Gov. Snyder approves cybersecurity FOIA exemptions for government bodies
Open-records disclosures can no longer include information on cybersecurity plans and vulnerabilities in Michigan.
Gov. Rick Snyder signed legislation Monday that allows for the exclusion of cybersecurity information shared with Michigan State Police and other government bodies to be exempt from the Freedom of Information Act. The changes cleared the Legislature in House Bill 4973 (now Public Act 68 of 2018) sponsored by state Rep. Brandt Iden, R-Oshtemo, earlier this month.
Supporters say the exemption reassures companies that sensitive information shared with officials in the event of a security breach does not surface in public-records requests under Michigan's Freedom of Information Act.
The exclusion also applies to requests that could trigger future security breaches. The Michigan Press Association opposes the curtailment, saying it allows for excessive exemption-taking.
Last week, the state announced that a recent audit found phishing vulnerabilities among its public employees.