HOUSE BILL REPORT

SHB 1417

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

As Passed Legislature

Title: An act relating to the harmonization of the open public meetings act with the public records act in relation to information technology security matters.

Brief Description: Concerning the harmonization of the open public meetings act with the public records act in relation to information technology security matters.

Sponsors: House Committee on State Govt, Elections & IT (originally sponsored by Representatives Hudgins and Smith).

Brief History:

Committee Activity:

State Government, Elections & Information Technology: 1/31/17, 2/1/17 [DPS].

Floor Activity:

Passed House: 2/28/17, 98-0.

Passed Senate: 4/10/17, 47-0.

Passed Legislature.

Brief Summary of Substitute Bill

  • Allows the governing body of a public agency to hold an executive session under the Open Public Meetings Act to consider matters of information technology system security and vulnerability.

HOUSE COMMITTEE ON STATE GOVERNMENT, ELECTIONS & INFORMATION TECHNOLOGY

Majority Report: The substitute bill be substituted therefor and the substitute bill do pass. Signed by 9 members: Representatives Hudgins, Chair; Dolan, Vice Chair; Koster, Ranking Minority Member; Volz, Assistant Ranking Minority Member; Appleton, Gregerson, Irwin, Kraft and Pellicciotti.

Staff: Sean Flynn (786-7124).

Background:

The Open Public Meetings Act (OPMA) requires public access to all meetings of the governing body of a state or local agency or subagency that involve the transaction of official business. Any law, rule, regulation, or directive must be adopted by a governing body at an open meeting.

A governing body may exclude the public to hold an executive session during a meeting for certain enumerated purposes. The presiding officer must announce the purpose of excluding the public from an executive session and the time when the executive session will conclude. One reason a governing body may convene an executive session is to consider matters of national security.

Certain related information regarding the security and vulnerability of public agency computer and telecommunication network infrastructure is exempt from public disclosure under the Public Records Act. Such information includes security passwords, service recovery plans, security tests and risk assessments, and other related information that could expose a risk to the security and technology infrastructure of an agency.

Summary of Substitute Bill:

The OPMA permits the governing body of a public agency to convene an executive session during a public meeting to discuss the same information regarding the security and vulnerability of agency computer and telecommunication network infrastructure that is exempted from public disclosure under the Public Record Act. The executive session remains subject to data security breach notifications, and is subject to when legal counsel is available.

Appropriation: None.

Fiscal Note: Available.

Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.

Staff Summary of Public Testimony:

(In support) This bill synchronizes the protection from disclosure of sensitive security information when discussed in the context of an agency public meeting.

(Opposed) None.

(Other) The public should know whether there is a data breach, without revealing sensitive information. There should be a cross-reference to the requirement that requires disclosure of data breach.

Persons Testifying: (In support) Representative Hudgins, prime sponsor.

(Other) Rowland Thompson, Allied Newspapers of Washington.

Persons Signed In To Testify But Not Testifying: None.