CERTIFICATION OF ENROLLMENT
ENGROSSED SUBSTITUTE HOUSE BILL 1068
67TH LEGISLATURE
2021 REGULAR SESSION
Passed by the House February 24, 2021
  Yeas 61  Nays 37

Speaker of the House of Representatives
Passed by the Senate March 29, 2021
  Yeas 33  Nays 16

President of the Senate
CERTIFICATE
I, Bernard Dean, Chief Clerk of the House of Representatives of the State of Washington, do hereby certify that the attached is ENGROSSED SUBSTITUTE HOUSE BILL 1068 as passed by the House of Representatives and the Senate on the dates hereon set forth.

Chief Clerk
Chief Clerk
Approved
FILED
Secretary of State
State of Washington

ENGROSSED SUBSTITUTE HOUSE BILL 1068

Passed Legislature - 2021 Regular Session
State of Washington
67th Legislature
2021 Regular Session
ByHouse State Government & Tribal Relations (originally sponsored by Representatives Dolan, Valdez, Kloba, Gregerson, and Wylie)
READ FIRST TIME 01/25/21.
AN ACT Relating to exempting election security information from public records disclosure; amending RCW 42.56.420; creating a new section; and declaring an emergency.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:
Sec. 1. RCW 42.56.420 and 2017 c 149 s 1 are each amended to read as follows:
The following information relating to security is exempt from disclosure under this chapter:
(1) Those portions of records assembled, prepared, or maintained to prevent, mitigate, or respond to criminal terrorist acts, which are acts that significantly disrupt the conduct of government or of the general civilian population of the state or the United States and that manifest an extreme indifference to human life, the public disclosure of which would have a substantial likelihood of threatening public safety, consisting of:
(a) Specific and unique vulnerability assessments or specific and unique response or deployment plans, including compiled underlying data collected in preparation of or essential to the assessments, or to the response or deployment plans; and
(b) Records not subject to public disclosure under federal law that are shared by federal or international agencies, and information prepared from national security briefings provided to state or local government officials related to domestic preparedness for acts of terrorism;
(2) Those portions of records containing specific and unique vulnerability assessments or specific and unique emergency and escape response plans at a city, county, or state adult or juvenile correctional facility, or secure facility for persons civilly confined under chapter 71.09 RCW, the public disclosure of which would have a substantial likelihood of threatening the security of a city, county, or state adult or juvenile correctional facility, secure facility for persons civilly confined under chapter 71.09 RCW, or any individual's safety;
(3) Information compiled by school districts or schools in the development of their comprehensive safe school plans under RCW 28A.320.125, to the extent that they identify specific vulnerabilities of school districts and each individual school;
(4) Information regarding the public and private infrastructure and security of computer and telecommunications networks, consisting of security passwords, security access codes and programs, access codes for secure software applications, security and service recovery plans, security risk assessments, and security test results to the extent that they identify specific system vulnerabilities, and other such information the release of which may increase risk to the confidentiality, integrity, or availability of security, information technology infrastructure, or assets;
(5) The system security and emergency preparedness plan required under RCW 35.21.228, 35A.21.300, 36.01.210, 36.57.120, 36.57A.170, and 81.112.180; ((and))
(6) Personally identifiable information of employees, and other security information, of a private cloud service provider that has entered into a criminal justice information services agreement as contemplated by the United States department of justice criminal justice information services security policy, as authorized by 28 C.F.R. Part 20; and
(7) In addition to the information in subsection (4) of this section, the following related to election security:
(a)(i) The continuity of operations plan for election operations and any security audits, security risk assessments, or security test results, relating to physical security or cybersecurity of election operations or infrastructure. These records are exempt from disclosure in their entirety; and
(ii) Those portions of records containing information about election infrastructure, election security, or potential threats to election security, the public disclosure of which may increase risk to the integrity of election operations or infrastructure.
(b) The exemptions specified in (a) of this subsection do not include information or records pertaining to security breaches, except as prohibited from disclosure pursuant to RCW 29A.12.200.
(c) The exemptions specified in (a) of this subsection do not prohibit an audit authorized or required under Title 29A RCW from being conducted.
NEW SECTION.  Sec. 2. The exemptions in this act apply to any public records requests made prior to the effective date of this section for which the disclosure of records has not already occurred.
NEW SECTION.  Sec. 3. This act is necessary for the immediate preservation of the public peace, health, or safety, or support of the state government and its existing public institutions, and takes effect immediately.
--- END ---