HOUSE OF REPRESENTATIVES

H.B. NO.

1543

THIRTY-SECOND LEGISLATURE, 2024

 

STATE OF HAWAII

 

 

 

 

 

 

A BILL FOR AN ACT

 

 

relating to the uniform information practices act.

 

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

 


     SECTION 1.  The legislature finds that critical infrastructure are those assets, systems, and networks that provide functions necessary for our way of life.  There are sixteen federal designated critical infrastructure sectors, including energy, emergency services, water, health care, and others, that are part of a complex, interconnected ecosystem.  Any threat to these sectors could have potentially debilitating consequences to national security, the economy, and public health and safety.

     The legislature further finds it is imperative to establish protections for critical infrastructure information that is created, received, or maintained by government agencies to ensure public health and safety.  The proposed protections under this Act are aligned with the federal Critical Infrastructure Information Act of 2002 and would enhance the sharing of critical infrastructure information between private entities and government agencies.  Providing homeland security partners additional reassurance that their shared proprietary information will be protected is important to encourage open sharing of critical infrastructure information.

     The legislature also finds that voluntary collaboration is crucial in providing for critical infrastructure security.  Up-front protections in statute for non-disclosure of specific security-related information will support better understanding and identification of:

     (1)  Security risks and threats from physical and cyber-attacks, like the types and characteristics of physical security or technology systems;

     (2)  Vulnerabilities and mitigation strategies during special events, including actions taken to manage potential threats at an event venue; and

     (3)  Overall critical infrastructure security, such as understanding the nature of previous incidents to identify and ultimately close vulnerability gaps.

     The purpose of this Act is to exclude critical infrastructure information from disclosure requirements under the Uniform Information Practices Act.

     SECTION 2.  Section 92F-13, Hawaii Revised Statutes, is amended to read as follows:

     "§92F-13  Government records; exceptions to general rule.  This part shall not require disclosure of:

     (1)  Government records which, if disclosed, would constitute a clearly unwarranted invasion of personal privacy;

     (2)  Government records pertaining to the prosecution or defense of any judicial or quasi-judicial action to which the State or any county is or may be a party, to the extent that such records would not be discoverable;

     (3)  Government records that, by their nature, must be confidential in order for the government to avoid the frustration of a legitimate government function;

     (4)  Government records which, pursuant to state or federal law including an order of any state or federal court, are protected from disclosure; [and]

     (5)  Inchoate and draft working papers of legislative committees including budget worksheets and unfiled committee reports; work product; records or transcripts of an investigating committee of the legislature [which] that are closed by rules adopted pursuant to section 21-4 and the personal files of members of the legislature[.]; and

     (6)  Critical infrastructure information related to the security of critical infrastructure or protected systems, including documents, records, or other information concerning:

          (A)  Actual, potential, or threatened interference with, attacks on, compromise of, or incapacitation of critical infrastructure of protected systems by either physical or computer-based attack or other similar conduct, including the misuse of or unauthorized access to all types of communications and data transmission systems that:

              (i)  Violates federal, state, local, or tribal law;

             (ii)  Harms interstate commerce of the United States; or

            (iii)  Threatens public health or safety;

          (B)  The ability of any critical infrastructure or protected system to resist interference, attack, compromise, or incapacitation described in subparagraph (A), including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit; or

          (C)  Any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to the interference, attack, compromise, or incapacitation described in subparagraph (A)."

     SECTION 3.  Statutory material to be repealed is bracketed and stricken.  New statutory material is underscored.

     SECTION 4.  This Act shall take effect upon its approval.

 

INTRODUCED BY:

_____________________________

 

 


 


 

Report Title:

Uniform Information Practices Act; Critical Infrastructure Information

 

Description:

Excludes critical infrastructure information from disclosure requirements under the Uniform Information Practices Act.

 

 

 

The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.