North Dakota Code 44-04-24 – Security system plan – Disaster and cybersecurity information – Exemption
1. A security system plan kept by a public entity, and records regarding disaster mitigation, preparation, response, vulnerability, or recovery, or for cybersecurity planning, mitigation, or threat, are exempt from the provisions of section 44-04-18 and section 6 of article XI of the Constitution of North Dakota.
Terms Used In North Dakota Code 44-04-24
- State: when applied to the different parts of the United States, includes the District of Columbia and the territories. See North Dakota Code 1-01-49
2. As used in this section:
a. “Critical infrastructure” means public buildings, systems, including telecommunications centers and computers, power generation plants, dams, bridges, and similar key resources, and systems related to utility services, fuel supply, energy, hazardous liquid, natural gas, or coal, whether physical or virtual, so vital to the state that the incapacity or destruction of these systems would have a debilitating impact on security, state economic security, state public health or safety, or any combination of those matters.
b. “Security system plan” includes:
(1) Records, information, photographs, audio and visual presentations, schematic diagrams, surveys, recommendations, communications, or consultations relating directly to the physical or electronic security of a public facility, or any critical infrastructure, whether owned by or leased to the state or any of its political subdivisions, or any privately owned or leased critical infrastructure if the plan or a portion of the plan is in the possession of a public entity; (2) Information relating to cybersecurity defenses, or threats, attacks, attempted attacks, and vulnerabilities of cyber system operations relating directly to the physical or electronic security of a public facility, or any critical infrastructure, whether owned by or leased to the state or any of its political subdivisions, or any privately owned or leased critical infrastructure if the information is in the possession of a public entity; (3) Threat assessments; (4) Vulnerability and capability assessments conducted by a public entity, or any private entity; (5) Threat response plans; and
(6) Emergency evacuation plans.
3. This exemption applies to security system plans received by a public entity before, on, or after March 20, 2003.
4. Nothing in this section may be construed to limit disclosure required for necessary construction, renovation, or remodeling work on a public building. Disclosure under this subsection does not constitute public disclosure.
5. Records deemed exempt under this section and disclosed to another entity continue to be exempt in the possession of the receiving entity.