SENATE BILL REPORT

SB 6285

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

As of January 30, 2020

Title: An act relating to exempting election security information from public records disclosure.

Brief Description: Exempting election security information from public records disclosure.

Sponsors: Senators Hunt, Das and Wellman.

Brief History:

Committee Activity: State Government, Tribal Relations & Elections: 1/31/20.

Brief Summary of Bill

  • Exempts elections continuity of operations plans and election security audits, risk assessments, or security test results from public disclosure requirements.

  • Exempts portions of records containing information about election infrastructure or security where disclosure would increase risk to election operations from public disclosure requirements.

  • Exempts information systems security risk assessments in their entirety from public disclosure requirements.

SENATE COMMITTEE ON STATE GOVERNMENT, TRIBAL RELATIONS & ELECTIONS

Staff: Samuel Brown (786-7470)

Background: Public Records Act. The Public Records Act (PRA), enacted in 1972 as part of Initiative 276, requires that all state and local government agencies make all public records available for public inspection and copying unless certain statutory exemptions apply. Over 500 specific references in the PRA or other statutes remove certain information from application of the PRA, provide exceptions to the public disclosure and copying of certain information, or designate certain information as confidential. The provisions requiring public records disclosure must be interpreted liberally while the exemptions are interpreted narrowly to effectuate the general policy favoring disclosure.

Security Exemptions. Certain security information is exempt from the PRA's disclosure requirements. These exemptions include records related to public and private infrastructure of computer and telecommunications networks, which include security passwords, access codes, and security risk assessments, to the extent the information identifies specific system vulnerabilities, or that release of the information would risk asset confidentiality, integrity, or availability.

Elections Security. Many counties have developed continuity of operations plans for elections operations to assist with continuing essential functions and services in response to emergencies and disasters. The Washington Military Department maintains a copy of the continuity of operations plan for election operations for each county that has a plan available. There is coordination among local, state, and federal entities, including the United States Department of Homeland Security, on the security of voting systems, voter registration databases, and polling places.

Summary of Bill: Continuity of elections operations plans, security risk assessments, and other audits and test results relating to physical security or cybersecurity of election operations or infrastructure are exempt in their entirety from the PRA's disclosure requirements. Portions of records related to election infrastructure, election security, or threats to election security are exempt from the PRA's disclosure requirements to the extent disclosure would have a substantial likelihood of increasing risk to the integrity of election operations or infrastructure.

Security risk assessments of any kind are exempt in their entirety from the PRA's disclosure requirements.

The exemptions in the bill apply to any public records requests pending as of the bill's effective date where disclosure has not already occurred.

Appropriation: None.

Fiscal Note: Not requested.

Creates Committee/Commission/Task Force that includes Legislative members: No.

Effective Date: The bill contains an emergency clause and takes effect immediately.