14 Jan 2008, Grace Mastalli, Joe Whitly, and Justina Sessions
Synopsis
Sharing of sensitive information regarding the security and vulnerability of critical infrastructures, such as financial, transportation, telecommunications, energy, health, and chemical facilities, is essential to homeland security. Companies can only be expected to provide this sensitive information voluntarily, however if they are confident that it will be protected from public disclosure and will not be inappropriately shared. Presently the Protected Critical Information (PCII), Sensitive Security Information(SSI) and Chemical Vulnerability Information (CVI) programs provide some, but not absolute, protection for such sensitive information. The very complexity of these specialized information access and control regimes have limited their utility while at the same time making them subject to public and Congressional criticism.
Recently, Congress explored elimination of the CVI; FOIA amendments were enacted to cut back on the disclosure exemptions; and the Administration indicated that its long delayed Guideline 3 Report on standardizing marking and handling procedures applicable to shared homeland security, terrorism, and law enforcement Controlled Unclassified Information (CUI) will soon be issued. The CUI recommendations are expected to propose a governance regime and policy framework initially mandated only for information within the scope of the ISE. Carefully designed and implemented CUI reforms have the potential of reducing costs while improving the effectiveness of information control. The Department of Homeland Security (DHS), although only one of many agencies to be covered by the CUI framework, with the National Archives and Records Administration (NARA) will be among the most heavily involved in implementation.
Businesses possessing sensitive homeland security-related information must appreciate the complexity of the existing legal regimes and the dynamic policy environment in which additional changes will be made. Private sector stakeholders need to engage in the policy process to address implementation of the just enacted FOIA-amendments and additional proposed legislative actions, funding constraints and other challenges to achieving the right balance among competing interests.
Since the September 2007 publication of this article, S. 2488, The 2007 Freedom of Information Act Amendments, was signed into law on December 31, 2007. Some of the FOIA Amendments’ provisions took effect immediately upon enactment. Of particular importance to business is the creation of the Office of Government Information Services at the National Archives and Records Administration (NARA).