Proposed legislation clarifying a 2016 law that made identities of certain government vendors confidential passed out of a Senate committee and House subcommittee this week after questions from lawmakers. An amendment was added in the House that would allow access to the identities by state lawmakers.
The lawmakers carrying the bill for the Haslam administration said the statute needed to be clarified because the intent was only to keep confidential names of vendors who provide IT security. The earlier language caused some to be concerned the exemption was too broad, state Sen. John Stevens, R-Huntingdon, told a Senate committee on Tuesday.
State Sen. Ken Yager, R-Kingston, and chairman of the Senate State & Local Government Committee, asked Stevens if that meant lawmakers would see fewer redactions of vendor names during their fiscal review process of contracts, noting in a followup question an increasing number of redactions that sometimes seemed “a little overkill.”
“We are seeing unintended consequences manifested, for example, in fiscal review committee where there are a lot of items that have been redacted in the contracts that we look at. So this bill as a practical matter will reduce those redactions and limit them to just the information services, is that correct?” he asked.
Stevens said it would not change the fiscal review process because some vendor names would still be redacted from the public documents provided lawmakers. He said he was not sure if it meant lawmakers would see fewer redactions than they are seeing now.
The next day, in the House State Government subcommittee meeting, state Rep. Bill Sanderson, R-Ketron, tried to clarify the need for the redactions and successfully added an amendment to the bill allowing members of the General Assembly access to the names.
“What you are saying is that if (potential hackers) know the vendor’s names, that’s going to make (the systems) more prone to be hacked?” Sanderson asked.
State Rep. Tim Rudd, R-Murfreesboro said the state wants to prevent hacking and that the purpose of the bill this year was to make clear that it only applied to vendors providing security for IT property, not all government property.
The current law allows the state to redact from public records the “identity of a vendor that provides goods and services used to protect government property, government employee information, or citizen information…” Government property is defined in the exemption as “electronic information processing systems, telecommunication systems, or other communications systems of a governmental entity.” Local government can also choose to make the names confidential if their governing body votes to do so.
The proposed legislation, HB 313 / SB 1201, changes the statute to say:
The identity of a vendor that provides to the state goods and services used to protect electronic information processing systems, telecommunication and other communication systems, data storage systems, government employee information, or citizen information shall be confidential.