Skip to main content
A Better Partnership

Ahead of the Curve Auto Supplier Blog

March 20, 2018

Cybersecurity and Roads Data Gain Protection from Public Disclosure

On March 19, 2018, Michigan Governor Rick Snyder signed into law a new set of exemptions protecting certain types of information from disclosure under the state’s Freedom of Information Act. The measures are designed to protect the confidentiality, integrity, and availability of certain information systems, as well as cybersecurity plans, assessments, or vulnerabilities.
Specifically excluded from disclosure is “information that would reveal the identity of a person who could, as a result of disclosure of the information, become a victim of a cybersecurity incident, or that would reveal the person's cybersecurity plans, or cybersecurity-related practices.” These amendments were prompted by concern that private companies that experience data breaches and other cybersecurity have been reluctant to disclose information about the incidents to the public authorities charged with preventing them, out of fear that, once in the hands of a public body, that data could then be available to the general public—including to bad actors who would use the data to do further harm to the victims.
The new law also exempts data related to transportation infrastructures. Specifically, the amendment exempts from disclosure “Research data on road and attendant infrastructure collected, measured, recorded, processed, or disseminated by a public agency or private entity, or information about software or hardware created or used by the private entity for such purposes.” This provision was added late in the legislative process by the Senate to the House bill, which had originally dealt only with cybersecurity, and remained in the final consensus version sent to the Governor. The language of this provision raises several questions. What is “research data,” and how does it differ from other types of data? Does traffic data qualify? Does the inclusion of this provision within a cybersecurity bill suggest that it is intended to promote the development of vehicle-to-infrastructure digital communication networks, or is it a more defensive reaction to concerns over crumbling physical roadways? These and similar questions remain for the courts, or future legislation, to clarify.

NOTICE. Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you.

By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.

Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.



+ -