Current through Pa Acts 2024-53, 2024-56 through 2024-92
Section 2141.3 - Procedures for submitting, challenging and protecting confidential security information(a) General rule.--The public utility is responsible for determining whether a record or portion thereof contains confidential security information. When a public utility identifies a record as containing confidential security information, it must clearly state in its transmittal letter, upon submission to an agency, that the record contains confidential security information and explain why the information should be treated as such.(b) Submission of confidential security information.--An agency shall develop filing protocols and procedures for public utilities to follow when submitting records, including protocols and procedures for submitting records containing confidential security information. Such protocols and procedures shall instruct public utilities who submit records to an agency to separate their information into at least two categories:(1) Public.-- Records or portions thereof subject to the provisions of the act of June 21, 1957 (P.L. 390, No. 212), referred to as the Right-to-Know Law.(2) Confidential.--Records or portions thereof requested to be treated as containing confidential security information and not subject to the Right-to-Know Law.(c) Challenges to designation of confidential security information.--Challenges to a public utility's designation or request to examine records containing confidential security information by a member of the public shall be made in writing to the agency in which the record or portions thereof were originally submitted. The agency shall develop protocols and procedures to address challenges to the designations or requests to examine records containing confidential security information. Such protocols and procedures shall include: (1) Written notification to the public utility by the agency of the request to examine records containing confidential security information or challenge of its designation.(2) An opportunity for agency review of the public utility's designation.(3) During the review or any appeal of the agency's decision, the agency shall continue to honor the confidential security information designation by the public utility.(4) Agency review of the public utility's designation or request to examine records containing confidential security information shall be based on consistency with the definition of confidential security information contained in this act or when there are reasonable grounds to believe disclosure may result in a safety risk, including the risk of harm to any person, or mass destruction.(5) Written notification of the agency's decision on confidentiality to the public utility and member of the public that requested to examine the records containing confidential security information or challenged the designation made by the public utility shall occur within 60 days. In the same writing, the agency shall affirmatively state whether the disclosure would compromise the public utility's security against sabotage or criminal or terrorist acts.(6) Following written notification by the agency of its decision on confidentiality, the public utility and member of the public shall be given 30 days to file an appeal in Commonwealth Court where the court may review the records containing confidential security information in camera to determine if they are protected from disclosure under this act. During pendency of the in camera review, the records subject to the in camera review shall not be made part of the public court filing.(d) Protecting confidential security information.--An agency shall develop such protocols as may be necessary to protect public utility records or portions thereof that contain confidential security information from prohibited disclosure under section 5 . Such protocols shall ensure that: (1) Each copy of a record or portion thereof containing confidential security information is clearly marked as confidential and not subject to the provisions of the Right-to-Know Law.(2) Each copy of a record or portion thereof containing confidential security information is kept on site in a secure location, separate from the general records relating to the public utility, where it is available for inspection by authorized individuals.(3) Only authorized individuals, as designated by the agency, may have access to records or copies thereof containing confidential security information.(4) Authorized individuals, as designated by the agency, shall undergo training and sign an access agreement which summarizes responsibilities and personal liabilities if confidential security information is knowingly or recklessly released, published or otherwise disclosed.(5) A document tracking system is established to allow for records or copies thereof containing confidential security information to be traceable at all times to a single person.(e) Redaction of confidential security information.--If an agency determines that a record or portions thereof contain confidential security information and information that is public, the agency shall redact the portions of the record containing confidential security information before disclosure.2006, Nov. 29, P.L. 1435, No. 156, §3, effective in 180 days [ 5/29/2007].