How States are Protecting Critical Energy Infrastructure Information

|

Protecting the electric grid is becoming more complex as the size of the grid continues to grow, and cybersecurity threats are increasing in number and becoming more sophisticated. To meet these emerging threats, states and territories are working to support critical infrastructure protection through several means, including bolstering cybersecurity, supporting physical security improvements, and increasing information sharing across the public and private sectors, among others. A key tool to developing stronger information sharing pathways between states and territories with critical infrastructure owners and operators is through critical energy infrastructure information[1] (CEII) laws. By having these protections in place, it may enable energy providers to share information with states and territories that if otherwise made public, may increase the risk to infrastructure.

Building off of NGA’s 2019 publication on State Protection of CEII, this 55-state and territory map provides an update and overview of state/territory statutes, court rulings, and other relevant actions states and territories have taken to protect CEII and other critical infrastructure information[2] (CII) from public disclosure.

 State Protections of Critical Energy Infrastructure Information

In the map above, you can review the provision in each state and territory that relates to protecting critical energy infrastructure information by clicking on one of the highlighted states or territories. Based on the review conducted, NGA is not aware of statutory protections for CEII in the blank states or territories. Please contact Jenna Johnston (jjohnston@nga.org) and Dan Lauf (dlauf@nga.org) with any questions, corrections, or if your state or territory has information you’d like to have added.

CEII and CII laws help to facilitate critical information for key preparedness and response activities such as executing joint table-top exercises and facilitating intelligence sharing through fusion centers, among others. Information and intelligence sharing provides a community-wide benefit, across all utilities, to be able to identify threats, address gaps, and minimize impacts in a timely fashion. In enacting state-level legislation or regulation, states and territories can help facilitate the establishment of secure communication channels between energy providers, regulatory agencies, and local authorities by safeguarding CEII. These laws can play a factor in fostering stronger information pathways between public and private sector entities.  These efforts can also be further bolstered by establishing and communicating internal state data handling standards or standard operating procedures. Doing so helps energy companies better understand how information is secured. Additional strategies to build trust include inviting utilities to participate in fusion center liaison programs and ensuring information requests to utilities are narrowly scoped with a focus on areas addressing potential community impacts.   

Most states and territories have laws or regulations in place that exempt CEII, or security-related information of critical infrastructure more broadly, from being released through public disclosure requests. States and territories value the importance of public transparency and so these exemptions typically only cover records that could compromise the security of critical infrastructure, primarily focusing on energy, water, and telecommunications systems, and minimize their exposure to potential physical or cyber threats. These records may include blueprints, vulnerability assessments, contingency plans, and information technology (IT) details. The statutes and other actions usually make it incumbent upon the state/territory agency to justify why the information should be exempt from public disclosure, and they also vary in whether it only applies to public-owned infrastructure or infrastructure more broadly.  

As shown on the map:

  • Thirty-four states and two U.S. territories have adopted statutory exemptions for critical infrastructure security information disclosure.
  • Some states such as Alabama directly reference the Federal Energy Regulatory Commission (FERC) definition of CEII, 18 C.F.R. § 388.113. Many states, while not directly citing the FERC definition, describe critical energy infrastructure in similar terms, while others utilize broader language to cover more critical infrastructure.
  • Three states (Oklahoma, South Carolina, and Texas) provide statutory exemptions for critical infrastructure security information submitted or discussed as part of the work of the state public utility commission.
  • Two states (Hawai’i and Washington) have established case law that interprets their state statutes to protect critical infrastructure security information from public disclosure.
  • While not specifically excluding critical infrastructure information from disclosure, states and territories have also taken other actions to protect critical infrastructure information:
    • Maryland statutorily directs the state energy office to, among other duties and responsibilities, collect, analyze, and maintain data related to managing any energy emergency or shortfall on a confidential basis to preserve the confidentiality of the source.
    • Minnesota has statutorily protected some energy data, statistics, and information provided to the Department of Commerce by a coal or petroleum supplier, or any other data that would identify individual business customers of a public utility.

While many states and territories have statutes in place that protect CEII from public disclosure, it is important to build and maintain a strong relationship between key stakeholders, such as the Governor’s office, state energy office, private utilities, public utility commission (PUC), and other relevant entities to foster secure information sharing and protection. Building trust and confidence among these entities can promote an environment that results in quicker threat identification and response to help reduce service interruption and increase energy security and resiliency.  

The National Governors Association Center for Best Practices (NGA Center) thanks the National Association of Regulatory Utility Commissioners (NARUC), National Association of State Energy Officials (NASEO), and the National Conference of State Legislatures (NCSL) for their partnership and contributions to this research. The authors thank the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response for its support of this publication. The authors thank each of the states and territories for their review and feedback.  

[1] The Federal Energy Regulatory Commission defines CEII as, “engineering, vulnerability, or design information about proposed or existing critical infrastructure (physical or virtual) that relates details about the production, generation, transmission, or distribution of energy; could be useful to a person planning an attack; and gives strategic information beyond the location of critical infrastructure.”

[2] 6 USC § 650 defines Critical Infrastructure Information as, “information not customarily in the public domain and related to the security of critical infrastructure or protected systems- (A) actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or other similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal, State, or local law, harms interstate commerce of the United States, or threatens public health or safety; (B) the ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit; or (C) any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to such interference, compromise, or incapacitation.”

This material is based upon work supported by the Department of Energy under Award Numbers DE-CR0000008 and DE-CR0000011.

This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.

Recent News

First Spouses Meet with Second Lady, Convene a ...

Read More

Civility, Federalism, and the Future of Americ ...

Read More

Policy Brief: Outdoor Recreation and Public Health

Read More

State of WIC Policy

Read More

The Power of Service: Governors Lead Efforts t ...

Read More

Innovative Solutions to Child Care and Early C ...

Read More

Supporting States’ Shift to Skills

Read More

Investing in the American Dream

Read More

Preparing for 2026: Governors Focus on Safety, ...

Read More

Governors Take the Lead on Affordability

Read More

The State of Infrastructure: Governors 2026 Pr ...

Read More

Red Tape and Rising Demand: Governors Talk Energy

Read More

Alabama

Alabama Code § 36-12-40, “Records concerning security plans, procedures, assessments, measures, or systems, and any other records relating to or having an impact on the security of persons, structures, facilities, or other infrastructures, including without limitation concerning critical infrastructure (as defined at 42 U.S.C. § 5195c(e) as amended) and critical energy infrastructure information (as defined at 18 C.F.R. § 388.113(c)(1) as amended) the public disclosure of which could reasonably be expected to be detrimental to the public safety or welfare, and records the disclosure of which would otherwise be detrimental to the best interests of the public shall be exempted from this section.”

Arizona

Arizona Revised Stat. § 39-126, “Nothing in this chapter requires the disclosure of a risk assessment that is performed by or on behalf of a federal agency to evaluate critical energy, water, or telecommunications infrastructure to determine its vulnerability to sabotage or attack.”

Hawai’i

Haw. Rev. Stat. §92F-11- 92F-19 was interpreted in an opinion letter, Haw. OIP Opinion Letter No. 07-05 (April 13, 2007), 2007 WL 1267787, to clarify that, “To the extent that public disclosure of information about the physical security of critical energy infrastructure would compromise the security of that infrastructure and expose it to hazards such as vandalism, copper or equipment theft, or other criminal activity, DBEDT may withhold the information under the UIPA’s exception for information whose disclosure would frustrate a legitimate government function.”

Idaho

Idaho Code § 74-105(4)(b) exempts, “Records, other than public expenditure records, related to proposed or existing critical infrastructure held by or in the custody of any public agency only when the disclosure of such information is reasonably likely to jeopardize the safety of persons, property, or the public safety. Such records may include emergency evacuation, escape or other emergency response plans, vulnerability assessments, operation and security manuals, plans, blueprints or security codes. For the purpose of this paragraph, the “system” includes electrical, computer, and telecommunications systems, electric power (including production, generating, transportation, transmission and distribution), and heating, ventilation, and air conditioning. For the purposes of this subsection, “critical infrastructure” means any system or asset, whether physical or virtual, so vital to the state of Idaho, including its political subdivisions, that the incapacity or destruction of such system or asset would have a debilitating impact on state or national economic security, state or national public health or safety, or any combination of those matters.”

Illinois

Illi. Compiled Stat. §5 ILCS 140/7 Sec. 7 exempts, “Architects’ plans, engineers’ technical submissions, and other construction related technical documents for projects not constructed or developed in whole or in part with public funds and the same for projects constructed or developed with public funds, including, but not limited to, power generating and distribution stations and other transmission and distribution facilities, water treatment facilities, airport facilities, sport stadiums, convention centers, and all government owned, operated, or occupied buildings, but only to the extent that disclosure would compromise security.”

Indiana

Ind. Code §5-14-3-4 (b)(19)(J) exempts, “Infrastructure records that disclose the configuration of critical systems such as communication, electrical, ventilation, water, and wastewater systems.”

Iowa

Iowa Code 22.7 – 71 exempts, “Information and records related to cyber security information or critical infrastructure, the disclosure of which may expose or create vulnerability to critical infrastructure systems, held by the utilities commission or the department of homeland security and emergency management for purposes relating to the safeguarding of telecommunications, electric, water, sanitary sewage, storm water drainage, energy, hazardous liquid, natural gas, or other critical infrastructure systems. For purposes of this subsection, “cyber security information” includes but is not limited to information relating to cyber security defenses, threats, attacks, or general attempts to attack cyber system operations.”

Kansas

Statute K.S.A. 45-221 (12) exempts, “Records of emergency or security information or procedures of a public agency, if disclosure would jeopardize public safety, including records of cybersecurity plans, cybersecurity assessments and cybersecurity vulnerabilities or procedures related to cybersecurity plans, cybersecurity assessments and cybersecurity vulnerabilities, or plans, drawings, specifications or related information for any building or facility that is used for purposes requiring security measures in or around the building or facility or that is used for the generation or transmission of power, water, fuels or communications, if disclosure would jeopardize security of the public agency, building or facility.”

Kentucky

Ky. Rev. Stat. § 61.878(1)(m)(1) exempts, “Infrastructure records that expose a vulnerability referred to in this subparagraph through the disclosure of the location, configuration, or security of critical systems, including public utility critical systems. These critical systems shall include but not be limited to information technology, communication, electrical, fire suppression, ventilation, water, wastewater, sewage, and gas systems…” and “The following records when their disclosure will expose a vulnerability referred to in this subparagraph: detailed drawings, schematics, maps, or specifications of structural elements, floor plans, and operating, utility, or security systems of any building or facility owned, occupied, leased, or maintained by a public agency…”

Maine

Me. Rev. Stat. tit. 1, §402(3)(L) exempts, “Records describing security plans, security procedures or risk assessments prepared specifically for the purpose of preventing or preparing for acts of terrorism, but only to the extent that release of information contained in the record could reasonably be expected to jeopardize the physical safety of government personnel or the public. Information contained in records covered by this paragraph may be disclosed to the Legislature or, in the case of a political or administrative subdivision, to municipal officials or board members under conditions that protect the information from further disclosure. For purposes of this paragraph, “terrorism” means conduct that is designed to cause serious bodily injury or substantial risk of bodily injury to multiple persons, substantial damage to multiple structures whether occupied or unoccupied or substantial physical damage sufficient to disrupt the normal functioning of a critical infrastructure.”

Maryland

Maryland Statute §9–2005 states, “The Administration shall have the following additional duties and responsibilities concerning the State’s preparedness for, and management of, general energy emergencies and shortfalls:…(4) to collect, analyze, evaluate, and maintain on a proprietary basis so as to preserve the confidentiality of its source, data related to managing any energy emergency or shortfall.”

Michigan

MCL 15.243 states, “Records or information of measures designed to protect the security or safety of persons or property, or the confidentiality, integrity, or availability of information systems, whether public or private, including, but not limited to…risk planning documents, threat assessments, domestic preparedness strategies, and cybersecurity plans, assessments, or vulnerabilities, unless disclosure would not impair a public body’s ability to protect the security or safety of persons or property or unless the public interest in disclosure outweighs the public interest in nondisclosure in the particular instance.”

Minnesota

Minnesota Stat. 13.68 states that, “Energy and financial data, statistics, and information furnished to the commissioner of commerce by a coal supplier or petroleum supplier, or information on individual business customers of a public utility pursuant to section 216C.16 or 216C.17, either directly or through a federal department or agency are classified as nonpublic data as defined by section 13.02, subdivision 9.”

Oklahoma

Oklahoma Statutes § 24A.22 (A) “The Corporation Commission shall keep confidential those records of a public utility, its affiliates, suppliers and customers which the Commission determines are confidential books and records or trade secrets.”

Oregon

Oregon Statutes § 276A.509 (b) “A public body that shares geospatial framework data in accordance with subsection (1) of this section may…(D) Withhold from public disclosure geospatial framework data that the council designates by rule as critical infrastructure information.”

South Carolina

S.C. Code Ann. Section 58-4-55 states, “[T]he regulatory staff, in accomplishing its responsibilities under Section 58-4-50 and Section 58-4-51, may require the production of books, records, and other information to be produced at the regulatory staff’s office, that, upon request of the regulatory staff, must be submitted under oath and without the requirement of a confidentiality agreement or protective order being first executed or sought. The regulatory staff must treat the information as confidential or proprietary unless or until the commission rules such information is not entitled to protection from public disclosure or the public utility, the Public Service Authority, or the electric cooperative agrees that such information is no longer confidential or proprietary. Unless the commission’s order contains a finding to the contrary, all documents or information designated as confidential or proprietary pursuant to this subsection are exempt from public disclosure…”

Alaska

Alaska Stat. § 40.25.120(a)(10) exempts, “Records or information pertaining to a plan, program, or procedures for establishing, maintaining, or restoring security in the state, or to a detailed description or evaluation of systems, facilities, or infrastructure in the state, or to a detailed description or evaluation of systems, facilities, or infrastructure in the state.”

Arkansas

Arkansas Code § 25-19-105(a)(10) exempts, “Records, including analyses, investigations, studies, reports, recommendations, requests for proposals, drawings, diagrams, blueprints, and plans containing information relating to security for any public water system or municipally owned utility system.”

California

California Gov’t Code § 6254(ab) exempts, “Critical infrastructure information, as defined in Section 131(3) of Title 6 of the United States Code, that is voluntarily submitted to the California Office of Homeland Security for use by that office…”

Colorado

Colorado Rev. Stat. §24-72-204 allows information custodians to deny access to records containing, “Specialized details of either security arrangements or investigations or the physical and cyber assets of critical infrastructure, including the specific engineering, vulnerability, detailed design information, protective measures, emergency response plans, or system operational data of such assets that would be useful to a person in planning an attack on critical infrastructure but that does not simply provide the general location of such infrastructure.”

Connecticut

Connecticut Gen. Stat. Sec 1-14-210 (b) (19) exempts, “Records when there are reasonable grounds to believe disclosure may result in a safety risk, including the risk of harm to any person, harm to any government-owned or leased institution or facility or any fixture or appurtenance and equipment attached to, or contained in, such institution or facility, except that such records shall be disclosed to a law enforcement agency upon the request of the law enforcement agency.” Per the statute, “government-owned or leased institution or facility” includes, but is not limited to, “an institution or facility owned or leased by a public service company as defined in section 16-1, other than a water company, as defined in section 25-32a, a certified telecommunications provider, as defined in section 1601, or a municipal utility that furnishes electric or gas service, but does not include an institution or facility owned by the federal government.”

Delaware

Del. Code § 29-100-10002(19) exempts, “The following records, which, if copied or inspected, could jeopardize the security of any structure owned by the State or any of its political subdivisions, or could facilitate the planning of a terrorist attack, or could endanger the life or physical safety of an individual.” This includes “Building plans, blueprints, schematic drawings, diagrams, operational manuals or other records of electric transmission lines and substations, high-pressure natural gas pipelines and compressor stations.”

Florida

Florida Statutes Title 10 119.0725 states that, “The following information held by an agency is confidential and exempt from s. 119.07(1) and s. 24(a), Art. I of the State Constitution… (b) Information relating to critical infrastructure.”

Massachusetts

Massachusetts General Law § 1-4-7 (26)(n) exempts, “records, including, but not limited to, blueprints, plans, policies, procedures and schematic drawings, which relate to internal layout and structural elements, security measures, emergency preparedness, threat or vulnerability assessments, or any other records relating to the security or safety of persons or buildings, structures, facilities, utilities, transportation, cyber security or other infrastructure located within the commonwealth, the disclosure of which, in the reasonable judgment of the record custodian, subject to review by the supervisor of public records under subsection (c) of section 10 of chapter 66, is likely to jeopardize public safety or cyber security.”

Missouri

Mo. Rev. Stat. §610.021 exempts, “Existing or proposed security systems and structural plans of real property owned or leased by a public governmental body, and information that is voluntarily submitted by a nonpublic entity owning or operating an infrastructure to any public governmental body for use by that body to devise plans for protection of that infrastructure, the public disclosure of which would threaten public safety…”

Nebraska

NE Code § 84-712.05 exempts “Information that relates details of physical and cyber assets of critical energy infrastructure or critical electric infrastructure, including (a) specific engineering, vulnerability, or detailed design information about proposed or existing critical energy infrastructure or critical electric infrastructure that (i) relates details about the production, generation, transportation, transmission, or distribution of energy, (ii) could be useful to a person in planning an attack on such critical infrastructure, and (iii) does not simply give the general location of the critical infrastructure and (b) the identity of personnel whose primary job function makes such personnel responsible for (i) providing or granting individuals access to physical or cyber assets or (ii) operating and maintaining physical or cyber assets, if a reasonable person, knowledgeable of the electric utility or energy industry, would conclude that the public disclosure of such identity could create a substantial likelihood of risk to such physical or cyber assets. Subdivision (10)(b) of this section shall not apply to the identity of a chief executive officer, general manager, vice president, or board member of a public entity that manages critical energy infrastructure or critical electric infrastructure. The lawful custodian of the records must provide a detailed job description for any personnel whose identity is withheld pursuant to subdivision (10)(b) of this section. For purposes of subdivision (10) of this section, critical energy infrastructure and critical electric infrastructure mean existing and proposed systems and assets, including a system or asset of the bulk-power system, whether physical or virtual, the incapacity or destruction of which would negatively affect security, economic security, public health or safety, or any combination of such matters”

Nevada

NRS 239C.210 (2)(b) exempts, “Drawings, maps, plans or records that reveal the critical infrastructure of primary buildings, facilities and other structures used for storing, transporting or transmitting water or electricity, natural gas or other forms of energy, fiber optic cables, microwave towers or other vertical assets used for the transmission or receipt of data or communications used by response agencies and public safety and public health personnel.”

New Jersey

Under NJ Revised Statutes 47:1A-1.1, “A government record shall not include the following information which is deemed to be confidential for the purposes of P.L.1963, c.73 (C.47:1A-1 et seq.) as amended and supplemented… emergency or security information or procedures for any buildings or facility which, if disclosed, would jeopardize security of the building or facility or persons therein;”

New York

N.Y. Pub. Off. Law §89 5. (a) (1) (1-a), “A person or entity who submits or otherwise makes available any records to any agency, may, at any time, identify those records or portions thereof that may contain critical infrastructure information, and request that the agency that maintains such records except such information from disclosure under subdivision two of section eighty-seven of this article.”

North Carolina

N.C. Gen. Stat. §132-1.7(a), “Public records, as defined in G.S. 132-1, shall not include sensitive public security information, which means any of the following:…(5) Specific engineering, vulnerability, or detailed design information about proposed or existing critical infrastructure, whether physical or virtual, for the production, generation, transmission, or distribution of energy.”

North Dakota

NDCC §44-04-24 (1) exempts, “A security system plan kept by a public entity, and records regarding disaster mitigation, preparation, response, vulnerability, or recovery, or for cybersecurity planning, mitigation, or threat, are exempt from the provisions of section 44-04-18 and section 6 of article XI of the Constitution of North Dakota.”

Ohio

Ohio Statutes § 149.433 (B)(1), “Except as otherwise provided in division (B)(4) of this section, a record kept by a public office that is a security record is not a public record under section 149.43 of the Revised Code and is not subject to mandatory release or disclosure under that section.”

Pennsylvania

Pennsylvania Statues § 67.708. (b), “(3) A record, the disclosure of which creates a reasonable likelihood of endangering the safety or the physical security of a building, public utility, resource, infrastructure, facility or information storage system… (4) A record regarding computer hardware, software and networks, including administrative or technical records, which, if disclosed, would be reasonably likely to jeopardize computer security.”

Rhode Island

R.I.G.L. § 38-2-2(4)(B) and (4)(F): “(4) “…For the purposes of this chapter, the following records shall not be deemed public: … (B) Trade secrets and commercial or financial information obtained from a person, firm, or corporation that is of a privileged or confidential nature. … (F) Scientific and technological secrets and the security plans of military and law enforcement agencies, the disclosure of which would endanger the public welfare and security. See also 810-RICR-00- 00-1-1.3(H)(3) of the PUC’s Rules of Practice and Procedure.

South Dakota

South Dakota Code § 1-27-1.5 (8) exempts, “Information pertaining to the protection of public or private property and any person on or within public or private property including: (a) Any vulnerability assessment or response plan intended to prevent or mitigate criminal acts; (b) Emergency management or response; (c) Public safety information that would create a substantial likelihood of endangering public safety or property, if disclosed; (d) Cyber security plans, computer or communications network schema, passwords, or user identification names; (e) Guard schedules; (f) Lock combinations; and (g) Any blueprint, building plan, or infrastructure record regarding any building or facility that would expose or create vulnerability through disclosure of the location, configuration, or security of critical systems of the building or facility”

Tennessee

Tenn. Code § 10-7-504(a)(21)(A) outlines, “The following records shall be treated as confidential and shall not be open for public inspection: (i) Records that would allow a person to identify areas of structural or operational vulnerability of a utility service provider or that would permit unlawful disruption to, or interference with, the services provided by a utility service provider; (ii) All contingency plans of a governmental entity prepared to respond to or prevent any violent incident, bomb threat, ongoing act of violence at a school or business, ongoing act of violence at a place of public gathering, threat involving a weapon of mass destruction, or terrorist incident.”

Texas

Texas Code Title 5. Subtitle A. Sec. 551.089 outlines, “This chapter does not require a governmental body to conduct an open meeting to deliberate: (1) security assessments or deployments relating to information resources technology; (2) network security information as described by Section 2059.055(b); or (3) the deployment, or specific occasions for implementation, of security personnel, critical infrastructure, or security devices.”

Vermont

Vermont Statutes 1 V.S.A. § 317 states: “(c) The following public records are exempt from public inspection and copying:..(32) With respect to publicly owned, managed, or leased structures, and only to the extent that release of information contained in the record would present a substantial likelihood of jeopardizing the safety of persons or the security of public property, final building plans, and as-built plans, including drafts of security systems within a facility, that depict the internal layout and structural elements of buildings, facilities, infrastructures, systems, or other structures owned, operated, or leased by an agency…(43) Records relating to a regulated utility’s cybersecurity program, assessments, and plans, including all reports, summaries, compilations, analyses, notes, or other cybersecurity information.”

Virginia

Code of Virginia § 2.2-3705.2.(14)(a) exempts, “Critical infrastructure information or the location or operation of security equipment and systems of any public building, structure, or information storage facility, including ventilation systems, fire protection equipment, mandatory building emergency equipment or systems, elevators, electrical systems, telecommunications equipment and systems, or utility equipment and systems…”

Washington

In Northwest Gas Association v. Washington Utilities & Transportation Commission (2007), the Court of Appeals of Washington ruled to “reverse the trial court’s order that the WUTC disclose the requested shapefile data and the trial court’s denial of a preliminary injunction.” This has created precedent in the state for certain energy security-related information to be protected from public disclosure.”

West Virginia

W. Va. Code § 29B-1-4 outlines, “(a) There is a presumption of public accessibility to all public records, subject only to the following categories of information which are specifically exempt from disclosure under this article… (17) Specific engineering plans and descriptions of existing public utility plants and equipment.”

Wyoming

Wyoming Statute § 16-4-203 (2024) (b)(vi) exempts information from public disclosure, “[t]o the extent that the inspection would jeopardize the security of any structure owned, leased or operated by a governmental entity, facilitate the planning of a terrorist attack or endanger the life or physical safety of an individual…”

Puerto Rico

Under Laws of Puerto Rico Title 22 § 196 states that Puerto Rico Electric Power Authority (PREPA), “documents and information shall be made available to those customers who so request, except for… (9) matters of public security involving threats against PREPA, its property or employees.”

U.S. Virgin Islands

USVI Code Title 3, § 881 states, “(g) The following public records shall be kept confidential, unless otherwise ordered by a court, by the lawful custodian of the records, or by another person duly authorized to release information…14. Confidential information affecting Homeland Security.”

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. Please see our privacy policy for more information.