Bill Text: IA HF601 | 2017-2018 | 87th General Assembly | Introduced
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: A bill for an act relating to the confidentiality of certain physical infrastructure, cyber security, and critical infrastructure information and records developed, maintained, or held by a government body. (Formerly HSB 185.) Effective 7-1-17.
Spectrum: Committee Bill
Status: (Passed) 2017-05-11 - Signed by Governor. H.J. 1149. [HF601 Detail]
Download: Iowa-2017-HF601-Introduced.html
Bill Title: A bill for an act relating to the confidentiality of certain physical infrastructure, cyber security, and critical infrastructure information and records developed, maintained, or held by a government body. (Formerly HSB 185.) Effective 7-1-17.
Spectrum: Committee Bill
Status: (Passed) 2017-05-11 - Signed by Governor. H.J. 1149. [HF601 Detail]
Download: Iowa-2017-HF601-Introduced.html
House File 601 - Introduced HOUSE FILE BY COMMITTEE ON GOVERNMENT OVERSIGHT (SUCCESSOR TO HSB 185) A BILL FOR 1 An Act providing for the confidentiality of certain cyber 2 security and critical infrastructure information developed 3 and maintained by a government body. 4 BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA: TLSB 2641HV (1) 87 rh/rj PAG LIN 1 1 Section 1. Section 22.7, subsection 50, Code 2017, is 1 2 amended to read as follows: 1 3 50. Information concerning cyber security, critical 1 4 infrastructure, security procedures, or emergency preparedness 1 5informationdeveloped and maintained by a government body 1 6 for the protection of governmental employees, visitors to 1 7 the government body, persons in the care, custody, or under 1 8 the control of the government body, or property under the 1 9 jurisdiction of the government body, if disclosure could 1 10 reasonably be expected to jeopardize such employees, visitors, 1 11 persons, or property. 1 12 a. (1) Such information includes but is not limited to 1 13 information directly related to vulnerability assessments; 1 14 information contained in records relating to security measures 1 15 such as security and response plans, security codes and 1 16 combinations, passwords, restricted area passes, keys, and 1 17 security or response procedures; emergency response protocols; 1 18 and information contained in records that if disclosed would 1 19 significantly increase the vulnerability of critical physical 1 20 systems or infrastructures of a government body to attack. 1 21 (2) For purposes of this subsection, "information concerning 1 22 cyber security" includes but is not limited to information 1 23 relating to cyber security defenses, threats, attacks, or 1 24 general attempts to attack cyber system operations. 1 25 b. This subsection shall only apply to information held by 1 26 a government body that has adopted a rule or policy identifying 1 27 the specific records or class of records to which this 1 28 subsection applies and which is contained in such a record. 1 29 EXPLANATION 1 30 The inclusion of this explanation does not constitute agreement with 1 31 the explanation's substance by the members of the general assembly. 1 32 This bill provides for the confidentiality of certain cyber 1 33 security and critical infrastructure information developed and 1 34 maintained by a government body. 1 35 Under current law, information concerning security 2 1 procedures or emergency preparedness information developed 2 2 and maintained by a government body for the protection of 2 3 governmental employees, visitors to the government body, 2 4 persons in the care, custody, or under the control of the 2 5 government body, or property under the jurisdiction of the 2 6 government body, if disclosure could reasonably be expected to 2 7 jeopardize such employees, visitors, persons, or property must 2 8 be kept confidential under Code section 22.7 unless otherwise 2 9 ordered by a court, by the lawful custodian of the records, or 2 10 by another person duly authorized to release such information. 2 11 The bill includes cyber security and critical infrastructure 2 12 information developed and maintained by a government body for 2 13 such purposes. Information concerning cyber security includes 2 14 but is not limited to information relating to cyber security 2 15 defenses, threats, attacks, or general attempts to attack cyber 2 16 system operations. LSB 2641HV (1) 87 rh/rj