|
THE SENATE |
S.B. NO. |
2844 |
|
THIRTY-SECOND LEGISLATURE, 2024 |
|
|
|
STATE OF HAWAII |
|
|
|
|
|
|
|
|
||
|
|
||
A BILL FOR AN ACT
relating to the uniform information practices act.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. The legislature finds that critical infrastructure are those assets, systems, and networks that provide functions necessary for our way of life. There are sixteen federal designated critical infrastructure sectors, including energy, emergency services, water, health care, and others, that are part of a complex, interconnected ecosystem. Any threat to these sectors could have potentially debilitating consequences to national security, the economy, and public health and safety.
The legislature further finds it is imperative to establish protections for critical infrastructure information that is created, received, or maintained by government agencies to ensure public health and safety. The proposed protections under this Act are aligned with the federal Critical Infrastructure Information Act of 2002 and would enhance the sharing of critical infrastructure information between private entities and government agencies. Providing homeland security partners additional reassurance that their shared proprietary information will be protected is important to encourage open sharing of critical infrastructure information.
The legislature also finds that voluntary collaboration is crucial in providing for critical infrastructure security. Up-front protections in statute for non-disclosure of specific security-related information will support better understanding and identification of:
(1) Security risks and threats from physical and cyber-attacks, like the types and characteristics of physical security or technology systems;
(2) Vulnerabilities and mitigation strategies during special events, including actions taken to manage potential threats at an event venue; and
(3) Overall critical infrastructure security, such as understanding the nature of previous incidents to identify and ultimately close vulnerability gaps.
The purpose of this Act is to exclude critical infrastructure information from disclosure requirements under the Uniform Information Practices Act.
SECTION 2. Section 92F-13, Hawaii Revised Statutes, is amended to read as follows:
"§92F-13 Government records; exceptions to general rule. This part shall not require disclosure of:
(1) Government records which, if disclosed, would constitute a clearly unwarranted invasion of personal privacy;
(2) Government records pertaining to the prosecution or defense of any judicial or quasi-judicial action to which the State or any county is or may be a party, to the extent that such records would not be discoverable;
(3) Government records that, by their nature, must be confidential in order for the government to avoid the frustration of a legitimate government function;
(4) Government records
which, pursuant to state or federal law including an order of any state or
federal court, are protected from disclosure; [and]
(5) Inchoate and draft
working papers of legislative committees including budget worksheets and
unfiled committee reports; work product; records or transcripts of an
investigating committee of the legislature [which] that are
closed by rules adopted pursuant to section 21-4 and the personal files of
members of the legislature[.]; and
(6) Critical
infrastructure information related to the security of critical
infrastructure or protected systems, including documents, records, or other
information concerning:
(A) Actual,
potential, or threatened interference with, attacks on, compromise of, or
incapacitation of critical infrastructure of protected systems by either
physical or computer-based attack or other similar conduct, including the
misuse of or unauthorized access to all types of communications and data
transmission systems that:
(i) Violates
federal, state, local, or tribal law;
(ii) Harms
interstate commerce of the United States; or
(iii) Threatens
public health or safety;
(B) The
ability of any critical infrastructure or protected system to resist
interference, attack, compromise, or incapacitation described in subparagraph
(A), including any planned or past assessment, projection, or estimate of the
vulnerability of critical infrastructure or a protected system, including
security testing, risk evaluation thereto, risk management planning, or risk
audit; or
(C) Any
planned or past operational problem or solution regarding critical infrastructure
or protected systems, including repair, recovery, reconstruction, insurance, or
continuity, to the extent it is related to the interference, attack,
compromise, or incapacitation described in subparagraph (A)."
SECTION 3. Statutory material to be repealed is bracketed and stricken. New statutory material is underscored.
SECTION 4. This Act shall take effect upon its approval.
|
INTRODUCED BY: |
_____________________________ |
|
|
|
Report Title:
Uniform Information Practices Act; Critical Infrastructure Information
Description:
Excludes critical infrastructure information from disclosure requirements under the Uniform Information Practices Act.
The summary description
of legislation appearing on this page is for informational purposes only and is
not legislation or evidence of legislative intent.