10.04A Public Records Exemption for Security-Related Information

Purpose

The purpose of this policy is to provide guidelines for exempting public disclosure of security related information under provisions outlined in Iowa Code 22.7(50).

Policy Statement

The University shall not disclose security related information in response to a public records request as provided in this policy or where public disclosure would not be in the public interest.  Disclosure of certain security related information to the public may increase risks to persons, property and/or facilities and therefore such information must be protected. Only information that has a reasonable likelihood of compromising or jeopardizing safety and security should be withheld under this policy.

Guidelines

In responding to public records requests, security information may be withheld to help insure safety and security of persons, property and facilities associated with the University.  Such security information includes the following:

  • Information about alarm and security systems such as key or electronic codes, passwords, wiring diagrams, system specifications, security cameras and security camera footage, and security procedures and planning related to such systems;
  • Information about security systems governing information technology systems, including hardware, software, passwords and protocols;
  • Information not otherwise publicly available about facility infrastructure, including mechanical, electrical and technology systems;
  • Information and security protocols related to utilities and utility support, including power plant, utility tunnels, water, electrical, and hardware/software utility support;
  • Security plans and protocols, including contingency planning, continuity of operations planning and emergency response plans;
  • Security plans and protocols for special events;
  • Information related to the locations of individuals and groups such as:
    • Travel plans, schedules, lodging, and itineraries of an individual or group visiting the campus or conducting activities on the campus or on behalf of the University;
    • Reserved seating locations and room numbers of individuals attending events or renting facilities for private purposes;
    • Information about specific threats, assessments of specific threats, and plans for addressing specific threats held by the university recognized threat assessment team or other authorized group or individual;
    • Information about the location and protocols of sensitive research projects, materials and substances;
    • Information about the location and protocols of food production which is not publicly available;
    • Information about the location of hazardous materials such as controlled substances, radioactive materials, toxic materials, explosives and other hazardous biological materials;
    • Information and protocols related to cash, cash handling, cash equivalents and property with unique or extraordinary value;
    • Assessments of security vulnerability of the campus, campus assets, or systems.

A person denied access to security related information may appeal the decision to the University’s Public Records Officer

Additional resources

University Relations, approved April 2, 2012
Vice President for Administration and Financial Services, approved April 4, 2012
President’s Cabinet, approved May 30, 2012