Expands protection of technology assets used to maintain public information.
BILL NUMBER: S6058
TITLE OF BILL : An act to amend the public officers law, in relation to requests for certain records under the freedom of information law
PURPOSE : This bill broadens the exemption from public inspection and copying of any information, regardless of the source, where the exposure of that information would jeopardize an entity's capacity to guarantee the security of its information technology assets.
SUMMARY OF PROVISIONS : Section 1 of the bill amends Public Officers Law (POL) §87(2)(i) to broaden the existing exemption for records that would jeopardize the capacity of an agency to guarantee the security of its information technology assets to encompass records with, if disclosed, would jeopardize the capacity of any entity to protect its information technology assets.
Section 2 of the bill establishes an immediate effective date.
EXISTING LAW : Currently the Public Officers Law exempts from public disclosure records which "if disclosed, would jeopardize an agency's capacity to guarantee the security of its information technology assets, including its electronic information systems and infrastructures." This existing exemption is, by its terms, limited to information relating to the security of those New York State entities with the definition of "agency" (see POL §86(3)).
JUSTIFICATION : The New York State office of Cyber Security and Critical infrastructure Coordination (CSCIC) is responsible for leading and coordinating New York State's efforts regarding cyber readiness, geographic information systems (GIS), and critical infrastructure preparedness. Two key initiatives undertaken by CSCIC, in collaboration with the office of Homeland security, include the Public/Private Sector Cyber Security Workgroup, which serves to facilitate information sharing between the public and private sectors, and the Multi-State information Sharing and Analysis Center, which focuses on facilitating communication among states regarding cyber and/or critical infrastructure readiness and response efforts.
CSCIC's experience with these initiatives over the past six years has proven the value of the collective view that is created by enhanced information sharing. Having access to information from a wide variety of public and private sources increases the potential that the State can identify and block cyber attacks before they occur.
As CSCIC has proceeded with these initiatives and participated with other public and private entities in a broad range of cyber security activities, the current language of POL §87(2)(i) has proven to be an impediment to the type of information sharing that is so critical to preparing for and responding to constantly evolving cyber threats. Entities that are not "agencies" for purpose of the Freedom of Information Law (FOIL), including other states, other public entities outside New York State, and private entities are often unwilling to share detailed information concerning their information technology assets and their cyber security activities because that information cannot be exempted from disclosure under FOIL.
This bill amends POL §87(2)(i) to permit an agency to deny access to records that would jeopardize the capacity of any entity to guarantee the security of its information technology assets. Affording agencies the ability to protect sensitive cyber security information received from non-agencies will serve to foster information sharing by those non-agencies, thereby enhancing the ability of agencies to identify and block potential attacks before they occur.
LEGISLATIVE HISTORY : This is a new bill.
FISCAL IMPLICATIONS : None.
LOCAL FISCAL IMPLICATIONS : None.
EFFECTIVE DATE : Immediately.
STATE OF NEW YORK ________________________________________________________________________ 6058 2009-2010 Regular Sessions IN SENATE June 23, 2009 ___________Introduced by Sen. ADAMS -- (at request of the Office of Cyber Security and Critical Infrastructure Coordination) -- read twice and ordered printed, and when printed to be committed to the Committee on Rules AN ACT to amend the public officers law, in relation to requests for certain records under the freedom of information law THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. Paragraph (i) of subdivision 2 of section 87 of the public officers law, as added by chapter 368 of the laws of 2001, is amended to read as follows: (i) if disclosed, would jeopardize
[an agency's]THE capacity OF AN AGENCY OR AN ENTITY THAT HAS SHARED INFORMATION WITH AN AGENCY to guar- antee the security of its information technology assets, such assets encompassing both electronic information systems and infrastructures; or S 2. This act shall take effect immediately.EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD08459-03-9