SENATE BILL REPORT

HB 1829

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

As Passed Senate, April 11, 2017

Title: An act relating to the exemption from public disclosure of information regarding public and private computer and telecommunications networks.

Brief Description: Concerning the exemption from public disclosure of information regarding public and private computer and telecommunications networks.

Sponsors: Representatives Hudgins, Johnson, Goodman, Klippert, Smith, Dolan, Haler, Koster, Volz, Kraft, Irwin, Stanford, Tarleton, Muri, Ormsby and McBride.

Brief History: Passed House: 3/02/17, 98-0.

Committee Activity: Energy, Environment & Telecommunications: 3/21/17, 3/28/17 [DP].

Floor Activity:

Passed Senate: 4/11/17, 49-0.

Brief Summary of Bill

Exempts information relating to public and private infrastructure and security of information technology networks from disclosure under the Public Records Act.

SENATE COMMITTEE ON ENERGY, ENVIRONMENT & TELECOMMUNICATIONS

Majority Report: Do pass.

Signed by Senators Ericksen, Chair; Sheldon, Vice Chair; Carlyle, Ranking Minority Member; Brown, Hobbs, Honeyford, Ranker, Short and Wellman.

Staff: Kimberly Cushing (786-7421)

Background: Public Records Act (PRA). The PRA, enacted in 1972 as part of Initiative 276, requires that all state and local governments make all public records available for public inspection and copying unless certain statutory exemptions apply. The provisions requiring disclosure of public records are interpreted liberally, while the exemptions from disclosure are narrowly construed, to effectuate a policy favoring disclosure.

Security Exemptions. Various types of security information are exempt from the PRA's disclosure requirements. These include the following:

records assembled, prepared, or maintained to prevent, mitigate, or respond to terrorist acts, such as vulnerability assessments and response plans;
specific vulnerability assessments and emergency and escape response plans for correctional facilities;
information in safe school plans;
information regarding the infrastructure and security of information technology networks, such as passwords, access codes, recovery plans, risk assessments, test results, and other information that, if released, would increase the risk to agency security; and
system security and emergency preparedness plans.

Summary of Bill: Additional Security Exemptions. Information related to both public and private infrastructure and security of computer and telecommunications networks are exempt from disclosure requirements under the PRA.

Appropriation: None.

Fiscal Note: Available.

Creates Committee/Commission/Task Force that includes Legislative members: No.

Effective Date: Ninety days after adjournment of session in which bill is passed.

Staff Summary of Public Testimony: PRO: This is an opportunity to leverage existing state resources in the military to work with the private sector to protect our critical infrastructure. Hackers can get into the electrical system and shut down the critical infrastructure that we rely on, such as dams and water systems. Cybersecurity professionals in the National Guard could be used to assess our critical infrastructure sector for vulnerabilities. The bill would strengthen and clarify the existing public disclosure exemption for public and private security networks. It makes sure information as a result of a test is not broadly shared. Without the bill, records produced from a risk assessment might not be protected. It envisions public or private utilities working with the military department.

Persons Testifying: PRO: Representative Zack Hudgins, Prime Sponsor; Colonel Ken Borchers, Deputy Commander, 252nd Cyber Operations Group, Washington Air National Guard; Dave Arbaugh, Snohomish PUD.

Persons Signed In To Testify But Not Testifying: No one.