Section 10-3-1708 - Joint Committee on Advanced Communications and Information Technology - Cybersecurity incidents and cyberattacks - Meetings in executive session - Definitions(a) As used in this section:(1) "County" means any county of this state;(2) "Municipality" means: (A) A city of the first class;(B) A city of the second class; or(C) An incorporated town;(3) "Public entity" means: (C) A school district; or(4) "School district" means a school district or open-enrollment public charter school in this state.(b)(1) The meetings of the Joint Committee on Advanced Communications and Information Technology to review a cybersecurity incident involving, or a cyberattack on, a public entity are closed and are exempt from public observance under the Freedom of Information Act of 1967, § 25-19-101 et seq.(2) Any member of the General Assembly may attend the closed hearing under subdivision (b)(1) of this section of the Joint Committee on Advanced Communications and Information Technology.(3) An individual may attend a closed hearing under subdivision (b)(1) of this section at the invitation of either of the cochairs of the Joint Committee on Advanced Communications and Information Technology.(4) The Joint Committee on Advanced Communications and Information Technology shall not disclose any information concerning an internal policy or the internal guidelines established to address a cybersecurity incident involving, or a cyberattack on, a public entity.(5) If the Joint Committee on Advanced Communications and Information Technology meets in a closed meeting under subdivision (b)(1) of this section, the Joint Committee on Advanced Communications and Information Technology may discuss only a cybersecurity incident involving, or cyberattack on, a public entity or any cybersecurity policy.(c)(1) An internal policy or the internal guidelines that are established concerning a cybersecurity incident involving, or a cyberattack on, a public entity are: (B) Exempt from the Freedom of Information Act of 1967, § 25-19-101 et seq.(2) An internal policy or the internal guidelines of a public entity established to address a cybersecurity incident involving, or a cyberattack on, a public entity are not considered a rule under § 10-3-309 or the Arkansas Administrative Procedure Act, § 25-15-201 et seq.Added by Act 2023, No. 510,§ 2, eff. 8/1/2023.