SPONSOR: |
Sen. Bushweller & Rep. K. Williams |
|
Sens.
Henry, Hocker, Peterson, Pettyjohn & Simpson; Reps.
Baumbach, Briggs King, Carson & Mitchell |
DELAWARE STATE SENATE 148th GENERAL ASSEMBLY |
SENATE BILL NO. 258 |
AN ACT TO AMEND TITLE 29 OF THE DELAWARE CODE RELATING TO THE FREEDOM OF INFORMATION ACT. |
Section 1. Amend § 10002(l)(17)a., Title 29 of the Delaware Code, by making insertions as shown by underline and deletions as shown by strike through as follows:
§ 10002 Definitions.
(l) "Public record" is
information of any kind, owned, made, used, retained, received, produced,
composed, drafted or otherwise compiled or collected, by any public body,
relating in any way to public business, or in any way of public interest, or in
any way related to public purposes, regardless of the physical form or
characteristic by which such information is stored, recorded or reproduced. For
purposes of this chapter, the following records shall not be deemed public:
(17)a. The following records, which, if copied or inspected, could jeopardize the security of any structure owned by the State or any of its political subdivisions, or could facilitate the planning of a terrorist attack, or could endanger the life or physical safety of an individual:
7. Information technology (IT) infrastructure
details, including but not limited to file layouts, data dictionaries, source
code, logical and physical design of IT systems and interfaces, detailed
hardware and software inventories, network architecture and schematics,
vulnerability reports, and any other information that, if disclosed, could
jeopardize the security or integrity of an information and technology system
owned, operated or maintained by the State or any public body subject to the
requirements of this Chapter.
SYNOPSIS
The Delaware Freedom of Information Act, 29 Del. C. Ch. 100 (“FOIA”) currently exempts from the definition of public record those documents that could jeopardize security of the state, “[f]acilitate the planning of a terrorist attack,” or “endanger the life or physical safety of an individual.” 29 Del. C. § 10002 (l)(17)(a)(2). While the current provision includes “telecommunications network facilities and switching equipment,” the provision has not been updated since its adoption in 2002 in response to the September 11, 2001 terrorist attacks, and it may not sufficiently protect the State’s information security systems from FOIA requests that are designed to facilitate a cyber security attack. This legislation adds language that allows the Department of Technology and Information, as well as other public bodies subject to FOIA, to refrain from disclosing information about the underpinnings of our state computer network and systems. This information in the hands of a requestor increases the risk of a cyber attack and may allow a requesting party to obtain confidential data about the State’s citizens (including confidential payroll, medical, academic, and personnel records). This exemption is similar to the existing provisions that exempt the State from withholding blueprint and alarm system data that would allow a burglar to break into a physical building. |
Author: Senator Bushweller