L. Homeland security and anti-terrorism measures
The Homeland Security and Emergency Management Subcommittee was established as a subcommittee of the Joint Armed Services Committee—which is a permanent interim committee of the legislature—to review confidential activities, plans, reports, recommendations and other materials of the Alaska division of homeland security and emergency management established in AS 26.20.025, or of other agencies or persons, relating to matters concerning homeland security and civil defense, emergencies or disasters in the state or to the state's preparedness for or ability to mount a prompt response to matters concerning homeland security and civil defense, emergencies or disasters. AS 24.20.680. Pursuant to section .680, the President of the Senate and the Speaker of the House of Representatives could condition service on the subcommittee by members upon the execution of appropriate confidentiality agreements by the members or by persons assisting those members. Information and documents received by members serving on the subcommittee or persons assisting members under a confidentiality agreement as described in this subsection were not public records and were not subject to public disclosure under the public records act. AS 24.20.680(d). AS 24.20.680 was repealed in 2009. Sec. 23-24, ch. 179 SLA 2004. The adjutant general of the Department of Military and Veterans Affairs was charged with proposing any appropriate legislation relating to this provision; it appears that sec. .680 has not been reinstated.
Note also that a new category of records has been added to exempt from disclosure under the public records act records or information pertaining to a plan, program or procedures for establishing, maintaining or restoring security in the state, or to a detailed description or evaluation of systems, facilities or infrastructure in the state, but only to the extent that the production of the records or information (A) could reasonably be expected to interfere with the implementation or enforcement of the security plan, program or procedures; (B) would disclose confidential guidelines for investigations or enforcement and the disclosure could reasonably be expected to risk circumvention of the law; or (C) could reasonably be expected to endanger the life or physical safety of an individual or to present a real and substantial risk to the public health and welfare. AS 40.25.120(a)(10).
Under Section 6254(aa), an agency may withhold "[a] document prepared by or for a state or local agency that assesses its vulnerability to terrorist attack or other criminal acts intended to disrupt the public agency's operations and that is for distribution or consideration in a closed session. Cal. Gov't Code § 6254(aa). Under Section 6254(ab), critical infrastructure information that is voluntarily submitted to the Office of Emergency Services for used by that office is exempt. No reported cases have discussed these exemptions. But see County of Santa Clara v. Superior Court, 170 Cal. App. 4th 1301, 1316, 89 Cal. Rptr. 3d 374 (2009) (rejecting county’s argument that GIS basemap data was exempt under federal Critical Infrastructure Information Act, since information was provided by County not to it, as required under Act).
Records of the expenditure of public moneys on security arrangements or investigations, including contracts for security arrangements and records related to the procurement of, budgeting for, or expenditures on security systems, shall be open for inspection, except to the extent that they contain specialized details of security arrangements or investigations. A custodian may deny the right of inspection of only the portions of a record that contain specialized details of security arrangements or investigations and shall allow inspection of the remaining portions of the record.
A custodian may deny access to specialized details of either security arrangements or investigations or the physical and cyber assets of critical infrastructure, including the specific engineering, vulnerability, detailed design information, protective measures, emergency response plans, or system operational data of such assets that would be useful to a person in planning an attack on critical infrastructure but does not simply provide the general location of such infrastructure.
If an official custodian has custody of a public record provided by another public entity, including the state or a political subdivision, that contains specialized details of security arrangements or investigations, the official custodian shall refer a request to inspect that public record to the official custodian of the public entity that provided the record and shall disclose to the person making the request the names of the public entity and its official custodian to which the request is referred.
Colo. Rev. Stat § 24-72-204-(2)(a)(VIII)
In 2002, FOIA was amended to include an exemption for "[r]ecords when there are reasonable grounds to believe disclosure may result in a safety risk." Conn. Gen. Stat. §1-210(b)(19). The amended section addresses security concerns regarding disclosure of sensitive documents including engineering drawings, operational specifications, security training manuals, and emergency plans of government-owned or leased institutions or facilities and vulnerability assessments and risk management plans of water companies. No court has yet discussed the application of the amended exemption in the context of homeland security. See also Records Outline, II.A.2.s.
The disclosure of intelligence files that would endanger state, local and national welfare and security are exempted. 29 Del. C. § 10002(g)(5). Likewise, Delaware's FOIA has been amended to include an exemption for certain enumerated records that would jeopardize security. 29 Del. C. § 10002(g)(17).
District of Columbia
The D.C. Act exempts specific response plans for public emergency preparedness and prevention and specific vulnerability assessments that are intended to prevent or to mitigate an act of terrorism. D.C. Code Ann. § 2-534(a)(10). The D.C. Act also exempts information exempted by federal law because of national defense or foreign policy concerns. D.C. Code Ann. § 2-534(a)(7).
The Act exempts records, the disclosure of which would compromise security against sabotage or criminal or terrorist acts and the non-disclosure of which is necessary for the protection of life, safety, or public property. O.C.G.A. § 50-18-72(a)(25). This exemption is specifically limited to security plans and vulnerability assessment for certain structures; plans for protection against terrorist or other attacks, the effectiveness of which depends in part on a lack of general public knowledge of the details; documents related to the existence, nature, location, or function of security devices; any plan or other material which, if made public, could compromise security against sabotage, criminal, or terroristic acts; as well as training records. Id. In the event of a challenge to official nondisclosure of records under this exemption, the court may review the documents in question in camera and condition any disclosure upon such measures as the court finds necessary to protect against the endangerment of life, safety, or public property. Id.
The UIPA does not address this topic. However, the OIP has held that information about a telecommunication network’s “structure or design” could be withheld if its “disclosure could reasonably be expected to cause damage to public security by increasing the network’s vulnerability.” OIP Op. Ltr. No. F17-02 (Dec. 8, 2016).
In 2003, the General Assembly amended Indiana Code Section 5-14-3-4(b)(19) to include an additional discretionary exemption for information “which would have a reasonable likelihood of threatening public safety by exposing a vulnerability to terrorist attack.” See Ind. P.L. 173-2003 § 17. This section authorizes public agencies, at their discretion, to bar public disclosure of the following:
(A) a record assembled, prepared or maintained to prevent, mitigate, or respond to an act of terrorism or an act of agricultural terrorism;
(B) vulnerability assessments;
(C) risk planning documents;
(D) needs assessments;
(E) threat assessments;
(F) intelligence assessments;
(G) domestic preparedness strategies;
(H) the location of community drinking water wells and surface water intakes;
(I) the emergency contact information of emergency responders and volunteers;
(J) infrastructure records that disclose the configuration of critical systems such as communication, electrical, ventilation, water and wastewater systems;
(K) detailed drawings or specifications of structural elements, floor plans, and operating, utility, or security systems of any building or facility located on an airport that is owned, occupied, leased, or maintained by a public agency;
(L) the home address, home telephone number, and emergency contact information for certain emergency responders and public safety officers.
Shortly after adopting the above exemption for materials whose disclosure would threaten public safety, the General Assembly added statutory guidelines that agencies must follow when using the Section 5-14-3-4(b)(19) exception to deny requests for records. The statute authorizes the agency to consult with the counterterrorism and security council, established under Indiana Code Section 10-19-8-1, prior to the denial. Ind. Code § 5-14-3-4.4(b). It further provides that, if the agency does deny the request under Section 5-14-3-4(b)(19), either the agency or the counterterrorism and security council must provide a general description of the record being withheld and of how disclosure of the record would have a reasonable likelihood of threatening the public safety. Id.
In 2002, the Legislature added what is now Iowa Code § 22.7(45), which provides:
The critical asset protection plan or any part of the plan prepared pursuant to section 29C.8 and any information held by the homeland security and emergency management division that was supplied to the division by a public or private agency or organization and used in the development of the critical asset protection plan to include, but not be limited to, surveys, lists, maps, or photographs. However, the administrator shall make the list of assets available for examination by any person. A person wishing to examine the list of assets shall make a written request to the administrator on a form approved by the administrator. The list of assets may be viewed at the division's offices during normal working hours. The list of assets shall not be copied in any manner. Communications and asset information not required by law, rule, or procedure that are provided to the administrator by persons outside of government and for which the administrator has signed a nondisclosure agreement are exempt from public disclosures. The homeland security and emergency management division may provide all or part of the critical asset plan to federal, state, or local governmental agencies which have emergency planning or response functions if the administrator is satisfied that the need to know and intended use are reasonable. An agency receiving critical asset protection plan information from the division shall not redisseminate the information without prior approval of the administrator.
More recently, the Legislature added § 22.7(11), which details procedures for the protection of government employees.
Public agencies are not required to disclose records if the disclosure of such records “would pose a substantial likelihood of revealing security measures that protect: (A) Systems, facilities or equipment used in the production, transmission or distribution of energy, water or communications services; (B) transportation and sewer or wastewater treatment systems, facilities or equipment; or (C) private property or persons, if the records are submitted to the agency.” K.S.A. 45-221(a)(45).
The Attorney General has found that records relating to security measures taken for protection of a high United States Government official are not covered by Open Records Act, pursuant to Ky. Rev. Stat. 61.878(1)(m), which exempts records regarding antiterrorism protective measures and plans; and security and response needs assessment. 05-ORD-119, upheld by Associated Press v. Governor Ernie Fletcher, Franklin Circuit Court No. 05-CI-00959 (December 5, 2005).
Certain records deemed to have a "reasonable likelihood of threatening the public safety by exposing a vulnerability in preventing, protecting against, mitigating or responding to a terroristic act" are exempt from the Open Records Act. Ky. Rev. Stat. 61.878(1)(m). The records are limited to:
a. Criticality lists resulting from consequence assessments
b. Vulnerability assessments;
c. Antiterrorism protective measures and plans;
d. Counterterrorism measures and plans;
e. Security and response needs assessments;
f. Infrastructure records that expose a vulnerability referred to in this subparagraph through the disclosure of the location, configuration, or security of critical systems, including public utility critical systems. These critical systems shall include but not be limited to information technology, communication, electrical, fire suppression, ventilation, water, wastewater, sewage, and gas systems;
g. The following records when their disclosure will expose a vulnerability referred to in this subparagraph: detailed drawings, schematics, maps, or specifications of structural elements, floor plans, and operating, utility, or security systems of any building or facility owned, occupied, leased, or maintained by a public agency; and
h. Records when their disclosure will expose a vulnerability referred to in this subparagraph and that describe the exact physical location of hazardous chemical, radiological, or biological materials.
During the 2003 session, the Louisiana Legislature amended the Public Records Act to add several exceptions related to security: La. Rev. Stat. Ann. § 44:3.1 (exempting material containing security procedures, criminal intelligence information pertaining to terrorist-related activity, threat or vulnerability assessments created, collected or obtained in the prevention of terrorist-related activity); La. Rev. Stat. Ann. § 44:4.1(15.1) (exempting measures to detect and track public health emergencies); La. Rev. Stat. Ann. § 44:4.1(19) (exempting port security and safety plans).
The Act contains two categories of "homeland security" related records exempt from public disclosure:
(1) Security plans, security procedures or risk assessments prepared specifically for the purpose of preventing or preparing for acts of terrorism, but only to the extent that release of information contained in the record could reasonably be expected to jeopardize the physical safety of government personnel or the public; and
(2) Records or information describing the architecture, design, access authentication, encryption or security of information technology infrastructure and systems.
1 M.R.S.A. § 402(3)(L), (M). A separate exemption provides overlapping confidentiality for the Secretary of State's information technology system plans and security information 29-A M.R.S.A. § 257.
Although not enacted as a homeland security measure, Maine law provides for confidentiality for law enforcement's "intelligence and investigative" information. 16 M.R.S.A. §§ 801-809. Reports or records that contain intelligence and investigative information "prepared by, prepared at the direction of or kept in the custody" that would "[i]nterfere with law enforcement proceedings" or disclose "investigative techniques and procedures or security plans and procedures not generally known by the general public" are exempt from disclosure. 16 M.R.S.A. § 804(7).
The custodian may deny inspection of response procedures or plans prepared to prevent or respond to emergency situations, the disclosure of which would reveal, inter alia, vulnerability assessments, specific tactics, emergency or security procedures. § 4-352(a). Disclosure may be denied pursuant to § 4-352(a) only to the extent that the inspection would jeopardize the security of any building, structure or facility, facilitate the planning of a terrorist attack, or endanger the life or physical safety of an individual. § 4-352(b). Police Patrol Security Systems Inc. v. Prince George's County, 378 Md. 702, 719 838 A.2d 1191, 1201 (2003). This subsection does not apply to buildings, structures, or facilities owned by the State or any political subdivision; to any building, structure, or facility subject to a catastrophic event like a fire, explosion or natural disaster; or to an inspection or issuance of a citation concerning a building, structure, or facility by an agency of the State or any political subdivision. § 4-352(c).
In the wake of September 11, 2001, the legislature amended the FOIA to address certain concerns regarding homeland security. A public body may exempt from disclosure "[r]ecords or information of measures designed to protect the security or safety of persons or property, whether public or private, including, but not limited to, building, public works, and public water supply designs to the extent that those designs relate to the ongoing security measures of a public body, capabilities and plans for responding to a violation of the Michigan anti-terrorism act . . . emergency response plans, risk planning documents, threat assessments, and domestic preparedness strategies." Mich. Comp. Laws Ann. § 15.243(1)(y).
However, an exception exists that requires an examination of the disclosure's effect. If the disclosure of the information "would not impair a public body's ability to protect the security or safety of persons or property," such information is not exempt from the FOIA's disclosure requirements. Id. Likewise, the information is not exempt from disclosure if "the public interest in disclosure outweighs the public interest in nondisclosure in the particular instance." Id.
The recent amendment of an existing exception to the Act, Neb. Rev. Stat. sec. 84-712.05(8), which has been in existence for many years, now allows the withholding of:
Information solely pertaining to protection of the security of public property and persons on or within public property, such as specific, unique vulnerability assessments or specific, unique response plans, either of which is intended to prevent or mitigate criminal acts the public disclosure of which would create a substantial likelihood of endangering public safety or property; computer or communications network schema, passwords, and user identification names; guard schedules; lock combinations; or public utility infrastructure specifications or design drawings the public disclosure of which would create a substantial likelihood of endangering public safety or property, unless otherwise provided by state or federal law.
NRS Chapter 239 et. seq. deals with Homeland Security measures. The Nevada Homeland Security Commission is charged with proposing goals and programs to prevent terrorism.
NRS 239C.220 allows a “reporter or editorial employee who is employed by or affiliated with a newspaper, press association or commercially operated and federally licensed radio or television station and who uses the restricted document in the course of such employment or affiliation” to copy a restricted document.
N.J.S.A. 47:1A-1.1 exempts from access:
“emergency or security information or procedures for any buildings or facility which, if disclosed, would jeopardize security of the building or facility or persons therein;” and “security measures and surveillance techniques which, if disclosed, would create a risk to the safety of persons, property, electronic data or software.”
See also, Gilleran v. Township of Bloomfield 227 N.J. 159 (2016) - Supreme Court of New Jersey determined that security camera footage of municipal parking lot was exempt from access under OPRA due to the two security exemptions in OPRA.
In 2002, the General Assembly added the following language to the Public Records Law under the heading "Sensitive Public Security Information":
(a) Public records as defined in G.S. 132-1 shall not include information containing specific details of public security plans and arrangements or the detailed plans and drawings of public buildings and infrastructure facilities.
(b) Public records as defined in G.S. 132-1 do not include plans to prevent or respond to terrorist activity, to the extent such records set forth vulnerability and risk assessments, potential targets, specific tactics, or specific security or emergency procedures, the disclosure of which would jeopardize the safety of governmental personnel or the general public or the security of any governmental facility, building, structure, or information storage system.
(c) Information relating to the general adoption of public security plans and arrangements, and budgetary information concerning the authorization or expenditure of public funds to implement public security plans and arrangements, or for the construction, renovation, or repair of public buildings and infrastructure facilities shall be public records.
Any plans and only those portions of the records, information, surveys, communications, and consultations used to produce the plans relating to the protection of the public or public officials against threats of violence or other harm are exempt. N.D.C.C. § 44-04-25.
Additionally, N.D.C.C. § 44-04-24 provides:
1. A security system plan kept by a public entity is exempt from the provisions of section 44-04-18 and section 6 of article XI of the Constitution of North Dakota.
2. As used in this section:
a. “Critical infrastructure” means public buildings, systems, including telecommunications centers and computers, power generation plants, dams, bridges, and similar key resources, whether physical or virtual, so vital to the state that the incapacity or destruction of these systems would have a debilitating impact on security, state economic security, state public health or safety, or any combination of those matters.
b. “Security system plan” includes all records, information, photographs, audio and visual presentations, schematic diagrams, surveys, recommendations, communications, or consultations or portions of any such plan relating directly to the physical or electronic security of a public facility, or any critical infrastructure, whether owned by or leased to the state or any of its political subdivisions, or any privately owned or leased critical infrastructure if the plan or a portion of the plan is in the possession of a public entity; threat assessments; vulnerability and capability assessments conducted by a public entity, or any private entity; threat response plans; and emergency evacuation plans.
3. This exemption applies to security system plans received by a public entity before, on, or after March 20, 2003.
4. Nothing in this section may be construed to limit disclosure required for necessary construction, renovation, or remodeling work on a public building. Disclosure under this subsection does not constitute public disclosure.
N.D.C.C. § 44-04-24.
Security and infrastructure records are not public records. Ohio Rev. Code § 149.433(B). An "infrastructure record" is defined as any record that discloses the configuration of a critical system; including communication, computer, electrical, mechanical, ventilation, water, and plumbing systems; security codes; or the infrastructure or structural configuration of a public building. Ohio Rev. Code § 149.433(A)(2). However, simple floor plans showing spatial arrangements of a building are not considered "infrastructure records." Ohio Rev. Code § 149.433(A)(2).
The Governor's Security and Preparedness Executive Panel, created pursuant to an Executive Order, is not subject to the Act because the panel is not a public body under the Act and documents created by the panel are therefore not public records. However, materials coming into the possession of any public official sitting on the panel may be a record under the Act. 2002 OK AG 5. Any state environmental agency or public utility shall keep confidential vulnerability assessments of critical assets in both water and wastewater systems. 51 O.S. § 24A.27. Information relating to the investigation, deterrence, prevention or protection from an act or threat of terrorism shall be confidential as well as informational technology related to some. 51 O.S. § 24A.28. Also, records received, maintained or generated by the Oklahoma Office of Homeland Security which include confidential information and records received by the Oklahoma Office of Homeland Security from the United States Department of Homeland Security are confidential. Id. . In 2013, the Legislature added to the exclusion records received, maintained and generated by the Department of Environmental Quality that contained information regarding sources of radiation in quantities deemed significant to public health and safety. 51 O.S. § 24A.28.A.9
Information concerning safeguards and off-site consequence analyses the release of which "could increase the risk of acts of terrorism" may be withheld subject to regulations that provide for access to state, federal and local authorities and disclosure to persons living or working within a "vulnerable zone." S.C. Code Ann. § 30-4-45.
In 2002 the General Assembly amended the Act to address Homeland Security issues. T.C.A. § 10-7-504(a)(21). Generally, plans of a governmental entity for response to violence or terrorist activities are confidential, as are records exposing a structural or operational vulnerability of a utility service provider. See also T.C.A. § 10-7-503(e) (concerning terrorists incidents and weapons of mass destruction).
Section 552.101 of the Government Code exempts from disclosure “information considered to be confidential by law, either constitutional, statutory, or by judicial decision.” Tex. Att’y Gen. OR2011-05009 (2011). This section encompasses information protected by other statutes including the Texas Homeland Security Act. Id.
The Texas Homeland Security Act added Sections 418.176 through 418.182 to chapter 418 of the Government Code. These provisions make certain information related to terrorism confidential. However, the fact that information may relate to a governmental body’s security measures does not make the information per se confidential. Tex. Att’y Gen. OR2011-05009 (2011); see Tex. Att’y Gen. ORD-649 (1996) (ruling that language of confidentiality provision controls scope of its protection). Furthermore, the mere recitation of the statute’s key terms is not sufficient to demonstrate the applicability of the claimed provision. Id. As with any exception to disclosure, a claim must be accompanied by an adequate explanation of how the responsive records fall within the scope of the claimed provision. Id. (citing Tex. Gov’t Code § 552.301(e)(1)(A) (stating that a governmental body must explain how claimed exception to disclosure applies)).
Under Section 418.181, documents or portions of documents in the possession of a governmental entity are confidential if they identify the technical details of particular vulnerabilities of critical infrastructure to an act of terrorism.
Under Section 418.176, information is confidential if the information is collected, assembled, or maintained by or for a governmental entity for the purpose of preventing, detecting, responding to, or investigating an act of terrorism or related criminal activity and (1) relates to the staffing requirements of an emergency response provider; (2) relates to a tactical plan of the provider; or (3) consists of a list or compilation of pager or telephone numbers, including mobile and cellular telephone numbers, of the provider. Nurses licensed by the Texas Board of Nursing are not included within the meaning of “emergency response provider” and, therefore, the business facsimile numbers of nurses collected and maintained by the Board are not excepted from disclosure pursuant to Section 552.101 of the Act in conjunction with Section 418.176(a). Abbott, 2010 WL 392335, at *6.
Under Section 418.177, information is confidential if it (1) is collected, assembled, or maintained by or for a governmental entity for the purpose of preventing, detecting, or investigating an act of terrorism or related criminal activity; and (2) relates to an assessment by or for a governmental entity, or an assessment that is maintained by a governmental entity, of the risk or vulnerability of persons or property, including critical infrastructure, to an act of terrorism or related criminal activity.
Under Section 418.178, information is confidential if it is information collected, assembled, or maintained by or for a governmental entity and (1) is more than likely to assist in the construction or assembly of an explosive weapon or a chemical, biological, radiological, or nuclear weapon of mass destruction; or (2) indicates the specific location of (A) a chemical, biological agent, toxin, or radioactive material that is more than likely to be used in the construction or assembly of such a weapon; or (B) unpublished information relating to a potential vaccine or to a device that detects biological agents or toxins.
Under Section 418.179, information is confidential if the information (1) is collected, assembled, or maintained by or for a governmental entity for the purpose of preventing, detecting, or investigating an act of terrorism or related criminal activity; and (2) relates to the details of the encryption codes or security keys for a public communications system. Section 418.179 does not prohibit a governmental entity from making available, at cost, to bona fide local news media, for the purpose of monitoring emergency communications of public interest, the communications terminals used in the entity’s trunked communications system that have encryption codes installed.
Under Section 418.180, information, other than financial information, in the possession of a governmental entity is confidential if the information (1) is part of a report to an agency of the United States; (2) relates to an act of terrorism or related criminal activity; and (3) is specifically required to be kept confidential (A) under Section 552.101 because of a federal statute or regulation; (B) to participate in a state-federal information sharing agreement; or (C) to obtain federal funding.
Under Section 418.182, information, including access codes and passwords, in the possession of a governmental entity that relates to the specifications, operating procedures, or location of a security system used to protect public or private property from an act of terrorism or related criminal activity is confidential. However, financial information in the possession of a governmental entity that relates to the expenditure of funds by a governmental entity for a security system is public information that is not exempt from required disclosure under Chapter 552.
Additionally under Section 418.182, information in the possession of a governmental entity that relates to the location of a security camera in a private office at a state agency, including an institution of higher education, as defined by Section 61.003 of the Education Code is public information and is not exempt from required disclosure under Chapter 552 unless the security camera (1) is located in an individual personal residence for which the state provides security; or (2) is in use for surveillance in an active criminal investigation. See Tex. Dep’t. of Pub. Safety v. Abbott, 310 S.W.3d 670, 678 (Tex. App.—Austin 2010, no pet.) (DVDs containing video images recorded by the Texas Capitol’s security system were confidential and excepted from disclosure).
Release of information relating to aviation security is governed by federal law. 49 U.S.C. §§ 114(a), (b)(1), 40119(b)(1); 49 C.F.R. §1520. The Attorney General has decided that requests for that kind of information should be directed to the Under Secretary of Transportation for Security who implements all regulations determining whether to disclose information sought pursuant to the federal Freedom of Information Act. See Tex. Att’y Gen. Op. No. OR 2004-3969 (2004). This includes personnel information of individuals working at airports or other facilities regulated by the United States Transportation Security Administration. Id.
In its 2002 General Session, the Utah Legislature passed House Bill 283, which enacted and amended GRAMA’s provisions. The amendments responded to the terrorist attacks of September 11, 2001, on the World Trade Center in New York City and the Pentagon in Washington, D.C. amid growing concerns regarding the inability of existing law to deal with terrorist-type crimes. GRAMA now excludes from its coverage records of a government entity or political subdivision regarding security measures designed for the protection of persons or property, public or private, including security plans, security codes and combinations, passes and keys, security procedures, and building and public works designs, to the extent that the records relate to a public entity’s ongoing security measures. See Utah Code § 63G-2-106. In addition, information regarding food security, risk, and vulnerability assessments performed by the Department of Agriculture and Food is excluded from GRAMA’s scope. See id. § 63G-2-305(47).
No specific discussion in statute or case law, but such materials may fall under the exemptions for information which, if disclosed, would compromise the safety of people or the security of public property, see 1 V.S.A. §§ 317(c)(25), (32), or the exemption for records dealing with the detection and investigation of a crime. Id. at (c)(5).
Virginia Code § 2.2-3705.2 generally addresses excluded records relating to public safety. The key provision relating to vulnerability assessments, infrastructure protection and surveillance is Va. Code Ann. § 2.2-3705.2.14.
The Governor or agencies acting on his behalf may receive information, voluntarily submitted from both public and nonpublic entities, related to the protection of the nation's critical infrastructure sectors and components that are located in Virginia or affect the health, safety, and welfare of the citizens of Virginia. Information submitted by any public or nonpublic entity in accordance with the procedures set forth in § 2.2-3705.2.14 shall not be disclosed unless: (1) it is requested by law-enforcement authorities in furtherance of an official investigation or the prosecution of a criminal act; (2) the agency holding the record is served with a proper judicial order; or (3) the agency holding the record has obtained the written consent to release the information from the entity voluntarily submitting it. Va. Code Ann. § 44-146.22.B.
Virginia Code § 44-146.18.B.3 limits disclosure of assessments and preparedness plans to prevent, respond to, and recover from all disasters including acts of terrorism.
Portions of records assembled, prepared or maintained to prevent or respond to criminal terrorist acts and specific and unique vulnerability assessments are exempt from disclosure. RCW 42.56.420(1). Also, records obtained as a result of national security briefings with state and local government are not subject to disclosure where they are not subject to disclosure under federal law. Id. See Northwest Gas Ass'n v. Washington Utilities and Transp. Comm., 141 Wn. App. 98, 168 P.3d 443 (2007). Other information regarding security jails, schools, communications networks, and transportation system may be exempt. RCW 42.56.420(2)-(6).
In 2003 the West Virginia Legislature amended FOIA by adding eight new exemptions related to homeland security and anti-terrorism planning. See, W. Va. Code § 29B-1-4(9) - (16). No judicial decisions have been reported which have involved any of the new exemptions.
West Virginia Code section 29B-1-4 was further amended to add subsections (b) and (c), which provide that the term "terrorist act", as used in the new exemptions to the section, "means an act that is likely to result in serious bodily injury or damage to property or the environment and is intended to: (1) intimidate or coerce the civilian population; (2) influence the policy of a branch or level of government by intimidation or coercion; (3) affect the conduct of a branch or level of government by intimidation or coercion; or (4) Retaliate against a branch or level of government for a policy or conduct of the government. W. Va. Code § 29B-1-4 (b).
West Virginia Code section 29B-1-4 (c) indicates that nothing in the eight anti-terrorism exemptions (subdivisions (9) through (16) ) of subsection (a) "should be construed to make subject to the provisions of this chapter any evidence of an immediate threat to public health or safety unrelated to a terrorist act or the threat thereof which comes to the attention of a public entity in the course of conducting a vulnerability assessment response or similar activity." W. Va. Code § 29B-1-4(c). The precise meaning of this provision has not been the subject of judicial interpretation.
Under the Aboveground Storage Tank Act, the public has “access to all documents and information submitted to the department pursuant to this article, subject to the limitations contained in the state Freedom of Information Act . . . or any information designated by the Division of Homeland Security and Emergency Management as restricted from public release.” W. Va. Code § 22-30-14(a). “Trade secrets, proprietary business information and information designated by the Division of Homeland Security and Emergency Management as restricted from public release shall be secured and safeguarded by the department” and “shall not be disclosed to the public or to any firm, individual or agency other than officials or authorized employees or representatives of a state or federal agency implementing the provisions of this article or any other applicable law related to releases of fluid from aboveground storage tanks that impact the state's water resources.” Id. Disclosure of such information is subject to criminal penalties. Id.
The Aboveground Storage Tank Act has other confidentiality provisions. For example, the “list of the potential sources of significant contamination contained within the zone of critical concern or zone of peripheral concern as provided by the Bureau for Public Health, working in conjunction with the department and the Division of Homeland Security and Emergency Management may only be disclosed to the extent consistent with the protection of trade secrets, confidential business information and information designated by the Division of Homeland Security and Emergency Management. . . .” W. Va. Code § 22-30-14(b). In addition, “[t]he exact location of the contaminants within the zone of critical concern or zone of peripheral concern is not subject to public disclosure in response to a Freedom of Information Act request. . . .” Id. “However, the location, characteristics and approximate quantities of potential sources of significant contamination within the zone of critical concern or zone of peripheral concern shall be made known to one or more designees of the public water utility, and shall be maintained in a confidential manner by the public water utility.” Id.
The Act contains exemptions designed to avoid providing information that might assist an attack by terrorists. Wyo. Stat. § 16-4-203(b)(vi). A custodian may withhold information that is covered by specific categories set forth in the Act if inspection "would jeopardize" the security of any government structure, facilitate the planning of a terrorist attack or endanger the life or physical safety of an individual. The record categories covered are vulnerability assessments, security and surveillance systems and procedures, certain building plans, evacuation plans and records prepared to prevent or respond to terrorist attacks.