Washington State
House of Representatives
Office of Program Research
State Government & Tribal Relations Committee
HB 1068
Brief Description: Exempting election security information from public records disclosure.
Sponsors: Representatives Dolan and Valdez.
Brief Summary of Bill
  • Exempts from disclosure under the Public Records Act (PRA) continuity of operations plans for election operations, security risk assessments, and other election security records.
  • Exempts from disclosure under the PRA portions of records that contain information related to election security, operations, and infrastructure.
Hearing Date: 1/14/21
Staff: Erik Olson (786-7296) and Desiree Omli (786-7105).

Public Records Act.
The Public Records Act (PRA) requires all state and local governmental entities to make all public records available to the public, unless a specific exemption applies or disclosure is prohibited.  Public records are records prepared or retained by a governmental entity that relate to the conduct of government or the performance of governmental or proprietary functions.  The PRA must be liberally construed; any exemptions to the disclosure requirement must be interpreted narrowly.  Exemptions are permissive, meaning that an agency, although not required to disclose, has the discretion to provide an exempt record.  With exceptions, the exemptions under the PRA are inapplicable to the extent that information, the disclosure of which would violate personal privacy or vital governmental interests, can be deleted from specific requested records.
There are a number of statutory exemptions for records or information contained in records, including those that involve security information.  These exemptions include records or information related to preventing or responding to terrorist attacks, vulnerability assessments and emergency response plans for correctional facilities, and safe school plans.  Additionally, information related to public and private infrastructure of computer and telecommunications networks, which include security passwords, access codes, security risk assessments, security test results to the extent that they identify specific system vulnerabilities, and other information the release of which may increase risk to the confidentiality, integrity, or availability of security, information technology infrastructure, are exempt from disclosure.


Continuity of Operations Plans - Elections.
The Washington Military Department, through the Adjutant General, must maintain a copy of the continuity of operations plan for election operations for each county that has a plan available as part of its emergency management duties.  Continuity of operations plans are developed to assist with continuing essential functions and services in response to emergencies and disasters.  Local, state, and federal entities, including the Department of Homeland Security, coordinate to address election infrastructure concerns including the security of voting systems, voter registration databases, and polling places.


Election Security.
The Secretary of State (Secretary) tests all voting systems or components of voting systems that are submitted for review.  A report of the Secretary’s examination is then sent to each county auditor.  Voting systems and components of a voting system are subject to passing an acceptance test and a vulnerability test.  Three days before each state primary or general election, the Secretary provides for the conduct of programming tests for each vote tallying system.  Prior to certification of the election, the county auditor conducts an audit of duplicated ballots and an audit using at least one of the four specified audit methods.  The Secretary must issue an annual report to certain individuals regarding instances of security breaches of election systems or election data.

Summary of Bill:

Two new election security exemptions to the Public Record Act’s disclosure requirements are created.  First, the following records are exempt in their entirety:

  • continuity of operations plans for election operations,
  • security audits,
  • security risk assessments, or
  • security test results that relate to physical security or cybersecurity of election operations or infrastructure.

Second, portions of records containing information about the following are exempt if the disclosure may increase risk to the integrity of election operations or infrastructure:

  • election infrastructure,
  • election security, or
  • potential threats to election security.


These exemptions will apply to any public records request made prior to the effective date for which disclosure has not yet occurred.

Appropriation: None.
Fiscal Note: Not requested.
Effective Date: The bill contains an emergency clause and takes effect immediately.