BILL NUMBER: SB 949INTRODUCED BILL TEXT INTRODUCED BY Senator Jackson FEBRUARY 4, 2016 An act to add Section 8573.1 to the Government Code, relating to emergency services. LEGISLATIVE COUNSEL'S DIGEST SB 949, as introduced, Jackson. Emergency services: critical infrastructure information. The California Emergency Services Act requires the Governor to coordinate the State Emergency Plan and any programs necessary for the mitigation of the effects of an emergency in this state, as specified. The act also establishes, within the office of the Governor, the Office of Emergency Services and requires it to perform various duties with respect to specified emergency preparedness, mitigation, and response activities in the state. This bill would authorize the Governor to require owners and operators of critical infrastructure to submit critical infrastructure information, as those terms are defined, to the Office of Emergency Services, or any other designee, for the purposes of gathering, analyzing, communicating, or disclosing critical infrastructure information, as provided. The California Public Records Act requires state and local agencies to make their records available for public inspection, unless an exemption from disclosure applies. The act exempts from these disclosure requirements, among other documents, critical infrastructure information, as defined, that is voluntarily submitted to the Office of Emergency Services for use by that office. This bill would provide that critical infrastructure information obtained pursuant to its provisions would be confidential and not subject to disclosure under the California Public Records Act, subpoena, or discovery, or admissible as evidence in any private civil action. Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest. This bill would make legislative findings to that effect. Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. Section 8573.1 is added to the Government Code, to read: 8573.1. (a) As used in this section, the following definitions shall apply: (1) "Critical infrastructure" means systems and assets so vital to the state that the incapacity or destruction of those systems or assets would have a debilitating impact on security, economic security, public health and safety, or any combination of those matters. (2) "Critical infrastructure information" means information not customarily in the public domain pertaining to any of the following: (A) Actual, potential, or threatened interference, or an attack on, compromise of, or incapacitation of critical infrastructure by either physical or computer-based attack or other similar conduct, including the misuse of, or unauthorized access to, all types of communications and data transmission systems, that violates federal, state, or local law, harms economic security, or threatens public health or safety. (B) The ability of critical infrastructure to resist any interference, compromise, or incapacitation, including any planned or past assessment or estimate of the vulnerability of critical infrastructure, including security testing, risk evaluation, risk management planning, or risk audits. (C) Any planned or past operational problem or solution regarding critical infrastructure, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to interference, compromise, or incapacitation of critical infrastructure. (b) The Governor may require owners and operators of critical infrastructure to submit critical infrastructure information to the Office of Emergency Services, or any other designee, for the following purposes: (1) To gather and analyze critical infrastructure information in order to better understand security problems and interdependencies related to critical infrastructure, so as to ensure the availability, integrity, and reliability of that critical infrastructure. (2) To communicate or disclose critical infrastructure information to help prevent, detect, mitigate, or recover from the effects of an interference, compromise, or incapacitation problem related to critical infrastructure. (c) Critical infrastructure information obtained pursuant to this section shall be confidential and privileged, and shall not be subject to disclosure pursuant to the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 1 of Title 1), subpoena, or discovery, or admissible as evidence in any private civil action. SEC. 2. The Legislature finds and declares that Section 1 of this act, which adds Section 8573.1 to the Government Code, imposes a limitation on the public's right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest: In order to promote effective emergency planning and to ensure that information about the state's critical infrastructure, including information about threats to and vulnerabilities in that infrastructure and measures taken to protect it, remains secure, it is necessary to limit the public's right of access to this information.