CYPER SECURITY: FOIA EXEMPTIONS                                                             H.B. 4973:

                                                                                                    SUMMARY OF BILL

                                                                                      REPORTED FROM COMMITTEE

 

 

 

 

 

 

 

 

 

House Bill 4973 (as reported without amendment)

Sponsor:  Representative Brandt Iden

House Committee:  Communications and Technology

Senate Committee:  Elections and Government Reform

 


CONTENT

 

The bill would amend the Freedom of Information Act (FOIA) to allow a public body to exempt the following from disclosure:

 

 --    Records of measures designed to protect the confidentiality, integrity, or availability of certain information systems, as well as cybersecurity plans, assessments, or vulnerabilities.

 --    Information that would reveal the identity of a person who could, as a result of disclosure of the information, become a victim of a cybersecurity incident, or that would reveal the person's cybersecurity plans, or cybersecurity-related practices.

 

Under the Act, upon providing a public body's FOIA coordinator with a written request that describes a public record sufficiently to enable the public body to find the public record, a person has a right to inspect, copy, or receive copies of the requested public record of the public body.

 

A public body may exempt from disclosure records or information of measures designed to protect the security or safety of persons or property. The bill also would allow the exemption of records or information of measures designed to protect the confidentiality, integrity, or availability of information systems, whether public or private, and cybersecurity plans, assessments, or vulnerabilities, unless disclosure would not impair a public body's ability to protect security or safety or unless the public interest in disclosure outweighed the public interest in nondisclosure. This exemption (including the current and proposed provisions) would not apply to information submitted as required by law or as a condition to receiving a governmental contract, license, or other benefit.

 

The bill also would include hard drives and solid state storage components in the definition of "public record".

 

MCL 15.232 & 15.243                                                Legislative Analyst:  Nathan Leaman

 

FISCAL IMPACT

 

The bill would have no fiscal impact on State or local government.

 

Date Completed:  2-26-18                                                    Fiscal Analyst:  Joe Carrasco

 

 

This analysis was prepared by nonpartisan Senate staff for use by the Senate in its deliberations and does not constitute an official statement of legislative intent.