Bill S6058-2009

Expands protection of technology assets used to maintain public information

Expands protection of technology assets used to maintain public information.

Details

Actions

  • May 4, 2010: SUBSTITUTED BY A8531A
  • May 3, 2010: ADVANCED TO THIRD READING
  • Apr 28, 2010: 2ND REPORT CAL.
  • Apr 27, 2010: 1ST REPORT CAL.451
  • Jan 6, 2010: REFERRED TO INVESTIGATIONS AND GOVERNMENT OPERATIONS
  • Jun 23, 2009: REFERRED TO RULES

Votes

VOTE: COMMITTEE VOTE: - Investigations and Government Operations - Apr 27, 2010
Ayes (8): Johnson C, Stachowski, Diaz, Klein, Espada, Winner, Golden, Nozzolio

Memo

 BILL NUMBER:  S6058

TITLE OF BILL : An act to amend the public officers law, in relation to requests for certain records under the freedom of information law

PURPOSE : This bill broadens the exemption from public inspection and copying of any information, regardless of the source, where the exposure of that information would jeopardize an entity's capacity to guarantee the security of its information technology assets.

SUMMARY OF PROVISIONS : Section 1 of the bill amends Public Officers Law (POL) §87(2)(i) to broaden the existing exemption for records that would jeopardize the capacity of an agency to guarantee the security of its information technology assets to encompass records with, if disclosed, would jeopardize the capacity of any entity to protect its information technology assets.

Section 2 of the bill establishes an immediate effective date.

EXISTING LAW : Currently the Public Officers Law exempts from public disclosure records which "if disclosed, would jeopardize an agency's capacity to guarantee the security of its information technology assets, including its electronic information systems and infrastructures." This existing exemption is, by its terms, limited to information relating to the security of those New York State entities with the definition of "agency" (see POL §86(3)).

JUSTIFICATION : The New York State office of Cyber Security and Critical infrastructure Coordination (CSCIC) is responsible for leading and coordinating New York State's efforts regarding cyber readiness, geographic information systems (GIS), and critical infrastructure preparedness. Two key initiatives undertaken by CSCIC, in collaboration with the office of Homeland security, include the Public/Private Sector Cyber Security Workgroup, which serves to facilitate information sharing between the public and private sectors, and the Multi-State information Sharing and Analysis Center, which focuses on facilitating communication among states regarding cyber and/or critical infrastructure readiness and response efforts.

CSCIC's experience with these initiatives over the past six years has proven the value of the collective view that is created by enhanced information sharing. Having access to information from a wide variety of public and private sources increases the potential that the State can identify and block cyber attacks before they occur.

As CSCIC has proceeded with these initiatives and participated with other public and private entities in a broad range of cyber security activities, the current language of POL §87(2)(i) has proven to be an impediment to the type of information sharing that is so critical to preparing for and responding to constantly evolving cyber threats. Entities that are not "agencies" for purpose of the Freedom of Information Law (FOIL), including other states, other public entities outside New York State, and private entities are often unwilling to share detailed information concerning their information technology assets and their cyber security activities because that information cannot be exempted from disclosure under FOIL.

This bill amends POL §87(2)(i) to permit an agency to deny access to records that would jeopardize the capacity of any entity to guarantee the security of its information technology assets. Affording agencies the ability to protect sensitive cyber security information received from non-agencies will serve to foster information sharing by those non-agencies, thereby enhancing the ability of agencies to identify and block potential attacks before they occur.

LEGISLATIVE HISTORY : This is a new bill.

FISCAL IMPLICATIONS : None.

LOCAL FISCAL IMPLICATIONS : None.

EFFECTIVE DATE : Immediately.

Text

STATE OF NEW YORK ________________________________________________________________________ 6058 2009-2010 Regular Sessions IN SENATE June 23, 2009 ___________
Introduced by Sen. ADAMS -- (at request of the Office of Cyber Security and Critical Infrastructure Coordination) -- read twice and ordered printed, and when printed to be committed to the Committee on Rules AN ACT to amend the public officers law, in relation to requests for certain records under the freedom of information law THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. Paragraph (i) of subdivision 2 of section 87 of the public officers law, as added by chapter 368 of the laws of 2001, is amended to read as follows: (i) if disclosed, would jeopardize [an agency's] THE capacity OF AN AGENCY OR AN ENTITY THAT HAS SHARED INFORMATION WITH AN AGENCY to guar- antee the security of its information technology assets, such assets encompassing both electronic information systems and infrastructures; or S 2. This act shall take effect immediately.

Comments

Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.

By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Discuss!

blog comments powered by Disqus