 ATTORNEY GENERAL OF TEXAS GREG ABBOTT | |
 |
May 29, 2012 Mr. Chad J. Lersch Assistant General Counsel Texas Department of Information Resources P.O. Box 13564 Austin, Texas 78711-3564 OR2012-08165 Dear Mr. Lersch: You ask whether certain information is subject to required public disclosure under the Public Information Act (the "Act"), chapter 552 of the Government Code. Your request was assigned ID# 454814. The Texas Department of Information Resources (the "department") received a request for information submitted by Capgemini America, Inc. ("Capgemini") and Science Applications International Corporation ("SAIC") in response to a solicitation for Data Center Services, DIR-SDD-TMP-161. (1) You state the department has released some of the requested information. You claim the submitted information is excepted from disclosure under sections 552.110 and 552.139 of the Government Code. You also believe release of the submitted information may implicate the interests of Capgemini and SAIC. Accordingly, the department notified Capgemini and SAIC of the request for information and of their right to submit arguments stating why the submitted information should not be released. See Gov't Code § 552.305 (permitting interested third party to submit to attorney general reasons why requested information should not be released); Open Records Decision No. 542 (1990) (determining statutory predecessor to section 552.305 permits governmental body to rely on interested third party to raise and explain applicability of exception in certain circumstances). We have considered the exceptions you claim and reviewed the submitted information. You inform us Capgemini's information was the subject of a previous request for information, in response to which this office issued Open Records Letter No. 2012-06303 (2012). In that ruling, we determined the department must withhold the information we marked under section 552.139 of the Government Code and must release the remaining information in accordance with copyright law. As we have no indication that the law, facts, and circumstances on which the prior ruling was based have changed, the department must continue to rely on Open Records Letter No. 2012-06303 as a previous determination and withhold or release Capgemini's information in accordance with the prior ruling. See Open Records Decision No. 673 (2001) (so long as law, facts, and circumstances on which prior ruling was based have not changed, first type of previous determination exists where requested information is precisely same information as was addressed in prior attorney general ruling, ruling is addressed to same governmental body, and ruling concludes that information is or is not excepted from disclosure). You raise section 552.110 of the Government Code for the information at issue; however, section 552.110 is designed to protect the interests of third parties, not the interests of a governmental body. As such, a governmental body may not raise section 552.110 on behalf of a third party. Therefore, if we do not receive comments from a third party explaining why the information at issue should not be released, we will conclude section 552.110 is not applicable. An interested third party is allowed ten business days after the date of its receipt of the governmental body's notice under section 552.305(d) to submit its reasons, if any, as to why requested information relating to it should be withheld from disclosure. See Gov't Code § 552.305(d)(2)(B). As of the date of this letter, this office has not received comments from SAIC explaining why its information should not be released to the requestor. Thus, we have no basis to conclude that the release of any portion of the requested information would implicate SAIC's interests. See id. § 552.110; Open Records Decision Nos. 661 at 5-6 (1999) (to prevent disclosure of commercial or financial information, party must show by specific factual evidence, not conclusory or generalized allegations, that release of requested information would cause that party substantial competitive harm), 552 at 5 (1990) (party must establish prima facie case that information is trade secret), 542 at 3. Accordingly, we conclude the department may not withhold any of the information at issue on the basis of any interest SAIC may have in the information. You also raise section 552.139 of the Government Code for Attachments 7-B and 12-A in the information at issue. Section 552.139 provides: (a) Information is excepted from [required public disclosure] if it is information that relates to computer network security, to restricted information under Section 2059.055 [of the Government Code], or to the design, operation, or defense of a computer network. (b) The following information is confidential: (1) a computer network vulnerability report; [and] (2) any other assessment of the extent to which data processing operations, a computer, a computer program, network, system, or system interface, or software of a governmental body or of a contractor of a governmental body is vulnerable to unauthorized access or harm, including an assessment of the extent to which the governmental body's or contractor's electronically stored information containing sensitive or critical information is vulnerable to alteration, damage, erasure, or inappropriate use[.] Gov't Code § 552.139. Section 2059.055 of the Government Code provides in pertinent part: (b) Network security information is confidential under this section if the information is: (1) related to passwords, personal identification numbers, access codes, encryption, or other components of the security system of a state agency; (2) collected, assembled, or maintained by or for a governmental entity to prevent, detect, or investigate criminal activity; or (3) related to an assessment, made by or for a governmental entity or maintained by a governmental entity, of the vulnerability of a network to criminal activity. Id. § 2059.055(b). You state the information at issue contains "the physical addresses of [State of Texas (the "state")] computer facilities and specific software that runs on certain mainframes and services within the [s]tate's data network." You explain that the release of this information could subject the state's information resources "to attack or unauthorized access," which "could subject the [s]tate's electronically stored information to alteration, damage, erasure, or theft." Based on your representations and our review, we find some of the information at issue falls within the scope of section 552.139. As such, we conclude the department must withhold this information, which we have marked, under section 552.139. However, we find you have failed to demonstrate the remaining information for which you raise section 552.139 relates to computer network security, the design, operation, or defense of the department's computer network, or an assessment of the department's computer network vulnerabilities. Consequently, none of the remaining information in Attachments 7-B and 12-A found in the information at issue may be withheld under section 552.139. We note some of the remaining information at issue includes insurance policy numbers. Section 552.136(b) of the Government Code provides, "[n]otwithstanding any other provision of [the Act], a credit card, debit card, charge card, or access device number that is collected, assembled, or maintained by or for a governmental body is confidential." (2) Id. § 552.136(b); see id. § 552.136(a) (defining "access device"). This office has concluded insurance policy numbers constitute access device numbers for purposes of section 552.136. Accordingly, the department must withhold the insurance policy numbers we have marked under section 552.136. In summary, the department must continue to rely on Open Records Letter No. 2012-06303 as a previous determination and withhold or release Capgemini's information in accordance with the prior ruling. The department must withhold the information we have marked under sections 552.139 and 552.136 of the Government Code. The department must release the remaining information. This letter ruling is limited to the particular information at issue in this request and limited to the facts as presented to us; therefore, this ruling must not be relied upon as a previous determination regarding any other information or any other circumstances. This ruling triggers important deadlines regarding the rights and responsibilities of the governmental body and of the requestor. For more information concerning those rights and responsibilities, please visit our website at http://www.oag.state.tx.us/open/index_orl.php, or call the Office of the Attorney General's Open Government Hotline, toll free, at (877) 673-6839. Questions concerning the allowable charges for providing public information under the Act must be directed to the Cost Rules Administrator of the Office of the Attorney General, toll free, at (888) 672-6787. Sincerely, Ana Carolina Vieira Assistant Attorney General Open Records Division ACV/ag Ref: ID# 454814 Enc. Submitted documents c: Requestor (w/o enclosures) Dana R. Krone Science Applications International Corporation 10140 Campus Point Drive San Diego, California 92121 (w/o enclosures) Mark Stein Capgemini America, Inc. Las Colinas Tower, Suite 700 201 East John Carpenter Freeway Irving, Texas 75062 (w/o enclosures) Footnotes1. You state the department sought and received clarification from the requestor regarding her request. See Gov't Code § 552.222 (providing that if request for information is unclear, governmental body may ask requestor to clarify request). 2. The Office of the Attorney General will raise a mandatory exception on behalf of a governmental body but ordinarily will not raise other exceptions. See Open Records Decision Nos. 481 (1987), 480 (1987), 470 (1987).
POST OFFICE BOX 12548, AUSTIN, TEXAS 78711-2548 TEL: (512) 463-2100 WEB: WWW.OAG.STATE.TX.US |