(1) The following information related to election security is exempt from disclosure under this chapter:
(a) The continuity of operations plan for election operations and any security audits, security risk assessments, or security test results, relating to physical security or cybersecurity of election operations or infrastructure. These records are exempt from disclosure in their entirety;
(b) Those portions of records, manuals, or documentation containing technical details and information regarding election infrastructure, which include the systems, software, and networks that support the election process, the public disclosure of which may increase risk to the integrity of election operations or infrastructure;
(c) Voter signatures on ballot return envelopes, ballot declarations, and signature correction forms, including the original documents, copies, and electronic images; and a voter's phone number and email address contained on ballot return envelopes, ballot declarations, or signature correction forms. The secretary of state, by rule, may authorize in-person inspection of unredacted ballot return envelopes, ballot declarations, and signature correction forms in accordance with RCW
29A.04.260;
(d) Records regarding the infrastructure of a private entity submitted to elections officials are exempt from disclosure for a period of 25 years after the creation of the record when accompanied by an express statement that the record contains information about the private entity's infrastructure and public disclosure may increase risk to the integrity of election operations or infrastructure; and
(e) Voted ballots, voted ballot images, copies of voted ballots, photographs of voted ballots, facsimile images of voted ballots, or cast vote records of voted ballots, starting at the time of ballot return from the voter, during storage per RCW
29A.60.110, and through destruction following any retention period or litigation.
(2) The exemptions specified in subsection (1) of this section do not include information or records pertaining to security breaches, except as prohibited from disclosure under RCW
29A.12.200.
(3) The exemptions specified in subsection (1) of this section do not prohibit an audit authorized or required under Title
29A RCW from being conducted.
(4) Requests for records from or any existing reports generated by the statewide voter registration database established under RCW
29A.08.105 must be submitted to and fulfilled by the secretary of state. If a county elections office receives a request for records from or any existing reports generated by the statewide voter registration database established under RCW
29A.08.105, the county elections office is not required to produce any records in response to the request, but shall, by the deadline set forth in RCW
42.56.520, direct the requestor to submit their request to the secretary of state.