Governor of Michigan Rick Snyder signed legislation on March 19, 2018 exempting open-records disclosure of cybersecurity-related information. “Michigan is a leader in addressing cybersecurity and I’m proud that this legislation takes an additional step toward addressing the safety and security of information systems and cybersecurity plans,” Snyder said. This new law received a 104-4 vote, with the supporters saying that it might help in shedding the reluctance for companies in the event of a security breach. The legislation includes cybersecurity assessments, plans, past and ongoing breaches. It also safeguards situations that could trigger future security breach.
Republican Brandt Iden initiated the venture to amend the Freedom of Information Act to prevent sharing of selected electronic data related to cybersecurity. Iden had commented earlier, “We’ve been working to ensure that Michigan is number one when it comes to cybersecurity. That other states, when they look at how to do cybersecurity, they look at Michigan.”
The legislation will prevent circulation of sensitive cybersecurity information with state police and other public bodies. The Michigan Press Association has opposed this exception stating that it creates ground for excessive exemption-taking. Lisa McGraw, the public affairs manager for Michigan Press Association remarked, “We understand the need for cybersecurity, but we are always concerned when you exempt things from FOIA. FOIA should be across the board and uniform as possible.” Although Iden maintained that agencies will disclose all information of public interest and the legislation will only ensure that sensitive information is not compromised.
