HOUSE BILL REPORT

ESSB 6356

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

As Reported by House Committee On:

State Government

Title: An act relating to disclosure of financial, commercial, and proprietary criminal background check information of employees of private cloud service providers.

Brief Description: Concerning disclosure of identifiable information and security information of certain employees of private cloud service providers.

Sponsors: Senate Committee on Government Operations & Security (originally sponsored by Senators Roach, Ranker, Takko, McCoy, Hobbs, Litzow, Fain, Hasegawa and Chase).

Brief History:

Committee Activity:

State Government: 2/23/16, 2/24/16 [DP].

Brief Summary of Engrossed Substitute Bill

  • Exempts from public disclosure the personally identifiable information of employees, and security information of a private cloud provider that has entered into a criminal justice information services agreement.

HOUSE COMMITTEE ON STATE GOVERNMENT

Majority Report: Do pass. Signed by 6 members: Representatives S. Hunt, Chair; Holy, Ranking Minority Member; Van Werven, Assistant Ranking Minority Member; Frame, Hawkins and Moscoso.

Staff: Sean Flynn (786-7124).

Background:

The Public Records Act (PRA) requires state and local agencies to make their written records available to the public for inspection and copying upon request, unless the information fits into one of the various specific exemptions in the PRA, or otherwise provided in law. The stated policy of the PRA favors disclosure and requires narrow application of the listed exemptions.

The PRA exempts certain sensitive information relating to financial, proprietary, and commercial interests provided by a business or other private interest. The exemption includes a business's unique proprietary data and trade secrets related to methods of conducting business or product and services data. Another category of exemptions pertain to security information, including records related to criminal terrorist acts, vulnerability assessments of correctional facilities, school safety plans, infrastructure and security of computer and telecommunication networks, and emergency preparedness plans.

–––––––––––––––––––––––––––––––––

Summary of Bill:

A public records disclosure exemption is created for personally identifiable information of employees, and security information of a private cloud provider that has entered into a criminal justice information services agreement as part of the United States Department of Criminal Justice information security policy.

–––––––––––––––––––––––––––––––––

Appropriation: None.

Fiscal Note: Not requested.

Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.

Staff Summary of Public Testimony:

(In support) This bill will address a serious cyber-security threat to cloud service providers that hold sensitive information for law enforcement and other government agencies. The personal information of the employees who work on such sensitive information is vulnerable to wide range of identity attacks that risk the security of the information stored with the cloud service provider. The bill also covers the security information of the cloud provider entity itself.

(Opposed) None.

Persons Testifying: Senator Roach, prime sponsor; Ryan Harkins, Microsoft; and Rowland Thompson, Allied Daily Newspapers of Washington.

Persons Signed In To Testify But Not Testifying: None.