Page:United States Statutes at Large Volume 116 Part 3.djvu/560

 116 STAT. 2152 PUBLIC LAW 107-296—NOV. 25, 2002 (B) includes any physical or computer-based system, including a computer, computer system, computer or communications network, or any component hardware or element thereof, software program, processing instructions, or information or data in transmission or storage therein, irrespective of the medium of transmission or storage. (7) VOLUNTARY. — (A) IN GENERAL.—The term "voluntary", in the case of any submittal of critical infrastructure information to a covered Federal agency, means the submittal thereof in the absence of such agency's exercise of legal authority to compel access to or submission of such information and may be accomplished by a single entity or an Information Sharing and Analysis Organization on behalf of itself or its members. (B) EXCLUSIONS. —The term "voluntary"— (i) in the case of any action brought under the securities laws as is defined in section 3(a)(47) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(47))— (I) does not include information or statements contained in any documents or materials filed with the Securities and Exchange Commission, or with Federal banking regulators, pursuant to section 12(i) of the Securities Exchange Act of 1934 (15 U.S.C. 781(1)); and (II) with respect to the submittal of critical infrastructure information, does not include any disclosure or writing that when made accompanied the solicitation of an offer or a sale of securities; and (ii) does not include information or statements submitted or relied upon as a basis for making licensing or permitting determinations, or during regulatory proceedings. 6 USC 132. SEC. 213. DESIGNATION OF CRITICAL INFRASTRUCTURE PROTECTION PROGRAM. A critical infrastructure protection program may be designated as such by one of the following: (1) The President. (2) The Secretary of Homeland Security. 6 USC 133. SEC. 214. PROTECTION OF VOLUNTARILY SHARED CRITICAL INFRA- STRUCTURE INFORMATION. (a) PROTECTION.— (1) IN GENERAL. — Notwithstanding any other provision of law, critical infrastructure information (including the identity of the submitting person or entity) that is voluntarily submitted to a covered Federal agency for use by that agency regarding the security of critical infrastructure and protected systems, analysis, warning, interdependency study, recovery, reconstitution, or other informational purpose, when accompanied by an express statement specified in paragraph (2)— (A) shall be exempt from disclosure under section 552 of title 5, United States Code (commonly referred to as the Freedom of Information Act);

�