States are developing rules to better protect critical energy infrastructure from cyber and other threats. This policy scan explores state laws that protect critical energy infrastructure information (CEII) from public disclosure. It also addresses court rulings protecting sensitive data for other infrastructure types and explores how states are protecting shared critical data from cyberattacks and cyber theft. As the electric grid continues to evolve, the sensitivity of information being shared and threats from increased connectivity will grow. States need to have rules in place and regularly update these rules as threats change to protect the public in the case of an emergency.