AR HB1555

Amends Arkansas Code § 10-3-309(b)(1)(B) to exclude internal policies and guidelines related to cybersecurity incidents or cyberattacks at state agencies from the definition of "rule" subject to state agency rule review.

Creates new Arkansas Code § 10-3-1708 establishing that meetings of the Joint Committee on Advanced Communications and Information Technology to review cybersecurity incidents or cyberattacks on public entities (counties, municipalities, school districts, and the state) are closed and exempt from the Freedom of Information Act of 1967.

Permits any General Assembly member to attend closed cybersecurity meetings and allows non-legislators to attend only by invitation of the committee cochairs; restricts the committee from disclosing information about internal policies or guidelines established to address cybersecurity incidents.

Declares internal policies and guidelines concerning cybersecurity incidents or cyberattacks on public entities to be confidential and exempt from the Freedom of Information Act and not subject to the Arkansas Administrative Procedure Act.

Amends Arkansas Code § 25-15-202(9)(B) to exclude internal policies and guidelines related to state agency cybersecurity incidents or cyberattacks from the definition of "rule" under the Arkansas Administrative Procedure Act.