Tennessee Cybersecurity Audit Information Request
| Submitted | July 29, 2016 |
MuckRock users can file, duplicate, track, and share public records requests like this one. Learn more.
Communications
From: Keeling R. Baird
Dear Mr. Purvis,
Please see the attached letter regarding your open records act request with the Tennessee Department of Commerce and Insurance. Please let me know if you have further questions.
Thank you,
Keeling Baird
Assistant General Counsel
From: Alex Koma
To Whom It May Concern:
Pursuant to Tennessee's Public Records Act, I hereby request the following records:
Any overview of the results of the most recent cybersecurity audit or risk assessment conducted by Strategic Technology Solutions, or by a third party on behalf of the office.
The requested documents will be made available to the general public, and this request is not being made for commercial purposes.
In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
I recognize that these types of documents contain sensitive information about the state's networks, and could be subject to an exemption to protect public safety. However, I'm not looking for specific details on the networks or their vulnerabilities, merely any summaries or aggregated data produced for the state to get an overall picture of cybersecurity concerns.
Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 7 business days, as the statute requires.
I am a citizen of Tennessee.
Sincerely,
Carlton Purvis
From: Keeling R. Baird
Dear Mr. Purvis,
Please see the attached letter regarding your open records act request with the Tennessee Department of Commerce and Insurance that was previously sent to you on August 8, 2016. Without evidence that you are a citizen of this state, we cannot grant your request. Please let me know if you have further questions.
Thank you,
Keeling Baird
Assistant General Counsel
From: Lola Potter
Dear Mr. Purvis,
We received your August 22, 2016 request for a copy of any overview of the results of the most recent cybersecurity audit or risk assessment conducted by Strategic Technology Solutions, or by a third party, on behalf of the Department of Commerce and Insurance.
The right of access to such records rests with citizens of our state pursuant to Tennessee Code Annotated § 10-7-503(a). Please provide appropriate identification as required by T.C.A. § 10-7-503, such as a driver's license, establishing that you are a citizen of this state.
For your information, Tennessee Attorney General's Opinion (01-132) dated August 22, 2001, further discusses this position. In addition, the United States Supreme Court has ruled that a state has the right to limit access to its records to its own citizens. McBurney v. Young, 133 S. Ct. 1709 (U.S., April 29, 2013).
Additionally, the records you requested may contain information that is confidential pursuant to T.C.A. § 10-7-504 and must be redacted. Once we receive a copy of your identification establishing Tennessee citizenship, the Department of Finance and Administration will provide you with an estimate of the cost, if any, of producing the requested records with confidential information redacted. You will not incur any costs until after you have reviewed the cost estimate and decided to proceed.
If you have any questions, please do not hesitate to contact me.
Lola Potter
p. 615-532-8560
c. 615-585-5806
From: Lola Potter
Dear Mr. Purvis,
We received your August 22, 2016 request for a copy of any overview of the results of the most recent cybersecurity audit or risk assessment conducted by Strategic Technology Solutions, or by a third party, on behalf of the Department of Commerce and Insurance. We received a copy of your driver’s license on August 31, 2016 establishing your Tennessee citizenship.
Tennessee Code Annotated § 10-7-503(a) provides the following:
(2)(B) The custodian of a public record or the custodian's designee shall promptly make available for inspection any public record not specifically exempt from disclosure. In the event it is not practicable for the record to be promptly available for inspection, the custodian shall within seven (7) business days:
(i) Make such information available to the requestor;
(ii) Deny the request in writing or by completing a records request response form developed by the office of open records counsel. The response shall include the basis for the denial; or
(iii) Furnish the requestor a completed records request response form developed by the office of open records counsel stating the time reasonably necessary to produce such record or information. [emphasis added]
The Department of Finance and Administration is currently in the process of retrieving, reviewing, and redacting the requested records. In accordance with the above-cited law, this letter is being sent to inform you that by Wednesday, September 7, 2016, either the records you have requested to receive copies of will be available or a determination of accessibility and availability will be made regarding the requested records.
From: Lola Potter
Mr. Purvis:
Please find attached the documents responsive to your request for a copy of any overview of the results of the most recent cybersecurity audit or risk assessment conducted by Strategic Technology Solutions, or by a third party, on behalf of the Department of Commerce and Insurance. As required by T.C.A. 10-7-504, information that is confidential has been redacted.
Lola Potter
p. 615-532-8560
c. 615-585-5806
Files
pages