PA 17-211—sHB 7221

Public Health Committee

Government Administration and Elections Committee

AN ACT CONCERNING ACCESS TO WATER PLANNING INFORMATION

SUMMARY: This act revamps the Freedom of Information Act (FOIA) exemption for certain water company records. Generally, it removes water company records from the coverage of a FOIA exemption that applies to all public agency records if there are reasonable grounds to believe that their release could pose a security risk. It instead identifies specific water company records filed with a public agency as confidential and not subject to disclosure. In addition to these specified records, the act also makes confidential any other water company record filed with a public agency if there are reasonable grounds to believe that disclosure may result in a safety risk.

The act requires water companies, when submitting a water supply plan (or revision to a plan) to the Department of Public Health (DPH), to also submit a copy of the plan that is redacted in accordance with the act's provisions on confidential records.

EFFECTIVE DATE: July 1, 2017

APPLICABILITY OF FOIA TO WATER COMPANY RECORDS

Under FOIA, a “public agency” is generally any (1) state, municipal, regional, or quasi-public agency, including any judicial office, or (2) entity that is the functional equivalent of such agencies (CGS 1-200). The law defines a water company as any individual, municipality, or entity that owns, maintains, operates, manages, controls, or employs any pond, lake, reservoir, well, stream, or distributing plant or system that supplies water to two or more consumers or to 25 or more people on a regular basis (CGS 25-32a).

Thus, a water company itself is subject to FOIA if the company is a public agency. If a water company is not a public agency, its records may still be subject to FOIA if they are submitted to a public agency (e.g., a water supply plan submitted to DPH).

The act revamps the FOIA exemption for certain water company records, as described below.

PREVIOUS EXEMPTION FOR WATER COMPANY RECORDS

Exempt Records

Existing law exempts records from disclosure under FOIA when there are reasonable grounds to believe that disclosure may result in a safety risk, including the risk of harm to any government-owned or -leased institution or facility. Under prior law, a government-owned or -leased institution or facility included an institution or facility owned or leased by a water company. The act removes water company-owned or -leased institutions and facilities from this exemption and instead identifies specific water company records filed with a public agency as confidential and not subject to disclosure under FOIA (see below).

Water company records previously covered by this exemption included the following:

1. vulnerability assessments and risk management plans;

2. operational plans;

3. portions of water supply plans that could result in a security risk if disclosed;

4. inspection reports;

5. technical specifications; and

6. other materials that depict or specifically describe critical water company operating facilities, collection and distribution systems, or supply sources.

Procedure for Determining Whether an Exemption Applies

The act similarly removes water company records from existing law's procedures for determining a security risk. Generally under these procedures, the administrative services or emergency services and public protection commissioner must determine whether there are reasonable grounds for a security risk after consulting with the chief executive officer of the agency with custody of the record. For water company records, the act also eliminates requirements in prior law that the (1) custodial agency notify the water company of the request and (2) appropriate commissioner consult with the water company's chief executive officer when determining if a security risk exists.

RECORDS DEEMED CONFIDENTIAL BY THE ACT

With certain exceptions listed separately below, the act deems confidential and not subject to disclosure under FOIA the following water company records filed with a public agency:

1. cybersecurity plans and measures, supervisory control and data acquisition systems, information and communications systems, system access codes and specifications, vulnerability assessments, internal security audits, security manuals, security training or security reports, including security assessments, plans and procedures, operational and design specifications of water and sewage treatment facility security systems, or risk management plans;

2. emergency contingency plans and emergency preparedness plans, incident management plans, response, recovery, and mitigation plans or critical customer lists, including plans provided by a person to a federal or state agency or a federal, state, or local emergency management agency or official, or documents or portions of documents that identify or describe procedures for sabotage prevention and response (see Exceptions below);

3. design drawings or maps identifying specific locations, detailed schematics and construction details of wells, source water intakes, water mains, tunnels, storage facilities, water and sewage treatment facilities or pump stations and pressure reducing stations, and other distribution system pressure and flow control valves and facilities (see Exceptions below);

4. dam specifications or safety documents, including (a) inspection reports, engineering studies or reports, drawings, plans, and specifications detailing construction or rehabilitation and (b) emergency action plans, including plans provided to a federal or state agency or a federal, state, or local emergency response or emergency management agency or official;

5. building floor or structural plans, specifications of structural elements, or building security systems or codes;

6. detailed network topology maps;

7. specific locations of or specifications about electrical power, standby generators, or fuel systems for water system facilities (see Exceptions below);

8. operational specifications, schematics and procedures of water and sewage treatment plant processes and associated equipment and chemicals, including facility use of chlorine gas storage and delivery and the location of chemicals (see Exceptions below);

9. logs or other documents that contain information about the movement or assignment of water system and sewage treatment facilities and security personnel; and

10. distribution system hydraulic models.

In addition to these specified records, the act also makes confidential any other water company record filed with a public agency if there are reasonable grounds to believe that disclosure may result in a safety risk. Upon the water company's request, such a record may be reviewed by the administrative services commissioner, in consultation with the chief executive officer of the state agency or municipal water or sewage treatment entity that has custody of the record, to determine if such reasonable grounds exist.

Exceptions

The following types of records are not covered by the act's confidentiality provisions:

1. drought management and response plans are subject to disclosure (see Item 2 above);

2. information about the general location of water mains, wells, and interconnections is subject to disclosure (see Item 3 above);

3. general information about electrical power, standby generators, or fuel systems for water system facilities may be disclosed (see Item 7 above); and

4. a general description of a water and sewage treatment plant may be disclosed (see Item 8 above).