Revised Code of Washington
Chapter 42.56 - Public Records Act.
42.56.420 - Security.

RCW 42.56.420
Security.

The following information relating to security is exempt from disclosure under this chapter:
(1) Those portions of records assembled, prepared, or maintained to prevent, mitigate, or respond to criminal terrorist acts, which are acts that significantly disrupt the conduct of government or of the general civilian population of the state or the United States and that manifest an extreme indifference to human life, the public disclosure of which would have a substantial likelihood of threatening public safety, consisting of:
(a) Specific and unique vulnerability assessments or specific and unique response or deployment plans, including compiled underlying data collected in preparation of or essential to the assessments, or to the response or deployment plans; and
(b) Records not subject to public disclosure under federal law that are shared by federal or international agencies, and information prepared from national security briefings provided to state or local government officials related to domestic preparedness for acts of terrorism;
(2) Those portions of records containing specific and unique vulnerability assessments or specific and unique emergency and escape response plans at a city, county, or state adult or juvenile correctional facility, or secure facility for persons civilly confined under chapter 71.09 RCW, the public disclosure of which would have a substantial likelihood of threatening the security of a city, county, or state adult or juvenile correctional facility, secure facility for persons civilly confined under chapter 71.09 RCW, or any individual's safety;
(3) Information compiled by school districts or schools in the development of their comprehensive safe school plans under RCW 28A.320.125, to the extent that they identify specific vulnerabilities of school districts and each individual school;
(4) Information regarding the public and private infrastructure and security of computer and telecommunications networks, consisting of security passwords, security access codes and programs, access codes for secure software applications, security and service recovery plans, security risk assessments, and security test results to the extent that they identify specific system vulnerabilities, and other such information the release of which may increase risk to the confidentiality, integrity, or availability of security, information technology infrastructure, or assets;
(5) The system security and emergency preparedness plan required under RCW 35.21.228, 35A.21.300, 36.01.210, 36.57.120, 36.57A.170, and 81.112.180;
(6) Personally identifiable information of employees, and other security information, of a private cloud service provider that has entered into a criminal justice information services agreement as contemplated by the United States department of justice criminal justice information services security policy, as authorized by 28 C.F.R. Part 20; and
(7)(a) In addition to the information in subsection (4) of this section, the following related to election security:
(i) The continuity of operations plan for election operations and any security audits, security risk assessments, or security test results, relating to physical security or cybersecurity of election operations or infrastructure. These records are exempt from disclosure in their entirety;
(ii) Those portions of records containing information about election infrastructure, election security, or potential threats to election security, the public disclosure of which may increase risk to the integrity of election operations or infrastructure; and
(iii) Voter signatures on ballot return envelopes, ballot declarations, and signature correction forms, including the original documents, copies, and electronic images; and a voter's phone number and email address contained on ballot return envelopes, ballot declarations, or signature correction forms. The secretary of state, by rule, may authorize in-person inspection of unredacted ballot return envelopes, ballot declarations, and signature correction forms in accordance with RCW 29A.04.260.
(b) The exemptions specified in (a) of this subsection do not include information or records pertaining to security breaches, except as prohibited from disclosure pursuant to RCW 29A.12.200.
(c) The exemptions specified in (a) of this subsection do not prohibit an audit authorized or required under Title 29A RCW from being conducted.

[ 2022 c 140 § 1; 2021 c 26 § 1; 2017 c 149 § 1; 2016 c 153 § 1; 2013 2nd sp.s. c 33 § 9; 2009 c 67 § 1; 2005 c 274 § 422.]
NOTES:

Application—2022 c 140 §§ 1 and 2: See note following RCW 29A.04.260.


Effective date—2022 c 140: See note following RCW 29A.04.260.


Application—2021 c 26: "The exemptions in this act apply to any public records requests made prior to April 14, 2021, for which the disclosure of records has not already occurred." [ 2021 c 26 § 2.]


Effective date—2021 c 26: "This act is necessary for the immediate preservation of the public peace, health, or safety, or support of the state government and its existing public institutions, and takes effect immediately [April 14, 2021]." [ 2021 c 26 § 3.]

<< Previous
Next >>

Structure Revised Code of Washington

Revised Code of Washington

Title 42 - Public Officers and Agencies

Chapter 42.56 - Public Records Act.

42.56.001 - Finding, purpose.

42.56.010 - Definitions.

42.56.020 - Short title.

42.56.030 - Construction.

42.56.040 - Duty to publish procedures.

42.56.050 - Invasion of privacy, when.

42.56.060 - Disclaimer of public liability.

42.56.070 - Documents and indexes to be made public—Statement of costs.

42.56.080 - Identifiable records—Facilities for copying—Availability of public records.

42.56.090 - Times for inspection and copying—Posting on website.

42.56.100 - Protection of public records—Public access.

42.56.110 - Destruction of information relating to employee misconduct.

42.56.120 - Charges for copying.

42.56.130 - Other provisions not superseded.

42.56.140 - Public records exemptions accountability committee.

42.56.141 - Public records exemptions accountability committee—Wolf depredation information exemption.

42.56.150 - Training—Local elected and statewide elected officials.

42.56.152 - Training—Public records officers.

42.56.155 - Assistance by attorney general.

42.56.210 - Certain personal and other records exempt.

42.56.230 - Personal information.

42.56.235 - Religious affiliation exemption.

42.56.240 - Investigative, law enforcement, and crime victims.

42.56.250 - Employment and licensing.

42.56.260 - Real estate transactions.

42.56.270 - Financial, commercial, and proprietary information.

42.56.280 - Preliminary drafts, notes, recommendations, intra-agency memorandums.

42.56.290 - Agency party to controversy.

42.56.300 - Archaeological sites.

42.56.310 - Library records.

42.56.315 - Certain student information.

42.56.320 - Educational information.

42.56.325 - Statewide electronic repository for school meals.

42.56.330 - Public utilities and transportation.

42.56.335 - Public utility districts and municipally owned electrical utilities—Restrictions on access by law enforcement authorities.

42.56.350 - Health professionals.

42.56.355 - Interstate medical licensure compact.

42.56.360 - Health care.

42.56.365 - Vital records.

42.56.370 - Client records of domestic violence programs, or community sexual assault programs or services for underserved populations.

42.56.375 - Sexual misconduct—Postsecondary educational institutions—Personal information of witnesses and victims.

42.56.380 - Agriculture and livestock.

42.56.390 - Emergency or transitional housing.

42.56.400 - Insurance and financial institutions.

42.56.403 - Property and casualty insurance statements of actuarial opinion.

42.56.410 - Employment security department records, certain purposes.

42.56.420 - Security.

42.56.422 - Office of cybersecurity—Reports and information.

42.56.430 - Fish and wildlife.

42.56.440 - Veterans' discharge papers—Exceptions.

42.56.450 - Check cashers and sellers licensing applications.

42.56.460 - Fireworks and explosives.

42.56.470 - Correctional industries workers.

42.56.475 - Department of corrections.

42.56.510 - Duty to disclose or withhold information—Otherwise provided.

42.56.520 - Prompt responses required.

42.56.530 - Review of agency denial.

42.56.540 - Court protection of public records.

42.56.550 - Judicial review of agency actions.

42.56.560 - Application of RCW 42.56.550.

42.56.565 - Inspection or copying by persons serving criminal sentences—Injunction.

42.56.570 - Explanatory pamphlet—Advisory model rules—Consultation and training services.

42.56.580 - Public records officers.

42.56.590 - Personal information—Notice of security breaches.

42.56.592 - Personal information—Covered entities.

42.56.594 - Personal information—Consumer protection.

42.56.600 - Mediation communications.

42.56.610 - Certain information from dairies and feedlots limited—Rules.

42.56.615 - Enumeration data used by the office of financial management for population estimates.

42.56.620 - Cannabis research licensee reports.

42.56.625 - Medical cannabis authorization database.

42.56.630 - Registration information of members of cooperatives to produce and process medical cannabis.

42.56.640 - Vulnerable individuals, in-home caregivers for vulnerable populations.

42.56.645 - Release of public information—2017 c 4 (Initiative Measure No. 1501).

42.56.650 - Health carrier data.

42.56.655 - Explosives exemption report.

42.56.660 - Agency employee records.

42.56.665 - Agency employee records—Civil liability.

42.56.670 - Agency employee records—Model policies.

42.56.675 - Agency employee records—Lists of names.

42.56.680 - Residential real property information and borrower personal information.

42.56.690 - Victim and witness notification program.

42.56.900 - Purpose—2005 c 274 §§ 402-429.

42.56.904 - Intent—2007 c 391.