) of Title 6 of the United States Code, that
is voluntarily submitted to the California Emergency Management Agency for use by that office, including the
identity of the person who or entity that voluntarily submitted the information. As used in this subdivision,
"voluntarily submitted" means submitted in the absence of the office exercising any legal authority to compel
access to or submission of critical infrastructure information. This subdivision shall not affect the status of in-
formation in the possession of any other state or local governmental agency.
www.leginfo.ca.gov/cgi-bin/displaycode?section=gov&group=06001-07000&file=6250-6270.
6254.15 [exemption from disclosure requirements for corporate proprietary information including trade se-
crets].
6254.23. Nothing in this chapter or any other provision of law shall require the disclosure of a risk assessment
or railroad infrastructure protection program filed with the Public Utilities Commission, the Director of Home-
land Security, and the Office of Emergency Services pursuant to Article 7.3 (commencing with Section 7665) of
Chapter 1 of Division 4 of the Public Utilities Code.
6255 [requirement to justify withholding under exemption].
6257.5 [purpose for request not relevant].
6259 [court order to disclose improperly withheld records].
California Public Records Act, Government Code, Article 2, Other Exemptions from Disclosure, Section 6275
6276.48 www.leginfo.ca.gov/cgi-bin/displaycode?section=gov&group=06001-07000&file=6275-6276.48 [review for
relevance].
6254.5. [Disclosure of exempt public record is waiver, not applicable to a number of waivers, including public
records: Made to any governmental agency which agrees to treat the disclosed material as confidential.].
Colorado: Colorado Open Records Act, Colo. Rev. Stat. Title 24, Article 72, Part 2, 24-72-204. Allowance or
denial of inspection--grounds--procedure--appeal--definitions. [Exemption from disclosure for inspections con-
trary to state law; federal law; contracts for security to remain open, except to extent they contain details of se-
curity arrangements, such details may be withheld if disclosure found contrary to public interest; deliberative
process records may be withheld if disclosure found contrary to public interest, but with explanation of why
document is privileged and why disclosure would cause substantial injury to public interest.],
www.michie.com/colorado/lpext.dll?f=templates&fn=main-h.htm&cp=.
Connecticut: Connecticut Freedom of Information Act, Sec. 1-210(b). Exempt records; (b)(19) Records when
there are reasonable grounds to believe disclosure may result in a safety risk, including the risk of harm to any
person, any government-owned or -leased institution or facility or any fixture or appurtenance and equipment
attached to, or contained in, such institution or facility, except that such records shall be disclosed to a law en-
forcement agency upon the request of the law enforcement agency. [Includes security manuals, training manu-
OCR for page 66
66
als describing security procedures, and emergency plans.],
www.state.ct.us/foi/2003FOIA/Full%202003%20FOI%20Act.htm.
Delaware: 29 Del. Code § 10002(g)(16), http://delcode.delaware.gov/title29/c100/index.shtml.
District of Columbia: D.C. Code Ann. § 2-534(a)(10),
http://government.westlaw.com/linkedslice/default.asp?SP=DCC-1000.
Florida: Fla. Stat. § 119.071(1) [exemption for bids/proposals until agency decision is made], (3)(a) [security],
www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Statute&Search_String=&URL=Ch0119/SEC071.HT
M&Title=-%3E2008-%3ECh0119-%3ESection%20071#0119.071.
Georgia: Ga. Code Ann. § 50-18-72(a) [public disclosure not required for records in this category] (1) [specifi-
cally required by federal government to be kept confidential], (15)(A)[security information in specified context,
covers security plans and vulnerability assessments]; (b) [public records requirements do not apply to records in
this category] (1) [trade secrets required to be submitted to government],
http://sos.georgia.gov/Archives/who_are_we/rims/best_practices_resources/open_records_act.htm#50-18-72.
Hawaii: Haw. Rev. Stat. § 92F-13(3) [government records that, by their nature, must be confidential in order
for the government to avoid the frustration of a legitimate government function],
www.state.hi.us/oip/uipa.html#92F13.
Idaho: Idaho Code § 9-340A(1) [exemptions specifically provided for in federal or state law],
www.legislature.idaho.gov/idstat/Title9/T9CH3SECT9-340A.htm; Idaho Code § 9-340B(4)(b) [building records,
only when disclosure would compromise public safety], www.legislature.idaho.gov/idstat/Title9/T9CH3SECT9-
340B.htm.
Illinois: 5 Ill. Comp. Stat. 140/7(1)(a), (f), (g), (h) [proposal and bid information that could impede fair pro-
curement if disclosed before award], (k), (ff) [directly relates to security portions of RTA/St. Clair County Transit
District system safety program plans], (ll),
www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=85&ChapAct=5%20ILCS%20140/&ChapterID=2&ChapterName=
GENERAL+PROVISIONS&ActName=Freedom+of+Information+Act.
Indiana: Ind. Code § 5-14-3-4 (a) [may not be disclosed except under court order] (1)-(5); (b) [excepted from
disclosure at agency's discretion] (6), (10), (19) [includes vulnerability assessments if disclosure likely to have
reasonable likelihood of threatening public safety], www.in.gov/legislative/ic/code/title5/ar14/ch3.html.
Iowa: Iowa Code § 22.7. Confidential Records. 45 [critical asset protection plan]; 50 [security procedures,
emergency preparedness, including vulnerability assessments]. http://coolice.legis.state.ia.us/Cool-
ICE/default.asp?category=billinfo&service=IowaCode&ga=83#22.7.
Kansas: Kan. Stat. Ann. § 45-221(a)(45), accessible from www.kslegislature.org/legsrv-statutes/index.do.
Kentucky: Ky. Rev. Stat. 61.878 Certain public records exempted from inspection except on order of court--
Restriction of state employees to inspect personnel files prohibited. (m), www.lrc.state.ky.us/krs/061-
00/878.PDF:
(1) The following public records are excluded from the application of KRS 61.870 to 61.884 and shall be sub-
ject to inspection only upon order of a court of competent jurisdiction, except that no court shall authorize the
inspection by any party of any materials pertaining to civil litigation beyond that which is provided by the Rules
of Civil Procedure governing pretrial discovery:
***
(j) Preliminary recommendations, and preliminary memoranda in which opinions are expressed or policies
formulated or recommended;
(k) All public records or information the disclosure of which is prohibited by federal law or regulation;
(l) Public records or information the disclosure of which is prohibited or restricted or otherwise made confi-
dential by enactment of the General Assembly;
(m) 1. Public records the disclosure of which would have a reasonable likelihood of threatening the public
safety by exposing a vulnerability in preventing, protecting against, mitigating, or responding to a terrorist act
and limited to:
OCR for page 67
67
a. Criticality lists resulting from consequence assessments;
b. Vulnerability assessments;
c. Antiterrorism protective measures and plans;
d. Counterterrorism measures and plans;
e. Security and response needs assessments;
f. Infrastructure records that expose a vulnerability referred to in this subparagraph through the disclosure of
the location, configuration, or security of critical systems, including public utility critical systems. These critical
systems shall include but not be limited to information technology, communication, electrical, fire suppression,
ventilation, water, wastewater, sewage, and gas systems;
g. The following records when their disclosure will expose a vulnerability referred to in this subparagraph: de-
tailed drawings, schematics, maps, or specifications of structural elements, floor plans, and operating, utility, or
security systems of any building or facility owned, occupied, leased, or maintained by a public agency; and
h. Records when their disclosure will expose a vulnerability referred to in this subparagraph and that de-
scribe the exact physical location of hazardous chemical, radiological, or biological materials.
***
3. On the same day that a public agency denies a request to inspect a public record for a reason identified
in this paragraph, that public agency shall forward a copy of the written denial of the request, referred to in
KRS 61.880(1), to the executive director of the Office for Security Coordination and the Attorney General.
4. Nothing in this paragraph shall affect the obligations of a public agency with respect to disclosure and
availability of public records under state environmental, health, and safety programs.
(4) If any public record contains material which is not excepted under this section, the public agency shall
separate the excepted and make the nonexcepted material available for examination.
(5) The provisions of this section shall in no way prohibit or limit the exchange of public records or the sharing
of information between public agencies when the exchange is serving a legitimate governmental need or is nec-
essary in the performance of a legitimate government function.
Louisiana: La. Rev. Stat. Ann. §§ 44:3.1, Certain records pertaining to terrorist-related activity,
www.legis.state.la.us/lss/lss.asp?doc=206916; § 44:23.1, Department of Transportation and Development; excep-
tion for certain sensitive security information or critical infrastructure information,
www.legis.state.la.us/lss/lss.asp?doc=631240.
Maine: 1 Me. Rev. Stat. Ann. § 402.3.L, www.mainelegislature.org/legis/statutes/1/title1sec402.html.
Maryland: M.S.A. § 10-618(j), Discretionary Denials: Public Security. [Custodian may deny disclosure if cus-
todian believes disclosure would be contrary to public interest.] www.oag.state.md.us/opengov/Appendix_C.pdf.
Massachusetts: Mass. Gen. Laws c. 4, § 7, cl. 26 (a), (b), (d), (g), (h) [bids and proposal before bid closing,
agency deliberations prior to contract award], (n) [includes vulnerability assessments, allows record custodian
511
discretion not inherent in other statutory exception under Massachusetts law. ]
www.mass.gov/legis/laws/mgl/4/4-7.htm.
Michigan: Freedom of Information Act, Act 442 of 1976, Mich. Comp. Laws § 15.243(1)(y),
www.legislature.mi.gov/(S(m4by0iqwcqquvpauqp4z1eap))/mileg.aspx?page=getObject&objectName=mcl-15-243.
Minnesota: No specific security exemption. Does contain specific exemption for transportation projects dur-
ing bidding process. www.revisor.leg.state.mn.us/data/revisor/statute/2008/013/2008-13.72.pdf.
Mississippi: No specific security exemption.
Missouri: Mo. Rev. Stat. § 610.021(18), (19), http://ago.mo.gov/sunshinelaw/chapter610.htm#header7 [In
2008 the security exemptions were extended through December 31, 2012.
http://ago.mo.gov/pdf/MissouriSunshineLaw.pdf, pp. 54, 55.].
Montana: No specific security exemption.
511
A GUIDE TO THE MASSACHUSETTS PUBLIC RECORDS LAW 2324, www.sec.state.ma.us/pre/prepdf/guide.pdf.
OCR for page 68
68
Nebraska: Neb. Rev. Stat. § 84-712.05(8),
http://uniweb.legislature.ne.gov/laws/statutes.php?statute=s8407012005. [Note discretionary nature.512].
Nevada: Nev. Rev. Stat. § 239C.210, 220, www.leg.state.nv.us/NRS/NRS-239C.html#NRS239CSec210.
New Hampshire: N.H. Rev. Stat. Ann., § 91-A:5, VI, www.gencourt.state.nh.us/rsa/html/VI/91-A/91-A-5.htm.
New Jersey: N.J. Stat. Ann. §§ 47:1A, http://www.njleg.state.nj.us/2000/Bills/PL01/404_.PDF.
New Mexico: N.M. Stat. Ann. § 14-2-1(A)(8), www.conwaygreene.com/nmsu/lpext.dll?f=templates&fn=main-
h.htm&2.0.
New York: N.Y. Pub. Off. § 87(2)(f), (i) Freedom of Information Law, § 87.2.(a) [specifically exempted by other
law], (d) [trade secret/commercial information], (f) [endanger life or safety], (g) [certain inter-agency or intra-
agency materials] of Article 6, Public Officers Law, http://public.leginfo.state.ny.us/menugetf.cgi [Select PBO,
then Article 6].
North Carolina: N.C. Gen. Stat. § 132.1.7,
www.ncleg.net/EnactedLegislation/Statutes/HTML/ByChapter/Chapter_132.html. Note: § 132.1.7(c): "Informa-
tion relating to the general adoption of public security plans and arrangements, and budgetary information con-
cerning the authorization or expenditure of public funds to implement public security plans and arrangements,
or for the construction, renovation, or repair of public buildings and infrastructure facilities shall be public re-
cords. (2001[ ]516, s. 3; 2003[ ]180, s. 1.)".
North Dakota: N.D. Cent. Code §§ 44-04-24, Security system plan Exemption; 44-04-25, Public health and
security plans Exemption, www.legis.nd.gov/cencode/t44c04.pdf.
Ohio: Ohio Rev. Code §§ 149.433, Exempting security and infrastructure records,
http://codes.ohio.gov/orc/149.433.
Oklahoma: 51 Okla. Stat. § 24A.28, www.lsb.state.ok.us/osstatuestitle.html.
Oregon: No security exemption that would apply to transit facilities.
Pennsylvania: 65 Pa. Stat. § 67.708(b)(2) and (3), www.dced.state.pa.us/public/oor/pa_righttoknowlaw.pdf.
Rhode Island: No specific security exemption.
South Carolina: S.C. Code Ann. § 30-4-45, www.scstatehouse.gov/code/t30c004.htm.
South Dakota: No specific security exemption.
Tennessee: Tenn. Code Ann. § 10-7-503(e); § 10-7-504(a)(21).
Texas: Texas Homeland Security Act, Tex. Gov't Code Ann. §§ 418.177, 418.181,
www.statutes.legis.state.tx.us/SOTWDocs/GV/pdf/GV.418.pdf , material exempted from disclosure under Texas
Public Information Act, Tex. Gov't Code Ann. § 552.101.
Utah: Utah Code Ann. § 63-2-106, www.le.utah.gov/UtahCode/getCodeSection?code=63G-2-106.
Vermont: 1 Vt. Stat. Ann. § 317(c)(25), www.leg.state.vt.us/statutes/fullchapter.cfm?Title=01&Chapter=005.
Virginia: Va. Code § 2.2-3705.02 Exclusions to application of chapter; records relating to public safety,
http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+2.2-3705.2.
512
Op. Att'y. Gen. No. 94080 (Oct. 14, 1994), http://www.ago.ne.gov/agopinions/details.htm?searchStr=1&_search_id=1663.
OCR for page 69
69
Washington: Wash. Rev. Code § 4 2.56.420 Security,
http://apps.leg.wa.gov/RCW/default.aspx?cite=42.56.420.
West Virginia: W. Va. Code § 28B-1-4(9), (10), (14), (15),
www.legis.state.wv.us/WVCODE/ChapterEntire.cfm?chap=29b.
Wisconsin: Wis. Stat. § 19.36(9).
Wyoming: Wyo. Stat. § 16-4-203(b)(vi), http://legisweb.state.wy.us/statutes/titles/Title16/T16CH4AR2.htm.
