Last week the House Communication and Technology Committee held a hearing on legislation that would exempt critical cybersecurity data from the Freedom of Information Act (FOIA). House Bill 4973 exempts from FOIA cybersecurity plans, assessments or vulnerabilities. Similar legislation last term received intense push back, particularly from environmental groups, for attempting to exempt from FOIA critical energy infrastructure information.
Michigan State Police testified in support of this legislation stating that it would help ensure private entities are reporting cybersecurity threats to the department because entities are worried their sensitive and proprietary information could be released under the current FOIA provisions. Under current law, FOIA exempts “records or information of measures designed to protect the security or safety of persons or property” from being disclosed. The bill would also add “or the confidentiality, integrity or availability of information systems.”
Vote on HB 4973 is expected this week.