|As a result of the heightened level of interest in the vulnerability of American communities to terrorism following the events of September 11, 2001, the public is likely to be keenly interested in efforts to protect people, buildings, and systems from terrorism and other technological disasters. This presents both benefits and challenges, because much of the same information that can be used to rally public support for mitigation planning can also be of use to potential terrorists, saboteurs, or others with malevolent intent. New security realities demand that we re-evaluate the way in which we think about information sensitivity, in particular how, where, when, and with whom we discuss risks, vulnerabilities, and protective (mitigation) measures. In addition to the overarching public safety rationale for protecting such sensitive information from those who would use it against us, the owners and operators of many community assets may be reluctant to reveal their own security shortcomings due to concerns about liability, perception of vulnerability or weakness, and general security-consciousness.
Communities can address this problem in two ways: first, by ensuring that sensitive information is handled in such a way as to maintain its security, and second, by implementing adequate protections to ensure that sensitive information is not released when it is requested by persons who don't have a justifiable reason (or "need to know") for obtaining the information.
Internal handling procedures: State and local governments may have the ability to assign "For Official Use Only" (FOUO) status or a similar designation to information that is privileged, sensitive, or otherwise should be protected from circulation or disclosure to the public. However, such measures often lack formal handling procedures and enforceability. Communities are encouraged to review their handling procedures to ensure that sensitive information in their possession can be authoritatively designated as such and protected appropriately, and once proper procedures are in place they should be applied and adhered to rigorously.
Withholding sensitive information: In keeping with the democratic tradition, Federal and state laws generally require that government proceedings and documents be accessible to the public. These laws, often called "sunshine laws" or "freedom of information" laws, usually require public access to meetings whenever a commission, committee, board, task force or other official group meets to discuss public business. They also require that most government documents and records be made available to the public upon request. While these laws seek to keep governmental processes in the open, many of them establish disclosure exemptions for various types of sensitive information. Your community's legal staff can advise you on the sunshine laws in your jurisdiction and help you determine how these laws may impact your ability to protect sensitive information. Furthermore, you should understand the specific procedures required to withhold documents and hold closed meetings as necessary to protect sensitive information from disclosure to anyone without a "need to know".