Facts and Procedural History:

On October 14, 2003, the Commissioner received a letter, dated October 13, 2003, from Cecil Selness, Director of the Office of Freight and Commercial Vehicle Operations (OFCVO) at the Minnesota Department of Transportation (Mn/DOT). In his letter, Mr. Selness asked the Commissioner to issue an opinion regarding certain data Mn/DOT collects and maintains.

A summary of the facts is as follows. In his letter, Mr. Selness wrote:

Pursuant to Minn. Stat. section221.0355, OFCVO has the responsibility to administer the Uniform Hazardous Material and Hazardous Waste Registration and Permit Requirements Program (UHMRP). This program requires persons who transport or ship hazardous material or hazardous waste (hazmat) by motor vehicle on the public highways or by railroad or waterway, in inter- and intrastate commerce to register with this office. Through the registration application...OFCVO collects a significant amount of information regarding the applicant's hazmat business. The information that OFCVO collects that is relevant to this inquiry includes: name and address of applicant company, classes or divisions of hazmat shipped or carried, and terminals owned and/or operated by the applicant. Minn. Stat. section221.0355 classifies some of the application data as private or nonpublic....

[The data classified in section 221.0355] refers to financial data that should be private or nonpublic due to competitive business reasons. The remainder of the application data, particularly the data described above that is relevant to this request, are presumed to be public because the data are not otherwise specifically classified in state or federal statute. In addition to administering the UHMRP, OFCVO also administers a variety of programs and activities to support the safe, efficient movement of goods in Minnesota as well as being responsible for a variety of planning activities such as the development of rail and waterway plans and freight movement studies. Pertinent to this request is a proposed study for this fiscal year to obtain data relating to hazmat commodity flows within Minnesota.

Through the study, OFCVO would collect hazmat information from shippers, carriers, and receivers to develop a database that would demonstrate hazmat multi-modal freight flows on the state's transportation system. Specific data to be collected in the proposed study are hazmat shipping locations within Minnesota by commodity and mode of shipment, hazmat receiving locations, and specific routes that hazmat are transported by commodity and mode of shipment.

Issue:

In his request for an opinion, Mr. Selness asked the Commissioner to address the following issue:

Do the following data that the Minnesota Department of Transportation collects and maintains meet the definition of security information as that term is defined in Minnesota Statutes, section 13.37, subdivision 1(a): Information on physical addresses of hazmat shipper and carrier facilities; Specific information on classes or divisions of hazmat shipped, carried, or stored; Terminals owned and/or operated by the applicant; Information on numbers and sizes of cargo tanks operated; and Specific information on routes of movement, volumes and frequency of movement, and origins/destinations of hazmat shipments?

---

Discussion:

Pursuant to Minnesota Statutes, section 13.03, subdivision 1, government data are public unless otherwise classified.

Section 13.37, subdivision 2, classifies security information as private (data on individuals) and nonpublic (data not on individuals).

In relevant part, section 13.37, subdivision 1(a), defines security information as:

...government data the disclosure of which would be likely to substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury....

In his opinion request, Mr. Selness wrote:

As previously noted...the hazmat data OFCVO currently collects, with the exception of a limited amount of application data not applicable here, and proposes to collect, appears to be public. However, this office believes that the data could be classified as security information as that term is defined at Minn. Stat. section13.37, subd. 1(a). OFCVO's rationale for this belief is that hazmat transportation data, in the wrong hands, can pose a significant security threat, particularly if the hazmat can be used to make weapons of mass destruction. As you know, weapons of mass destruction are a special concern following the events of September 11, 2001, both at the state and national level. Shortly after September 11, the USDOT removed information on the classes and divisions of hazardous materials carried by transporters from its public information web site. This removal was done to make it more difficult to identify which hazardous materials a specific carrier transported. This information is now only available through a secure website that can be accessed only by motor carrier enforcement officers and other persons with a legitimate need to know.

If the previously described hazmat information were considered public data, a potential terrorist or criminal could use this information to develop targets of opportunity for hazardous materials thefts, hijacking of hazmat trucks, or attacking the hazmat facility itself. Hazmat data would allow a person or organization to locate the specific materials they may want for an attack.

The Commissioner addressed a similar issue in Advisory Opinion 02-014. The Commissioner wrote:

The Commissioner has previously opined that section 13.37, subdivisions 1(a) and 2, may not be employed as a blanket classification scheme, but instead applies to otherwise public data in those specific situations in which an entity has reason to believe that the disclosure would be likely to substantially jeopardize the security of information, possessions, individuals or property. (See, for example, Advisory Opinions 98-046 and 01-029.)

However, in certain circumstances, the Commissioner has deferred to the expertise of another government entity in exercising the broad discretion provided under section 13.37 to protect data. In Advisory Opinion 01-006, the Commissioner opined:

The Commissioner of Public Safety is charged by law with the responsibility of providing the Governor's security detail, and for protecting the Governor's person. The Commissioner of Public Safety and his staff have the training, experience, and expertise to determine security risk in this regard, and how this security function is to be best performed. See Cable Communications Board v. Nor-West Cable Communications Partnership, 356 N.W.2nd 658, 668 (Minn. 1984); In re the Petition to Adopt S.T. and N.T., 497 N.W.2d 625, 628 (Minn. App. 1993).

Under the circumstances of this case, there is not sufficient showing that the Commissioner of Public Safety is acting arbitrarily or beyond the scope of his responsibility in determining that release of the specific data in question presents a security risk to the person of the Governor. This office is not in a position to overrule this determination.

(See also Advisory Opinion 01-048.)

A similar analysis holds here. Government personnel charged with assessing the vulnerability of public utility delivery systems must be granted the authority to protect the integrity of those systems. Accordingly, if those responsible persons within a government entity determine that the disclosure of any of the data detailed above would be likely to substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury, then those data may properly be classified as not public security information, pursuant to section 13.37.

The Commissioner wants to emphasize that, in the exercise of this discretion, a government entity must have reason to believe that public disclosure of such data would likely lead to substantial jeopardy. The entity cannot simply protect data from disclosure under section 13.37 on an arbitrary basis, but must base the determination on reasoned analysis.

In the present case, Mn/DOT is responsible for monitoring the transportation of hazardous material and waste. Mn/DOT also administers a variety of programs and activities to support the safe and efficient movements of goods in Minnesota. Mn/DOT, therefore, possesses the expertise, experience, and training to determine whether release of the data in question likely will substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury. Mr. Selness' reasonable argument is that the hazmat transportation data, in the wrong hands, could pose a significant threat. Thus, the data in question may properly be classified as not public security information pursuant to section 13.37.

---

Opinion:

Based on the facts and information provided, my opinion on the issue that Mr. Selness raised is as follows:

The following data that the Minnesota Department of Transportation collects and maintains meet the definition of security information as that term is defined in Minnesota Statutes, section 13.37, subdivision 1(a): Information on physical addresses of hazmat shipper and carrier facilities; Specific information on classes or divisions of hazmat shipped, carried, or stored; Terminals owned and/or operated by the applicant; Information on numbers and sizes of cargo tanks operated; and Specific information on routes of movement, volumes and frequency of movement, and origins/destinations of hazmat shipments.

Signed:

Brian J. Lamb
Commissioner

Dated: October 29, 2003

---