Senior Communications Manager
Kirk Nahra Discusses Michigan Legislation to Protect Businesses’ Cybersecurity Plans
Kirk J. Nahra, chair of Wiley Rein’s Privacy & Cybersecurity Practice, was quoted in an October 26 Law360 article about legislation recently passed by the Michigan House of Representatives that would amend the state’s Freedom of Information Act (FOIA) to bar public disclosure of businesses’ cybersecurity plans and assessments. According to the article, cybersecurity experts believe companies will view the legislation favorably, having long been wary of sharing such information with government regulators due to risks that the data could fall into the wrong hands.
“In any situation where these materials would be submitted [to the government], there is a potentially substantial risk to the company if the details of those plans are revealed,” said Mr. Nahra. “So it makes a lot of sense to restrict how these materials would be available under FOIA.”
According to an update from the National Conference of State Legislatures – which was cited in the article – 11 states have introduced bills this year that would restrict public disclosure of sensitive security information. Mr. Nahra said that type of legislation would be “useful across the board to exempt these materials from FOIA release” in states where such records are disclosed to government agencies.
“These materials are not public documents, and no individual company’s details are in the public interest to be released,” Mr. Nahra said.