April 5, 2002; City of Rochester
4/5/2002 10:14:43 AM
This is an opinion of the Commissioner of Administration issued pursuant to section 13.072 of Minnesota Statutes, Chapter 13 - the Minnesota Government Data Practices Act. It is based on the facts and information available to the Commissioner as described below.
Facts and Procedural History:On March 14, 2002, IPAD received a letter from Terry L. Adkins, Attorney for the City of Rochester. In this letter, Mr. Adkins asked the Commissioner to issue an advisory opinion regarding the classification of data relating to Rochester's electric and water utility services. A summary of the facts of this matter follows. Mr. Adkins detailed the data in question (see below) and provided the following comments: Data that describes, addresses or relates to a public utility's computer system could, if it falls into the wrong hands, do significant damage to the public's health, safety and welfare. There may be other examples of sensitive public utility data the disclosure of which could compromise or undermine the safe and reliable operation of a public utility. However, the above examples are those that readily come to mind. Obviously, it is the heightened sense of national security that has swept the nation since September 11th that gives rise to these concerns. Someone wanting to perform great harm to a large number of people or to key government facilities may use our public utility systems as the most efficient and direct method to do their work. Those of us who work with and provide legal advice to public utilities need to know the scope and extent of the Minnesota Government Data Practices Act when faced with a request for data concerning the operation of those utilities. We need to have a good understanding of the scope and extent of the 'security information' exemption found in Minn. Stat. Section 13.37 as it applies to public utilities. Issue:In his request for an opinion, Mr. Adkins asked the Commissioner to address the following issue:
Discussion:Security information is defined at Minnesota Statutes, section 13.37, subdivision 1 (a), as government data the disclosure of which would be likely to substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury. Section 13.37, subdivision 2, classifies security information as not public. The Commissioner has previously opined that section 13.37, subdivisions 1(a) and 2, may not be employed as a blanket classification scheme, but instead applies to otherwise public data in those specific situations in which an entity has reason to believe that the disclosure would be likely to substantially jeopardize the security of information, possessions, individuals or property. (See, for example, Advisory Opinions 98-046 and 01-029.) However, in certain circumstances, the Commissioner has deferred to the expertise of another government entity in exercising the broad discretion provided under section 13.37 to protect data. In Advisory Opinion 01-006, the Commissioner opined: The Commissioner of Public Safety is charged by law with the responsibility of providing the Governor's security detail, and for protecting the Governor's person. The Commissioner of Public Safety and his staff have the training, experience, and expertise to determine security risk in this regard, and how this security function is to be best performed. See Cable Communications Board v. Nor-West Cable Communications Partnership, 356 N.W.2nd 658, 668 (Minn. 1984); In re the Petition to Adopt S.T. and N.T., 497 N.W.2d 625, 628 (Minn. App. 1993). Under the circumstances of this case, there is not sufficient showing that the Commissioner of Public Safety is acting arbitrarily or beyond the scope of his responsibility in determining that release of the specific data in question presents a security risk to the person of the Governor. This office is not in a position to overrule this determination. (See also Advisory Opinion 01-048.) A similar analysis holds here. Government personnel charged with assessing the vulnerability of public utility delivery systems must be granted the authority to protect the integrity of those systems. Accordingly, if those responsible persons within a government entity determine that the disclosure of any of the data detailed above would be likely to substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury, then those data may properly be classified as not public security information, pursuant to section 13.37. The Commissioner wants to emphasize that, in the exercise of this discretion, a government entity must have reason to believe that public disclosure of such data would likely lead to substantial jeopardy. The entity cannot simply protect data from disclosure under section 13.37 on an arbitrary basis, but must base the determination on reasoned analysis. Mr. Adkins noted that Rochester operates electric and water utility services, but other Minnesota publicly-owned utilities operate natural gas, district heating and telecommunications services. A similar analysis with respect to the same kinds of data about the operation of those other public utilities is applicable. The Commissioner believes that government entities other than the City of Rochester may rely upon this opinion to protect as security information the kind of data described above that relate to any public utility. (See Minnesota Statutes, sections 13.072, subdivision 2, and 13.08, subdivision 4 (b)(5).) Opinion:Based on the facts and information provided, my opinion on the issue raised by Mr. Atkins is as follows:
Signed: David F. Fisher
Dated: April 5, 2002 |
Security information
Municipal utility customer data (13.685 / 13.612)
Entity reliance on opinion
Entity's discretion to withhold
