Pennsylvania Code & Bulletin
COMMONWEALTH OF PENNSYLVANIA

• No statutes or acts will be found at this website.

The Pennsylvania Bulletin website includes the following: Rulemakings by State agencies; Proposed Rulemakings by State agencies; State agency notices; the Governor’s Proclamations and Executive Orders; Actions by the General Assembly; and Statewide and local court rules.

PA Bulletin, Doc. No. 07-2207

PROPOSED RULEMAKING

PENNSYLVANIA PUBLIC UTILITY COMMISSION

[ 52 PA. CODE CHS. 5 AND 102 ]

[37 Pa.B. 6421]
[Saturday, December 8, 2007]

[ L-00070185/57-256 ]

Implementation of the Public Utility Confidential Security Information Disclosure Protection Act

   The Pennsylvania Public Utility Commission (Commission) on August 30, 2007, adopted a proposed rulemaking order which establishes protocols and procedures to be followed when public utilities file records with the Commission containing confidential security information and challenges to the utility's designations or requests to examine records containing confidential security information are made.

Executive Summary

   On November 29, 2006, Governor Edward Rendell signed into law the Public Utility Confidential Security Information Disclosure Protection Act (CSI Act) (35 P. S. §§ 2141.1--2141.6). The CSI Act provides safeguards for confidential security information of public utilities that is provided to State agencies such as the Commission from disclosure that may compromise security against sabotage or criminal or terrorist acts. In creating this mandate of nondisclosure of confidential security information, the CSI Act directs the Commission to develop, among other things: (1) filing protocols and procedures for public utilities to follow when submitting records containing confidential security information; and (2) protocols and procedures to address challenges to the designations or requests to examine records containing confidential security information. 35 P. S. § 2141.3.

   The rulemaking went through an advance notice published in the Pennsylvania Bulletin on May 5, 2007, and the Commission received comments and reply comments from several parties. The proposed regulations in 52 Pa. Code Chapter 102 (relating to confidential security information) spell out the purpose of the new regulations; provide a series of definitions that are identical to the corresponding definitions in the CSI Act, except for ''member of the public,'' which is defined in a way to be consistent with section 2 of the Right-to-Know Law (65 P. S. § 66.2); and address the filing and challenge procedures contemplated by the CSI Act. The proposed regulations address issues such as how a utility is to label confidential security information to be filed with the Commission, how the Commission is to handle previously-filed unmarked records in its possession and how electronic submissions will be treated. The proposed rulemaking also amends § 5.423 (relating to orders to limit availability of proprietary information) by adding a new subsection (g) whose sole purpose is to refer the reader to the new Chapter 102.

Regulatory Review

   Under section 5(a) of the Regulatory Review Act (71 P. S. § 745.5(a)), on November 1, 2007, the Commission submitted a copy of this proposed rulemaking to the Independent Regulatory Review Commission (IRRC) and the Chairpersons of the House and Senate Committees. In addition to submitting the proposed rulemaking, the Commission provided IRRC and the Committees with a copy of a detailed Regulatory Analysis Form prepared by the Commission. A copy of this material is available to the public upon request.

   Under section 5(g) of the Regulatory Review Act, if IRRC has objections to any portion of the proposed rulemaking, it will notify the Commission within 30 days of the close of the public comment period. The notification shall specify the regulatory review criteria that have not been met by the portion of the proposed rulemaking to which an objection is made. The Regulatory Review Act specifies detailed procedures for review, prior to final publication of the amendments, by the Commission, the General Assembly and the Governor of objections raised.

Public Meeting held
August 30, 2007

Commissioners Present: Wendell F. Holland, Chairperson; James H. Cawley, Vice Chairperson; Terrance J. Fitzpatrick; Tyrone J. Christy; Kim Pizzingrilli

Proposed Rulemaking Regarding Implementation of the Public Utility Confidential Security Information Disclosure Protection Act; L-00070185

Implementation of the Public Utility Confidential Security Information Disclosure Protection Act; M-00072014

Proposed Rulemaking Order

By the Commission:

   This proposed rulemaking establishes, in furtherance of the Public Utility Confidential Security Information Disclosure Protection Act (35 P. S. §§ 2141.1--2141.6) (CSI Act), protocols and procedures that must be followed when: (1) public utilities file records with the Commission that contain confidential security information; and (2) challenges to the utility's designations or requests to examine records containing confidential security information are made by members of the public.

A.  Background and Procedural History

   On April 20, 2007, the Commission entered an order at this docket directing an Advance Notice of Proposed Rulemaking be issued to solicit comments regarding the development of the regulations necessary to implement the CSI Act. As stated in the April 20, 2007, order, the purpose of the CSI Act is to create mechanisms for the safeguarding of confidential security information of public utilities that is provided to various state agencies such as the Commission from disclosure that may compromise security against sabotage or criminal or terrorist acts.

   In creating this mandate of nondisclosure of confidential security information, the CSI directs the Commission to develop: (1) filing protocols and procedures for public utilities to follow when submitting records containing confidential security information; (2) protocols and procedures to address challenges to the designations or requests to examine records containing confidential security information; and (3) protocols and procedures to protect public utility records or portions thereof that contain confidential security information from prohibited disclosure by Commission employees. 35 P. S. § 2141.3.

   It is the first two protocols listed above--filing requirements for confidential security information and procedures to address challenges to or requests to review confidentiality designations--we concluded were most appropriate for our rulemaking process because they are procedures to be followed by outside parties such as utilities, ratepayers and the statutory advocates. In the Advance Notice, we particularly asked for comments on the following issues: (1) the factors that should be used to determine whether a public utility's designation of a record or portion thereof as ''confidential security information'' should be upheld by the Commission in the face of a challenge; (2) when InfoMAP is implemented by the Commission, whether electronic filing of documents containing confidential security information should be allowed (or should only hard copies be filed), and if the answer is yes, whether any special rules need to be implemented for electronic filings; and (3) the procedures that should be followed for the statutory advocates to obtain access to the confidential security information when they have a legitimate need to such access.

   The Advance Notice was published at 37 Pa.B. 2098 (May 5, 2007), with a 45-day comment period and a 30-day reply comment period. Comments were received from four parties: the Office of Consumer Advocate (OCA), PECO Energy Company (PECO), the National Association of Water Companies, Pennsylvania Chapter (NAWC), and the Energy Association of Pennsylvania (EAPA). Reply comments were received from OCA, PECO and EAPA. These comments and reply comments are discussed in the ''Comments and Responses Document'' attached to this Order as Appendix A.

B.  Discussion

   We are proposing today a comprehensive set of regulations that will be applicable to all public utilities in this Commonwealth relating to the filing requirements and challenge procedures outlined in the CSI Act that each State agency is directed to create to help ensure the safeguarding of confidential security information from unwanted disclosure. These proposed regulations reflect our consideration of all the comments and reply comments filed under the Advance Notice, while attempting to satisfy the legislative intent and meaning of the various provisions of the CSI Act. We appreciate and thank all the commenting parties who provided worthwhile suggestions to aid the Commission in the development of its proposed regulations.

   As an initial matter, we believe that the proposed regulations fit naturally as a new chapter in Subpart E (relating to public utility security planning and readiness) of our existing regulations dealing with public utility security planning and readiness. However, it is also probable that parties in the future may try to find our confidential security information rules under our existing process in Chapter 5 (relating to formal proceedings) for determining the availability of proprietary information, specifically § 5.423 (relating to orders to limit availability of proprietary information). We have, therefore, suggested adding in our proposed regulations a new § 5.423(g) that refers the reader to the new chapter in Subpart E to ensure that the proper process is used from the outset.

   Proposed § 102.1 (relating to purpose) spells out the purpose of the new regulations, which is to establish the filing requirements and challenge procedures relating to confidential security information as mandated by the CSI Act. Proposed § 102.2 (relating to definitions) provides a series of definitions that are identical to the corresponding definitions in the CSI Act, except for ''member of the public,'' which is not specifically defined in the statute. We have defined ''member of the public'' to be consistent with the Right-to-Know Law, which gives access to public records to ''any citizen of the Commonwealth of Pennsylvania.'' However, given that confidential security information may be relevant in litigation pending before the Commission, including rate cases and safety-related cases, we believe it is appropriate to clarify that ''member of the public'' also includes public utilities certified by the Commission, the statutory advocates who represent Pennsylvania consumers and small businesses, and the Commission's own Office of Trial Staff and prosecutory staff, all of who regularly participate in litigation before the Commission.

   Proposed § 102.3 (relating to filing procedures) addresses the filing procedures mandated by the CSI Act. Subsection (a), which has its genesis from recommendations made by EAPA and PECO in their respective comments, requires utilities, unless directed by the Commission or its staff to do otherwise, to maintain any record containing confidential security information on site and to rely on the Commission's self-certification process described in Chapter 101 (relating to public utility preparedness through self certification) of the Commission's regulations. We also believe this recommended procedure will minimize the Commission's storage costs and Commission staff's exposure to possible sanctions that could result from mishandling confidential security information filed with the Commission. These were some of the concerns expressed by the OCA in advocating that the Commission should take a stringent view of what type of information should be categorized as confidential security information.

   Subsection (b) spells out requirements that are already in the CSI Act, except that subsection (b)(3) spells out further how a public utility shall label confidential security information to be filed with the Commission to ensure that it is properly handled by Commission staff. Similarly, subsection (c) is consistent with the mandates of the CSI Act, which places the burden on the public utility to identify records that contain confidential security information or lose the protections afforded by the statute. The proposed regulation in the last sentence makes clear that any record not properly identified as confidential security information will be treated as a public document and be made available under the Right-to-Know Law.

   Subsections (d) and (e) relating to the status of previously-filed unmarked records and the Commission's responsibility for handling unmarked records that may contain confidential security information both come from suggestions made by NAWC in its comments to address areas not expressly covered by the CSI Act, but which nevertheless pose potentially serious liability issues for Commission employees. We believe the proposed regulations contain common sense approaches to dealing with the two issues that protect our employees while maximizing the protections afforded by the statute in areas not expressly covered by the statute.

   Subsection (f) deals expressly with one of the areas we asked for specific comments in the Advance Notice--electronic submissions. The proposed regulation acknowledges the Commission's inability at present to handle electronic submissions that would ensure the confidentiality of the filed information and, therefore, provides that until the Commission develops adequate safeguards and notifies the public utility industry that it has developed such safeguards, electronic submissions will be treated as public filings. This proposed regulation is consistent with the unanimous recommendation of all the commenting parties of not supporting electronic filing until appropriate encryption and special software is implemented by the Commission. It is also consistent with the internal procedures recently prepared by the Department of Environmental Resources Policy Office that became effective May 29, 2007, addressing the same issue.

   Final § 102.4 (relating to challenge procedures to confidentiality designation) addresses challenge procedures to confidentiality designations and requests to review records containing confidential security information. Proposed subsection (a) spells out the general procedures that will be followed whenever there is a challenge or request to review. This provision makes clear that only records filed with the Commission are subject to this provision while records maintained on-site by the utilityare not subject to this provision. The proposed regulation would require the Commission to issue a Secretarial Letter to notify the public utility of the challenge or request to review. In adversarial cases the matter will be referred to the Office of Administrative Law Judge, while in nonadversarial proceedings the matter will go to the Law Bureau for recommended disposition. Because we are dealing with purported security-related information, the proposed regulation would require the challenger or requester to provide certain basic information including his social security number if an individual and its certification number if another Pennsylvania public utility. Finally, subsection (a) would give the public utility that has designated the information as confidential security information 15 days to respond to the challenge or request to review, and it would give the administrative law judge or the Law Bureau 15 days from the date the utility's response is filed to issue its recommended decision.

   Subsection (b) provides that the Commission will apply a balancing test that weighs the sensitivity of the designated confidential security information and the potential harm resulting from its disclosure against the challenger's or requester's need for the information and also lists several factors that will be relevant in the Commission's consideration of whether to grant a request to review confidential security information.

   Consistent with the CSI Act, subsection (c) provides that the Commission shall have 60 days to issue its decision in writing. Failure to act within this 60-day window will be deemed a denial of the challenge or request to review. Similarly, subsections (d) and (e) closely track the language in the CSI Act relating to appeals of Commission decisions and to treatment of records allegedly containing confidential security information during the pendency of any Commission review or court appeal.

   Finally, subsections (f) and (g) address how confidential security information is to be accessed by the statutory advocates, another area we asked for specific comments, and by Commission staff.

   Accordingly, under sections 1--6 of the Public Utility Confidential Security Information Disclosure Protection Act (35 P. S. §§ 2141.1--2141.6); 66 Pa.C.S. 501 and 1501; sections 201 and 202 of the act of July 31, 1968 (P. L. 769, No. 240) (45 P. S. §§ 1201 and 1202), and the regulations promulgated thereunder at 1 Pa. Code §§ 7.1, 7.2 and 7.5; section 204(b) of the Commonwealth Attorneys Act (71 P. S. § 732.204(b)); section 745.5 of the Regulatory Review Act (71 P. S. § 745.5); and section 612 of The Administrative Code of 1929 (71 P. S. § 232), and the regulations promulgated thereunder in 4 Pa. Code §§ 7.231--7.234, we are considering adopting the proposed regulations set forth in Annex A, attached hereto; Therefore,

It Is Ordered that:

   1.  The proposed rulemaking at L-00070185 will consider the regulations set forth in Annex A.

   2.  The Secretary shall submit this order and Annex A to the Office of Attorney General for review as to form and legality and to the Governor's Budget Office for review of fiscal impact.

   3.  The Secretary shall submit this order and Annex A for review and comment to the IRRC and the Legislative Standing Committees.

   4.  The Secretary shall certify this order and Annex A and deposit them with the Legislative Reference Bureau to be published in the Pennsylvania Bulletin. The Secretary shall specify publication of the order in accordance with 45 Pa.C.S. § 727.

   5.  An original and 15 copies of any comments referencing the docket number of the proposed regulations be submitted within 30 days of publication in the Pennsylvania Bulletin to the Pennsylvania Public Utility Commission, Attention Secretary, P. O. Box 3265, Harrisburg, PA 17105-3265.

   6.  The contact person for this rulemaking is Carl S. Hisiro, Assistant Counsel, Law Bureau, (717) 783-2812. Alternate formats of this document are available to persons with disabilities and may be obtained by contacting Sherri DelBiondo, Regulatory Coordinator, Law Bureau, (717) 772-4579.

   7.  A copy of this order and Annex A shall be served upon the National Association of Water Companies, Pennsylvania Chapter; the Energy Association of Pennsylvania; PECO Energy Company; Philadelphia Gas Works; FirstEnergy Corporation; Equitable Gas Company; Nisource Corporate Services Company; Duquesne Light Company; Dominion Peoples; UGI Corporation; UGI Utilities, Inc.; UGI Penn Natural Gas, Inc.; Allegheny Power; PPL Services Corporation; National Fuel Distribution Corporation; Nauman Global Enterprises, LLC; Dart Container Corporation of California, d/b/a DTX Inc.; McClymonds Supply & Transit Co., Inc.; Meckley's Limestone Products, Inc.; American Expediting Company; the Office of Trial Staff; the Office of Consumer Advocate; and the Small Business Advocate.

JAMES J. MCNULTY,   
Secretary

   (Editor's Note: A Comment and Response Document prepared by the Commission regarding this proposed rulemaking is available at the Commission's website www.puc.state.pa.us.)

   Fiscal Note: 57-256. (1) Restricted Revenue Account within the General Fund; (2) Implementing Year 2007-08 is Minimal; (3) 1st Succeeding Year 2008-09 is Minimal; 2nd Succeeding Year 2009-10 is Minimal; 3rd Succeeding Year 2010-11 is Minimal; 4th Succeeding Year 2011-12 is Minimal; 5th Succeeding Year 2012-13 is Minimal; (4) 2006-07 Program--New Program; 2005-06 Program--New Program; 2004-05 Program--New Program; (8) General Government Operations; (8) recommends adoption.

Annex A

TITLE 52. PUBLIC UTILITIES

PART I. PUBLIC UTILITY COMMISSION

Subpart A. GENERAL PROVISIONS

CHAPTER 5. FORMAL PROCEEDINGS

Subchapter E. EVIDENCE AND WITNESSES

§ 5.423. Orders to limit availability of proprietary information.

*      *      *      *      *

   (g)  Confidential security information. Challenges to a public utility's designation of confidential security information or requests in writing to examine confidential security information are addressed in Chapter 102 (relating to confidential security information).

Subpart E. PUBLIC UTILITY SECURITY PLANNING AND READINESS

   (Editor's Note:  The following text is new and has been printed in regular type for readability.)

CHAPTER 102. CONFIDENTIAL SECURITY INFORMATION

Sec.

102.1.Purpose.
102.2.Definitions.
102.3.Filing procedures.
102.4.Challenge procedures to confidentiality designation.

§ 102.1. Purpose.

   This chapter establishes procedures for public utilities to follow when filing records with the Commission containing confidential security information under Act 156 and procedures to address challenges by members of the public to a public utility's designation of confidential security information or requests to examine records containing confidential security information in both adversarial and nonadversarial proceedings pending before the Commission.

§ 102.2. Definitions.

   The following words and terms, when used in this chapter, have the following meanings, unless the context clearly indicates otherwise:

   Act 156--The Public Utility Confidential Security Information Disclosure Protection Act (35 P. S. §§ 2141.1--2141.6).

   Commission--The Pennsylvania Public Utility Commission.

   Confidential security information--Information contained within a record maintained by the Commission in any form, the disclosure of which would compromise security against sabotage or criminal or terrorist acts and the nondisclosure of which is necessary for the protection of life, safety, public property or public utility facilities, including the following:

   (i)  A vulnerability assessment which is submitted to the Environmental Protection Agency or other Federal, State or local agency.

   (ii)  Portions of emergency response plans that are submitted to the Department of Environmental Protection, the Commission or other Federal, State or local agency dealing with response procedures or plans prepared to prevent or respond to emergency situations, except those portions intended for public disclosure, the disclosure of which would reveal vulnerability assessments, specific tactics, specific emergency procedures or specific security procedures. Nothing in this definition may be construed to relieve a public utility from its public notification obligations under other applicable Federal and State laws.

   (iii)  A plan, map or other drawing or data which shows the location or reveals location data on community drinking water wells and surface water intakes.

   (iv)  A security plan, security procedure or risk assessment prepared specifically for the purpose of preventing or for protection against sabotage or criminal or terrorist acts.

   (v)  Specific information, including portions of financial statements, about security devices or personnel, designed to protect against sabotage or criminal or terrorist acts. Nothing in this definition may be construed to prevent the disclosure of monetary amounts.

   Facilities--

   (i)  The plant and equipment of a public utility, including tangible and intangible real and personal property without limitation, and any means and instrumentalities in any manner owned, operated, leased, licensed, used, controlled, furnished or supplied for, by or in connection with the business of any public utility.

   (ii)  The term also includes electric power generation.

   Member of the public--Includes any citizen of this Commonwealth, a public utility certified by the Commission, the Office of Consumer Advocate, the Office of Small Business Advocate, the Office of Trial Staff or Commission prosecutory staff.

   Public utility--Any person, corporation, municipality or municipal authority or corporation now or hereafter owning or operating in this Commonwealth equipment or facilities for:

   (i)  Producing, generating, transmitting, distributing or furnishing natural or artificial gas, electricity or steam for the production of light, heat or power to the public for compensation. The term also includes electric power generation.

   (ii)  Diverting, developing, pumping, impounding, distributing or furnishing water to or for the public for compensation.

   (iii)  Using a canal, turnpike, tunnel, bridge, wharf, and the like, for the public for compensation.

   (iv)  Transporting or conveying natural or artificial gas, crude oil, gasoline or petroleum products, materials for refrigeration or oxygen or nitrogen or other fluid substance, by pipeline or conduit, for the public for compensation.

   (v)  Conveying or transmitting messages or communications by telephone or telegraph or domestic public land mobile radio service, including point-to-point microwave radio service for the public for compensation.

   (vi)  Collecting, treating or disposing sewage for the public for compensation.

   (vii)  Transporting passengers or property as a common carrier.

   Right-to-Know Law--The act of June 21, 1957 (P. L. 390, No. 212) (65 P. S. §§ 66.1--66.9).

   Secretary--The Secretary of the Commission.

   Terrorist act--An act constituting a violent offense intended to do one or more of the following:

   (i)  Intimidate or coerce a civilian population.

   (ii)  Influence the policy of a government by intimidation or coercion.

   (iii)  Affect the conduct of a government.

   

§ 102.3. Filing procedures.

   (a)  Maintenance of records onsite. Unless required by order or other directive from the Commission or its staff that records containing confidential security information shall be filed with the Commission, public utilities shall do the following:

   (1)  Maintain any record containing confidential security information onsite.

   (2)  Certify that the record is present and up-to-date consistent with Chapter 101 (relating to public utility preparedness through self certification).

   (3)  Make the record containing confidential security information available for review upon request by authorized Commission staff.

   (b)  Filing requirements. When a public utility is required to submit a record that contains confidential security information to the Commission, the public utility shall do the following:

   (1)  Clearly state in its transmittal letter to the Commission that the record contains confidential security information and explain why the information should be treated as confidential.

   (2)  Separate the information being filed into at least two categories:

   (i)  Records that are public in nature and subject to the Right-to-Know Law.

   (ii)  Records that are to be treated as containing confidential security information and not subject to the Right-to-Know Law.

   (3)  Stamp or label each affected page of the record containing confidential security information with the words ''Confidential Security Information'' and place all affected pages in a separate envelope marked ''Confidential Security Information.''

   (c)  Public utility's responsibility. The public utility has the responsibility to identify records as containing confidential security information. When the public utility fails to designate a record as containing confidential security information, it does not obtain the protections offered in this chapter and in Act 156. Any record that is not identified, stamped and separated as set forth in subsection (b), will be made available to the public under the Right-to-Know Law.

   (d)  Status of previously-filed unmarked records. Records containing what would otherwise be deemed confidential security information already on file at the Commission prior to May 29, 2007, the effective date of Act 156, are not covered by the protections offered in this chapter and in Act 156. To obtain the protections, the public utility shall resubmit and replace the existing records by following the filing procedures provided for in this section. When a public utility's filing is intended to replace pre-Act 156 filed records, the Commission will waive any otherwise applicable filing fee.

   (e)  Commission's responsibility with unmarked records. The Commission and its staff are under no legal obligation to protect confidential security information already on file with the Commission that has not been marked ''Confidential Security Information,'' following the procedures provided for in this section. When a request is made by a member of the public for an existing record that is not marked ''Confidential Security Information'' and Commission staff has reason to believe that it contains confidential security information, staff will refer the requested record to the Law Bureau for review. If the Law Bureau determines the record contains confidential security information, the Law Bureau will advise the affected public utility and give it an opportunity to resubmit and replace the record with a copy that is marked ''Confidential Security Information'' pursuant to subsection (d).

   (f)  Electronic submissions. The Commission does not yet have the ability to handle electronically submitted confidential security information in the manner required under this chapter or Act 156. The Commission will notify the public utility industry when it develops the ability to handle electronic submissions of confidential security information. Until the Commission develops the ability to handle electronic submissions of confidential security information, the information submitted electronically will be made available to the public under the Right-to-Know Law.

§ 102.4. Challenge procedures to confidentiality designation.

   (a)  General rule for challenges or requests to review. When a member of the public other than a statutory advocate or Commission staff challenges the public utility's designation of confidential security information or requests in writing to examine confidential security information, the Commission will issue a Secretarial Letter to the public utility notifying the public utility of the challenge to its designation or the request to examine records containing confidential security information. Only records filed with the Commission as confidential security information are subject to a challenge or written request to review under this subsection and Act 156. Records maintained onsite by the public utility are not subject to challenge or request to review.

   (1)  When a challenge or written request to review occurs in an adversarial proceeding, the matter will be referred to the Office of Administrative Law Judge for recommended disposition by the Commission.

   (2)  When a challenge or written request to review occurs in a nonadversarial proceeding, the matter will be referred to the Law Bureau for recommended disposition by the Commission.

   (3)  The Commission will have up to 60 days from the date the challenge or written request to review is filed with the Secretary's Bureau to render a final decision. During the 60-day review period, the following process shall be used:

   (i)  For identification purposes, the challenger or requester, if not a statutory advocate or Commission staff, shall provide his full name, address, telephone number and Social Security number if an individual and its certification number, address and telephone number if it is a Pennsylvania utility.

   (ii)  For challenges, the challenger shall provide at the time it files the challenge a detailed statement explaining why the confidential security information designation should be denied.

   (iii)  For requests to review, the requester shall provide at the time it files the request a detailed statement explaining the particular need for and intended use of the information and a statement as to the requester's willingness to adhere to limitations on the use and disclosure of the information requested.

   (iv)  The public utility shall have 15 days from the date the challenge or request to review is filed with the Secretary's Bureau to respond to the challenger's or requester's detailed statement in support of its position.

   (v)  The presiding officer or the Law Bureau will have 15 days from the date the public utility's response is filed with the Secretary's Bureau to issue its recommended disposition to the Commission.

   (b)  Relevant factors to be considered. The Commission will apply a balancing test that weighs the sensitivity of the designated confidential security information and the potential harm resulting from its disclosure against the challenger's or requester's need for the information. Applying this balancing test, a challenge to a public utility's designation of confidential security information or written request to review a record containing confidential security information will be granted only upon a determination by the Commission that the potential harm to the public utility of disclosing information relating to its security is less than the challenger's or requester's need for the information. In determining whether to grant a written request to review a record containing confidential security information, the Commission, the presiding officer or the Law Bureau will consider, along with other relevant factors, the following:

   (1)  The requester's willingness to sign a nondisclosure agreement.

   (2)  The requester's willingness to be subjected to a criminal background check.

   (3)  The conditions, if any, to place on release of the information.

   (c)  Written notification of disposition. The Commission will provide, within the 60-day period, written notification of its decision on confidentiality to the public utility and the member of the public that requested to examine the records containing confidential security information or challenged the designation made by the public utility. Failure by the Commission to act within the 60-day period will be deemed a denial of the challenge or the request to review. In the written notification, the Commission will affirmatively state whether the disclosure would compromise the public utility's security against sabotage or criminal or terrorist act. When the Commission determines that a record contains confidential security information and information that is public, the confidential portion will be redacted before disclosure.

   (d)  Appeal of Commission decision. The Commission's decision on confidentiality under this chapter will be issued by order adopted at a public meeting. The public utility and member of the public shall have up to 30 days following entry of this order to file an appeal in Commonwealth Court. The Commonwealth Court will review any records containing the disputed confidential security information in camera to determine whether the information should be protected from disclosure under this chapter. During the pendency of the in camera review, the records subject to this review may not be made part of the public court filing.

   (e)  Treatment of records during pendency of review. During the challenge, request to review, or an appeal of the Commission's final determination, the Commission will continue to honor the confidential security information designation by the public utility.

   (f)  Access for statutory advocates. Authorized individuals, as provided for in Act 156, employed by the statutory advocates shall be provided with access to confidential security information on file with the Commission when they provide the public utility with a justification for the need of the information and execute access agreements that summarize responsibilities and personal liabilities when confidential security information is knowingly or recklessly released, published or otherwise disclosed.

   (g)  Access for Commission staff. Unopened envelopes marked ''Confidential Security Information'' filed with the Commission will be given only to Commission employees authorized to review the information as provided for in Act 156. Authorized Commission employees will execute access agreements that summarize responsibilities and personal liabilities when confidential security information is knowingly or recklessly released, published or otherwise disclosed. Commission employees may decline designation as authorized individuals. Commission employees that agree to the designation will have their names added to the Authorized Access List maintained by the Commission's Secretary's Bureau. The Commission will withdraw designations when the employee no longer requires access to confidential security information because of a change in duties or position or when the employee fails to attend required training.

[Pa.B. Doc. No. 07-2207. Filed for public inspection December 7, 2007, 9:00 a.m.]



No part of the information on this site may be reproduced for profit or sold for profit.

This material has been drawn directly from the official Pennsylvania Bulletin full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.