FINAL BILL REPORT
ESSB 6356
This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent. |
C 153 L 16
Synopsis as Enacted
Brief Description: Concerning disclosure of identifiable information and security information of certain employees of private cloud service providers.
Sponsors: Senate Committee on Government Operations & Security (originally sponsored by Senators Roach, Ranker, Takko, McCoy, Hobbs, Litzow, Fain, Hasegawa and Chase).
Senate Committee on Government Operations & Security
House Committee on State Government
Background: The Public Records Act (PRA). The PRA, enacted in 1972 as part of Initiative 276, requires that state and local governments make all public records available for public inspection and copying unless certain statutory exemptions apply. The provisions requiring disclosure of public records are interpreted liberally, while the exemptions from disclosure are narrowly construed, to effectuate a policy favoring disclosure.
Security Exemptions. Various types of security information are exempt from the PRA's disclosure requirements. These include:
records assembled, prepared, or maintained to prevent, mitigate, or respond to terrorist acts, such as vulnerability assessments and response plans;
specific vulnerability assessments and emergency and escape response plans for correctional facilities;
information in safe school plans;
information regarding the infrastructure and security of information technology networks; and
system security and emergency preparedness plans.
Criminal Justice Information Systems (CJIS) Agreements. The CJIS division of the Federal Bureau of Investigation (FBI) serves as the focal point and central repository for criminal justice information systems in the FBI. A variety of functions have been consolidated under CJIS, including the National Crime Information Center, the National Instant Criminal Background Check System, and the Law Enforcement Enterprise Portal, which provides data to law enforcement and criminal justice entities.
Summary: The following information relating to a private cloud service provider that has entered into a CJIS agreement is exempt from public disclosure requirements:
personally identifiable information of employees; and
other security information of the cloud service provider.
Votes on Final Passage:
Senate | 47 | 1 | |
House | 97 | 0 |
Effective: | June 9, 2016 |