Public Records Exemption for Security-Related Information
Effective: May 17, 2007
Updated/Revised: April 6, 2011
Contact: Office of University Counsel
Iowa law (Iowa Code §§ 22.7(50) and 22.8) allows non-disclosure of security-related information when the institution has a policy exempting such information or where the disclosure would not be in the public interest. Disclosure of certain information may increase risks to persons and facilities. This policy is intended to increase the safety and security of persons and property on the campus.
The following information may be withheld in responding to public records requests in order to protect safety and security at the university:
- Information about alarm and security systems used at the university including key codes, passwords, electronic codes, wiring diagrams, plans and security procedures and protocols related to such security systems.
- Information about security systems governing access to information technology systems, including passwords, protocols and security hardware and software.
- Security protocols and technical information related to the configuration, access to, design and location of key assets related to utilities, including the power plant, utility tunnels, water, electrical lines and information technology infrastructure.
- Portions of architectural and engineering designs, and other technical information, which are not otherwise publicly available, and which, if disseminated, would significantly compromise the security of a university-owned or leased building or facility.
- Security plans and protocols, including security-related contingency planning and emergency response plans.
- Information related to location of individuals and groups may be withheld in the following situations:
- Travel plans, locations, schedules and itineraries for high-profile individuals visiting the campus;
- Travel plans, locations, schedules and itineraries of an individual or group when specific threats are known to exist for the individual or group;
- Travel plans, locations, schedules and itineraries of persons conducting specified activities when there is a known and reasonable risk of harm to persons conducting the activity; and
- Reserved seating locations and room numbers of individuals attending events or renting rooms for private purposes.
- Information about specific threats, assessment of specific threats and plans for addressing specific threats held by university-recognized threat assessment teams.
- Information about the location of, and protocols used for sensitive research projects, materials and subjects when there is a known and reasonable risk of sabotage or damage to the project, the materials or subjects of the research.
- Information about the protocols, methods, facilities and equipment used in food production, which is not publicly available, and which, if disseminated, would significantly compromise the security of food production or preparation.
- Information about the location of hazardous materials such as controlled substances, radioactive materials, toxic or reactive materials, ingredients for toxic or reactive materials, explosives and hazardous biological materials.
- Security protocols and information related to cash, cash equivalents and property with unique or extraordinary value.
- Assessments of security vulnerability of the campus or specific campus assets or systems.
The above exemptions are not intended to apply to any information which has been publicly announced or is otherwise readily available. Only information that has a reasonable likelihood of jeopardizing safety should be withheld under this policy. A person denied access to the above information may appeal the decision to the university's public records officer.