August 28, 2012
FROM: Robert J. Freeman, Executive Director
The staff of the Committee on Open Government is authorized to issue advisory opinions. The ensuing staff advisory opinion is based solely upon the facts presented in your correspondence.
I have received your letter and the materials relating to it concerning a partial denial of access to records by the Office of the State Comptroller. You have sought an advisory opinion concerning the following questions: “First, does the disclosure of the name of a public employee earning credits in the state pension system coupled with his or her home zip code amount to an unwarranted invasion of personal privacy as defined in the Public Officers Law? Second, does the fact that the law (FOIL § 89(7)) allows agencies to withhold ‘home addresses’ of pensioners mean that agencies may withhold zip codes?”
In its initial response to your request, zip codes contained within a database were withheld on the basis of §§87(2)(b) and 89(2)(b) of FOIL. Your appeal was also denied, and the Records Appeals Officer cited the same provisions, as well as §89(7), which, in his words, “expressly exempts the home addresses of public employees and retirees from mandatory disclosure...” He added that “Common usage suggests that a zip code is inherently part of an individual’s home address, which would mean that disclosure of zip codes as you have requested would violate the letter of POL §89(7)”, and that “even if zip codes are not considered part of a home address, a disclosure of records combining names with zip codes would necessarily facilitate the capacity to identify an individual’s home address using basic internet searches.”
In this regard, I offer the following comments.
First, I do not believe that disclosure of home addresses of present or former public employees would “violate” §89(7) of FOIL. That provision states in relevant part that “Nothing in this article shall require the disclosure of the home address of an officer or employee, former officer or employee, or of a retiree of a public employees’ retirement system…” (emphasis mine). While FOIL clearly indicates that home addresses of present or former public employees need not be disclosed, there is nothing in the language of that provision that would prohibit disclosure, nor is there language in §§87(2)(b) or 89(2)(b) specifying that disclosure of home addresses would constitute an unwarranted invasion of personal privacy. To confirm that point, the Appellate Division in Buffalo Teachers Federation v. Buffalo Board of Education [ 156 AD2d 1027 (1990)] determined that the agency could withhold home addresses of its employees, but that it could choose to disclose the addresses. That being so, there is nothing inherently confidential about public employees’ home addresses that requires an agency to withhold the addresses.
Further, there are many instances in which home addresses of many, some of which may be present or former public employees, are accessible to any person. Voter registration lists that identify individuals and their home addresses are accessible under the Election Law, 3-220(1). Similarly, those who own real property, i.e., residences, are identified by name and the location of the property in records required to be disclosed pursuant to §526 of the Real Property Tax Law. In like manner, §89(2)(c)(iv) of FOIL concerning records related to the ownership of real property directs that, “providing copies of such records or group of records shall not be deemed an unwarranted invasion of personal privacy.”
In short, names and home addresses are available to the public in a variety of circumstances, and there is nothing in FOIL directing that home addresses of present or former public employees cannot be disclosed.
Second, the items denied are not home addresses, but rather are zip codes, and in my view, there is a distinction between the two. There have been numerous instances in which it has been advised that zip codes pertaining government employees and others must be disclosed. For example, although there may be no written opinion dealing with the issue, we have been informed that there are local provisions that require that public employees must reside within the municipality that employs them. While it is clear that residence addresses need not be disclosed, in order to ascertain whether individuals are complying with law and whether the municipality is ensuring compliance, it has been advised that the zip codes of employees must be disclosed. The disclosure of the zip code in that kind of situation is likely to provide the public with information necessary to determine whether there is compliance with law and an avoidance of favoritism, or perhaps lack of compliance or due diligence by the municipality.
Third, as you are aware, when an agency denies access to records, and the denial is challenged via the initiation of an Article 78 proceeding, unlike other such proceedings in which the petitioner has the burden of proving that the agency acted unreasonably or failed to carry out a legal duty, the agency has the burden of proof when the proceeding involves a denial of access under the Freedom of Information Law. The Court of Appeals confirmed its general view of the intent of the Freedom of Information Law in Gould v. New York City Police Department, stating that:
“To ensure maximum access to government records, the ‘exemptions are to be narrowly construed, with the burden resting on the agency to demonstrate that the requested material indeed qualifies for exemption’ (Matter of Hanig v. State of New York Dept. of Motor Vehicles, 79 N.Y.2d 106, 109, 580 N.Y.S.2d 715, 588 N.E.2d 750 see, Public Officers Law § 89[b]). As this Court has stated, ‘[o]nly where the material requested falls squarely within the ambit of one of these statutory exemptions may disclosure be withheld’ (Matter of Fink v. Lefkowitz, 47 N.Y.2d, 567, 571, 419 N.Y.S.2d 467, 393 N.E.2d 463)” [89 NY2d 267, 275(1996)].
The Court also offered guidance to agencies and lower courts in determining rights of access and referred to several decisions it had previously rendered, stating that:
“...to invoke one of the exemptions of section 87(2), the agency must articulate ‘particularized and specific justification’ for not disclosing requested documents (Matter of Fink v. Lefkowitz, supra, 47 N.Y.2d, at 571, 419 N.Y.S.2d 467, 393 N.E.2d 463). If the court is unable to determine whether withheld documents fall entirely within the scope of the asserted exemption, it should conduct an in camera inspection of representative documents and order disclosure of all nonexempt, appropriately redacted material (see, Matter of Xerox Corp. v. Town of Webster, 65 N.Y.2d 131, 133, 490 N.Y.S. 2d, 488, 480 N.E.2d 74; Matter of Farbman & Sons v. New York City Health & Hosps. Corp., supra, 62 N.Y.2d, a83, 476 N.Y.S.2d 69, 464 N.E.2d 437)” (id.).
The issue, in my view, is whether the Office of the State Comptroller can demonstrate that disclosure of zip codes of present or former public employees would constitute an unwarranted invasion of personal privacy. In one of the decisions referenced by the Court of Appeals in Gould, the Court cited Hanig, which focused on the privacy exception, holding that it pertains to items “that would ordinarily and reasonably be regarded as intimate, private information” (id., 112), i.e., as in Hanig, the details of one’s medical or health condition. From my perspective, particularly in consideration of statutes that require disclosure of names coupled with home addresses, it is questionable whether it can be demonstrated that disclosure of zip codes could be characterized as “intimate” or, therefore, whether disclosure would rise to the level of an “unwarranted” invasion of personal privacy.
In a decision cited in the denial of the appeal, Daily News v. City of New York Office of Payroll Administration [9 AD 3d 308 (2004)], one of the issues involved portions of records that included the ages of public employees. In short, both the Supreme Court and the Appellate Division determined that the agency did not meet the burden of proof and could not demonstrate to the courts’ satisfaction how and why disclosure would result in an unwarranted invasion of personal privacy. In contrast is the decision rendered in Hearst Corporation v. Office of the State Comptroller [882 NYS2d 862 (2009)], which dealt in part with the disclosure of public employees’ dates of birth. The court found that disclosure that item, unlike disclosure of their ages, would constitute an unwarranted invasion of privacy. A name and a date of birth, which is akin to a unique identifier, i.e., a social security number, might be used as a link to obtain a variety of other items pertaining to an individual, some of which may be intimate or private. That is likely not so in the case of disclosure of a name and zip code, without more. Again, the names and addresses, as well as zip codes, pertaining to millions of individuals are included in publicly accessible voter lists and real property assessment records.
The courts have found that “speculation” concerning the potentially harmful effect of disclosure sought to be avoided via the assertion of an exception to rights of access is insufficient to justify a denial of access. In Markowitz v. Serio [11 NY3d 43 (2008)], the Court of Appeals determined that the possibility of harm that is “theoretical” is inadequate, and that an agency “cannot merely rest upon a speculative conclusion that disclosure might potentially cause harm” (id., 50). A similar conclusion was reached in a decision in which the issue involved whether disclosure of physicians’ names could be used in combination with other items that are accessible as a means of identifying patients within a certain county. Specifically, a database maintained by the State Department of Health is disclosed following the redaction of personally identifying details concerning patients. Among the items disclosed about patients are the month and year of the patient’s birth, the patient’s zip code and county of residence. The Department contended that “providing the identity of the patient’s physician is the one additional factor that ‘could readily permit a third party to deduce logically the identity of a given patient, resulting in a breach of medical confidentiality.’” The court found, however, that “such speculation falls far short of ‘articulating a particularized and specific justification for denying access’” [New York Times Co. v. New York State Department of Health, 243 AD2d 158, 160 (1998)].
In that second decision, the issue involved information significantly more intimate and serious than disclosure of a zip code of a present or former public employee, for it focused on the possibility that a patient could be identified as having been treated for a particular medical condition. Even in consideration of that possibility, that disclosure would result in a “breach of medical confidentiality”; speculation concerning the harm that could arise was insufficient to meet the burden of defending secrecy.
Here, the possibility of harm is, in my opinion, more remote than in the case of disclosure of medical information that might conceivably enable an industrious person to identify a patient and his or her medical problem or condition. If the burden of defending secrecy in that case could not be met, it is difficult to envision how that burden could be met in this instance, particularly in consideration of the factors discussed in the preceding paragraphs.
In an effort to obviate the need to seek judicial review and to resolve the matter, a copy of this response will be sent to the Comptroller’s Records Appeals Officer.
I hope that I have been of assistance.
cc: Harvey Silverstein, Records Appeals Officer