Information disclosure and security information protection at water utilities

The water utilities have been focusing greatly on efforts and concern on system security after terrorist attacks of September 11, 2001. The Bioterrorism Preparedness and Response Act of 2002 requires systems serving more than 3300 people to conduct security-oriented vulnerability assessments (VA) of their facilities. These VAs should meet the requirements that are specified by the US Environmental Protection Agency (USEPA) and must be documented in the reports submitted to the USEPA. The Bioterrorism Act exempted VAs from the Freedom of Information Act (FOIA) release and specified various protections from such reports. FOIA laws have included various types and levels of exemption including trade secrets, confidential business information, law enforcement records, and personal information. Information management protocols should be flexible to address access to utility information by customers, general public, utility partners, and regulatory agencies and oversight bodies.