National Academies Press: OpenBook

Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements (2010)

Chapter: APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws

« Previous: APPENDIX B: State Public Records/Freedom of Information Laws
Page 64
Suggested Citation:"APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 64
Page 65
Suggested Citation:"APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 65
Page 66
Suggested Citation:"APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 66
Page 67
Suggested Citation:"APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 67
Page 68
Suggested Citation:"APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 68
Page 69
Suggested Citation:"APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws." National Academies of Sciences, Engineering, and Medicine. 2010. Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements. Washington, DC: The National Academies Press. doi: 10.17226/14404.
×
Page 69

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

64 APPENDIX C: Security Exemptions to State Public Records/Freedom of Information Laws510 The following exemptions are security exemptions unless otherwise noted. Additional exemptions are included for illustrative purposes only. Transit agencies should research their own state law (including the open records statutes cited in Appendix B) for other exemptions that may be used to retain confidentiality of security infor- mation. Such exemptions include those that include by reference specific federal exemptions or federal exemp- tions in general, as well as exemptions—such as the deliberative process exemption—that may protect security- related information on procedural grounds. Links to citations are provided for convenience; transit agencies should verify statutory language from official sources. Alabama: Ala. Code, § 36-12-40, http://alisondb.legislature.state.al.us/acas/codeofalabama/1975/36-12- 40.htm. Notwithstanding the foregoing, records concerning security plans, procedures, assessments, measures, or sys- tems, and any other records relating to, or having an impact upon, the security or safety of persons, structures, facilities, or other infrastructures, including without limitation information concerning critical infrastructure (as defined at 42 U.S.C. § 5195c(e) as amended) and critical energy infrastructure information (as defined at 18 C.F.R. § 388.113(c)(1) as amended) the public disclosure of which could reasonably be expected to be detrimental to the public safety or welfare, and records the disclosure of which would otherwise be detrimental to the best interests of the public shall be exempted from this section. Any public officer who receives a request for records that may appear to relate to critical infrastructure or critical energy infrastructure information, shall notify the owner of such infrastructure in writing of the request and provide the owner an opportunity to comment on the request and on the threats to public safety or welfare that could reasonably be expected from public disclosure on the records. Alaska: Alaska Stat. 40.25.120. Public Records; Exceptions; Certified Copies, www.touchngo.com/lglcntr/akstats/Statutes/Title40/Chapter25/Section120.htm. Arizona: Ariz. Rev. Stat. 39-126. Federal risk assessments of infrastructure; confidentiality [specifies “critical energy, water or telecommunications infrastructure”], www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/39/00126.htm&Title=39&DocType=ARS. Arkansas: Ark. Code Ann. § 25-19-105. Examination and copying of public records, http://ag.arkansas.gov/pdfs/foia-ocr.pdf. (b) It is the specific intent of this section that the following shall not be deemed to be made open to the public under the provisions of this chapter: *** (9)(A) Files that if disclosed would give advantage to competitors or bidders and records maintained by the Arkansas Economic Development Commission related to any business entity’s planning, site location, expan- sion, operations, or product development and marketing, unless approval for release of those records is granted by the business entity. *** (16)(A) Records, including analyses, investigations, studies, reports, recommendations, requests for proposals, drawings, diagrams, blueprints, and plans containing information relating to security for any public water sys- tem. (B) The records shall include: (i) Risk and vulnerability assessments; (ii) Plans and proposals for preventing and mitigating security risks; (iii) Emergency response and recovery records; (iv) Security plans and procedures; and (v) Any other records containing information that if disclosed might jeopardize or compromise efforts to secure and protect the public water system. (C) This subdivision (b)(16) shall expire on July 1, 2007. 510 Some of these provisions exclude certain security-related information from the definition of public record altogether. GANSLER, supra note 53.

65 [According to the Arkansas Attorney General, the Homeland Security Information Act, A.C.A. 12-75-subch.1 (note) (Act 1366 of 2003) shields certain terrorism threat assessments, plans, operational policies or procedures, and training developed or maintained by “emergency service agencies” and records received from federal gov- ernment and other states and cities if shielded in those jurisdictions. www.arkansasag.gov/pdfs/FOIA-Seminar- 2007.ppt.]. California: Government Code, Article 1, General Provisions, Section 6254 [exemptions] * * * (k) Records, the disclosure of which is exempted or prohibited pursuant to federal or state law, including, but not limited to, provisions of the Evidence Code relating to privilege. * * * (p) Records of state agencies related to activities governed by Chapter 10.3 (commencing with Section 3512), Chapter 10.5 (commencing with Section 3525), and Chapter 12 (commencing with Section 3560) of Division 4, that reveal a state agency's deliberative processes, impressions, evaluations, opinions, recommendations, meet- ing minutes, research, work products, theories, or strategy, or that provide instruction, advice, or training to employees who do not have full collective bargaining and representation rights under these chapters. Nothing in this subdivision shall be construed to limit the disclosure duties of a state agency with respect to any other re- cords relating to the activities governed by the employee relations acts referred to in this subdivision. * * * (aa) A document prepared by or for a state or local agency that assesses its vulnerability to terrorist attack or other criminal acts intended to disrupt the public agency's operations and that is for distribution or considera- tion in a closed session. (ab) Critical infrastructure information, as defined in Section 131(3) of Title 6 of the United States Code, that is voluntarily submitted to the California Emergency Management Agency for use by that office, including the identity of the person who or entity that voluntarily submitted the information. As used in this subdivision, “voluntarily submitted” means submitted in the absence of the office exercising any legal authority to compel access to or submission of critical infrastructure information. This subdivision shall not affect the status of in- formation in the possession of any other state or local governmental agency. www.leginfo.ca.gov/cgi-bin/displaycode?section=gov&group=06001-07000&file=6250-6270. 6254.15 [exemption from disclosure requirements for corporate proprietary information including trade se- crets]. 6254.23. Nothing in this chapter or any other provision of law shall require the disclosure of a risk assessment or railroad infrastructure protection program filed with the Public Utilities Commission, the Director of Home- land Security, and the Office of Emergency Services pursuant to Article 7.3 (commencing with Section 7665) of Chapter 1 of Division 4 of the Public Utilities Code. 6255 [requirement to justify withholding under exemption]. 6257.5 [purpose for request not relevant]. 6259 [court order to disclose improperly withheld records]. California Public Records Act, Government Code, Article 2, Other Exemptions from Disclosure, Section 6275– 6276.48 www.leginfo.ca.gov/cgi-bin/displaycode?section=gov&group=06001-07000&file=6275-6276.48 [review for relevance]. 6254.5. [Disclosure of exempt public record is waiver, not applicable to a number of waivers, including public records: Made to any governmental agency which agrees to treat the disclosed material as confidential.]. Colorado: Colorado Open Records Act, Colo. Rev. Stat. Title 24, Article 72, Part 2, 24-72-204. Allowance or denial of inspection—grounds—procedure—appeal—definitions. [Exemption from disclosure for inspections con- trary to state law; federal law; contracts for security to remain open, except to extent they contain details of se- curity arrangements, such details may be withheld if disclosure found contrary to public interest; deliberative process records may be withheld if disclosure found contrary to public interest, but with explanation of why document is privileged and why disclosure would cause substantial injury to public interest.], www.michie.com/colorado/lpext.dll?f=templates&fn=main-h.htm&cp=. Connecticut: Connecticut Freedom of Information Act, Sec. 1-210(b). Exempt records; (b)(19) Records when there are reasonable grounds to believe disclosure may result in a safety risk, including the risk of harm to any person, any government-owned or -leased institution or facility or any fixture or appurtenance and equipment attached to, or contained in, such institution or facility, except that such records shall be disclosed to a law en- forcement agency upon the request of the law enforcement agency. [Includes security manuals, training manu-

66 als describing security procedures, and emergency plans.], www.state.ct.us/foi/2003FOIA/Full%202003%20FOI%20Act.htm. Delaware: 29 Del. Code § 10002(g)(16), http://delcode.delaware.gov/title29/c100/index.shtml. District of Columbia: D.C. Code Ann. § 2-534(a)(10), http://government.westlaw.com/linkedslice/default.asp?SP=DCC-1000. Florida: Fla. Stat. § 119.071(1) [exemption for bids/proposals until agency decision is made], (3)(a) [security], www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Statute&Search_String=&URL=Ch0119/SEC071.HT M&Title=-%3E2008-%3ECh0119-%3ESection%20071#0119.071. Georgia: Ga. Code Ann. § 50-18-72(a) [public disclosure not required for records in this category] (1) [specifi- cally required by federal government to be kept confidential], (15)(A)[security information in specified context, covers security plans and vulnerability assessments]; (b) [public records requirements do not apply to records in this category] (1) [trade secrets required to be submitted to government], http://sos.georgia.gov/Archives/who_are_we/rims/best_practices_resources/open_records_act.htm#50-18-72. Hawaii: Haw. Rev. Stat. § 92F-13(3) [government records that, by their nature, must be confidential in order for the government to avoid the frustration of a legitimate government function], www.state.hi.us/oip/uipa.html#92F13. Idaho: Idaho Code § 9-340A(1) [exemptions specifically provided for in federal or state law], www.legislature.idaho.gov/idstat/Title9/T9CH3SECT9-340A.htm; Idaho Code § 9-340B(4)(b) [building records, only when disclosure would compromise public safety], www.legislature.idaho.gov/idstat/Title9/T9CH3SECT9- 340B.htm. Illinois: 5 Ill. Comp. Stat. 140/7(1)(a), (f), (g), (h) [proposal and bid information that could impede fair pro- curement if disclosed before award], (k), (ff) [directly relates to security portions of RTA/St. Clair County Transit District system safety program plans], (ll), www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=85&ChapAct=5%20ILCS%20140/&ChapterID=2&ChapterName= GENERAL+PROVISIONS&ActName=Freedom+of+Information+Act. Indiana: Ind. Code § 5-14-3-4 (a) [may not be disclosed except under court order] (1)-(5); (b) [excepted from disclosure at agency’s discretion] (6), (10), (19) [includes vulnerability assessments if disclosure likely to have reasonable likelihood of threatening public safety], www.in.gov/legislative/ic/code/title5/ar14/ch3.html. Iowa: Iowa Code § 22.7. Confidential Records. 45 [critical asset protection plan]; 50 [security procedures, emergency preparedness, including vulnerability assessments]. http://coolice.legis.state.ia.us/Cool- ICE/default.asp?category=billinfo&service=IowaCode&ga=83#22.7. Kansas: Kan. Stat. Ann. § 45-221(a)(45), accessible from www.kslegislature.org/legsrv-statutes/index.do. Kentucky: Ky. Rev. Stat. 61.878 Certain public records exempted from inspection except on order of court— Restriction of state employees to inspect personnel files prohibited. (m), www.lrc.state.ky.us/krs/061- 00/878.PDF: (1) The following public records are excluded from the application of KRS 61.870 to 61.884 and shall be sub- ject to inspection only upon order of a court of competent jurisdiction, except that no court shall authorize the inspection by any party of any materials pertaining to civil litigation beyond that which is provided by the Rules of Civil Procedure governing pretrial discovery: *** (j) Preliminary recommendations, and preliminary memoranda in which opinions are expressed or policies formulated or recommended; (k) All public records or information the disclosure of which is prohibited by federal law or regulation; (l) Public records or information the disclosure of which is prohibited or restricted or otherwise made confi- dential by enactment of the General Assembly; (m) 1. Public records the disclosure of which would have a reasonable likelihood of threatening the public safety by exposing a vulnerability in preventing, protecting against, mitigating, or responding to a terrorist act and limited to:

67 a. Criticality lists resulting from consequence assessments; b. Vulnerability assessments; c. Antiterrorism protective measures and plans; d. Counterterrorism measures and plans; e. Security and response needs assessments; f. Infrastructure records that expose a vulnerability referred to in this subparagraph through the disclosure of the location, configuration, or security of critical systems, including public utility critical systems. These critical systems shall include but not be limited to information technology, communication, electrical, fire suppression, ventilation, water, wastewater, sewage, and gas systems; g. The following records when their disclosure will expose a vulnerability referred to in this subparagraph: de- tailed drawings, schematics, maps, or specifications of structural elements, floor plans, and operating, utility, or security systems of any building or facility owned, occupied, leased, or maintained by a public agency; and h. Records when their disclosure will expose a vulnerability referred to in this subparagraph and that de- scribe the exact physical location of hazardous chemical, radiological, or biological materials. *** 3. On the same day that a public agency denies a request to inspect a public record for a reason identified in this paragraph, that public agency shall forward a copy of the written denial of the request, referred to in KRS 61.880(1), to the executive director of the Office for Security Coordination and the Attorney General. 4. Nothing in this paragraph shall affect the obligations of a public agency with respect to disclosure and availability of public records under state environmental, health, and safety programs. (4) If any public record contains material which is not excepted under this section, the public agency shall separate the excepted and make the nonexcepted material available for examination. (5) The provisions of this section shall in no way prohibit or limit the exchange of public records or the sharing of information between public agencies when the exchange is serving a legitimate governmental need or is nec- essary in the performance of a legitimate government function. Louisiana: La. Rev. Stat. Ann. §§ 44:3.1, Certain records pertaining to terrorist-related activity, www.legis.state.la.us/lss/lss.asp?doc=206916; § 44:23.1, Department of Transportation and Development; excep- tion for certain sensitive security information or critical infrastructure information, www.legis.state.la.us/lss/lss.asp?doc=631240. Maine: 1 Me. Rev. Stat. Ann. § 402.3.L, www.mainelegislature.org/legis/statutes/1/title1sec402.html. Maryland: M.S.A. § 10-618(j), Discretionary Denials: Public Security. [Custodian may deny disclosure if cus- todian believes disclosure would be contrary to public interest.] www.oag.state.md.us/opengov/Appendix_C.pdf. Massachusetts: Mass. Gen. Laws c. 4, § 7, cl. 26 (a), (b), (d), (g), (h) [bids and proposal before bid closing, agency deliberations prior to contract award], (n) [includes vulnerability assessments, allows record custodian discretion not inherent in other statutory exception under Massachusetts law.511] www.mass.gov/legis/laws/mgl/4/4-7.htm. Michigan: Freedom of Information Act, Act 442 of 1976, Mich. Comp. Laws § 15.243(1)(y), www.legislature.mi.gov/(S(m4by0iqwcqquvpauqp4z1eap))/mileg.aspx?page=getObject&objectName=mcl-15-243. Minnesota: No specific security exemption. Does contain specific exemption for transportation projects dur- ing bidding process. www.revisor.leg.state.mn.us/data/revisor/statute/2008/013/2008-13.72.pdf. Mississippi: No specific security exemption. Missouri: Mo. Rev. Stat. § 610.021(18), (19), http://ago.mo.gov/sunshinelaw/chapter610.htm#header7 [In 2008 the security exemptions were extended through December 31, 2012. http://ago.mo.gov/pdf/MissouriSunshineLaw.pdf, pp. 54, 55.]. Montana: No specific security exemption. 511 A GUIDE TO THE MASSACHUSETTS PUBLIC RECORDS LAW 23–24, www.sec.state.ma.us/pre/prepdf/guide.pdf.

68 Nebraska: Neb. Rev. Stat. § 84-712.05(8), http://uniweb.legislature.ne.gov/laws/statutes.php?statute=s8407012005. [Note discretionary nature.512]. Nevada: Nev. Rev. Stat. § 239C.210, 220, www.leg.state.nv.us/NRS/NRS-239C.html#NRS239CSec210. New Hampshire: N.H. Rev. Stat. Ann., § 91-A:5, VI, www.gencourt.state.nh.us/rsa/html/VI/91-A/91-A-5.htm. New Jersey: N.J. Stat. Ann. §§ 47:1A, http://www.njleg.state.nj.us/2000/Bills/PL01/404_.PDF. New Mexico: N.M. Stat. Ann. § 14-2-1(A)(8), www.conwaygreene.com/nmsu/lpext.dll?f=templates&fn=main- h.htm&2.0. New York: N.Y. Pub. Off. § 87(2)(f), (i) Freedom of Information Law, § 87.2.(a) [specifically exempted by other law], (d) [trade secret/commercial information], (f) [endanger life or safety], (g) [certain inter-agency or intra- agency materials] of Article 6, Public Officers Law, http://public.leginfo.state.ny.us/menugetf.cgi [Select PBO, then Article 6]. North Carolina: N.C. Gen. Stat. § 132.1.7, www.ncleg.net/EnactedLegislation/Statutes/HTML/ByChapter/Chapter_132.html. Note: § 132.1.7(c): “Informa- tion relating to the general adoption of public security plans and arrangements, and budgetary information con- cerning the authorization or expenditure of public funds to implement public security plans and arrangements, or for the construction, renovation, or repair of public buildings and infrastructure facilities shall be public re- cords. (2001[ ]516, s. 3; 2003[ ]180, s. 1.)”. North Dakota: N.D. Cent. Code §§ 44-04-24, Security system plan – Exemption; 44-04-25, Public health and security plans – Exemption, www.legis.nd.gov/cencode/t44c04.pdf. Ohio: Ohio Rev. Code §§ 149.433, Exempting security and infrastructure records, http://codes.ohio.gov/orc/149.433. Oklahoma: 51 Okla. Stat. § 24A.28, www.lsb.state.ok.us/osstatuestitle.html. Oregon: No security exemption that would apply to transit facilities. Pennsylvania: 65 Pa. Stat. § 67.708(b)(2) and (3), www.dced.state.pa.us/public/oor/pa_righttoknowlaw.pdf. Rhode Island: No specific security exemption. South Carolina: S.C. Code Ann. § 30-4-45, www.scstatehouse.gov/code/t30c004.htm. South Dakota: No specific security exemption. Tennessee: Tenn. Code Ann. § 10-7-503(e); § 10-7-504(a)(21). Texas: Texas Homeland Security Act, Tex. Gov’t Code Ann. §§ 418.177, 418.181, www.statutes.legis.state.tx.us/SOTWDocs/GV/pdf/GV.418.pdf , material exempted from disclosure under Texas Public Information Act, Tex. Gov’t Code Ann. § 552.101. Utah: Utah Code Ann. § 63-2-106, www.le.utah.gov/UtahCode/getCodeSection?code=63G-2-106. Vermont: 1 Vt. Stat. Ann. § 317(c)(25), www.leg.state.vt.us/statutes/fullchapter.cfm?Title=01&Chapter=005. Virginia: Va. Code § 2.2-3705.02 Exclusions to application of chapter; records relating to public safety, http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+2.2-3705.2. 512 Op. Att'y. Gen. No. 94080 (Oct. 14, 1994), http://www.ago.ne.gov/agopinions/details.htm?searchStr=1&_search_id=1663.

69 Washington: Wash. Rev. Code § 4 2.56.420 Security, http://apps.leg.wa.gov/RCW/default.aspx?cite=42.56.420. West Virginia: W. Va. Code § 28B-1-4(9), (10), (14), (15), www.legis.state.wv.us/WVCODE/ChapterEntire.cfm?chap=29b. Wisconsin: Wis. Stat. § 19.36(9). Wyoming: Wyo. Stat. § 16-4-203(b)(vi), http://legisweb.state.wy.us/statutes/titles/Title16/T16CH4AR2.htm.

Next: APPENDIX D: State Records Management Laws »
Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB‘s Transit Cooperative Research Program (TCRP) Legal Research Digest 32: Reconciling Security, Disclosure, and Record-Retention Requirements in Transit Procurements highlights the legal requirements that are relevant to the transit procurement process of balancing the competing needs of open government and public security. The report explores federal and state requirements concerning record retention and disclosure, as well as practices transit agencies have adopted to meet their responsibilities in balancing these competing public policy interests.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!