Under the Sensitive Records Protection Act, similar to information restriction provisions in the federal Homeland Security Act of 2002, state agencies must withhold from the public voluntarily submitted information from public and private sources. The only reasons state agencies may disclose these “sensitive records” is if the information would assist in a criminal prosecution, the agency has been served a judicial order, or the submitter has given written consent. The law specifically blocks access to the information under the Freedom of Information Act. The overly broad exemption does not define what information would fall under the category of relating to “critical infrastructure sectors and components.” This could lead to abuses by companies using the new law to simply withhold information. The Act also contains no provisions for the state to act on the information submitted to ensure that the critical infrastructure is well-protected, leaving the charge of the bill unfulfilled.
The Freedom of Information Act (FOIA): Critical Infrastructure and Vulnerability Assessments bill also restricts the amount of information the public can access. It expands the record exemptions under FOIA to include engineering and architectural drawings, and any other records relating to critical infrastructure components. Both bills are alarming because they infringe upon the rights of citizens to gain access to unclassified information. The Virginia bills are some of the first state versions the federal Homeland Security Act of 2002 that have been signed into law. Since the Critical Infrastructure Information provisions in the federal Homeland Security Act preempt all state and local disclosure laws, these state-level laws are useless unless they place even greater restrictions on information then the federal law does.