September 18, 2012
FROM: Camille S. Jobin-Davis, Assistant Director
The staff of the Committee on Open Government is authorized to issue advisory opinions. The ensuing staff advisory opinion is based solely upon the facts presented in your correspondence.
This is in response to your request for an advisory opinion regarding application of the Freedom of Information Law to records requested from your employer, the Office of Temporary and Disability Assistance (OTDA). The issues that you raised, some of which have been addressed by the Joint Commission on Public Ethics (JCOPE), include whether (1) an employee is permitted to file a FOIL request with his agency, (2) records that indicate websites a public employee has visited are required to be made available, (3) time cards are required to be made public upon request, and (4) all emails sent by a public employee over a certain period of time are required to be made available.
Initially, we note that JCOPE has advised that a public employee may file FOIL requests with his employing agency; however the employee should not use the state agency work email address for such purposes. We agree with this advice.
We also agree with the advice provided in Advisory Opinion No. 89-7 for former employees within two years of state service, in which the State Ethics Commission, now JCOPE, referencing Public Officers Law §§ 73, 73-a and 74, set forth as follows:
“A Freedom of Information Law request made on behalf of a client or other person would be an appearance or practice before the former agency which is prohibited by §73(8).”
Whether a current employee is permitted to make FOIL requests on behalf of another person, in our opinion, would depend on an interpretation of laws that are not within our jurisdiction.
With respect to the particular requests that you describe, we note that the Freedom of Information Law pertains to existing records, and §89(3) states in part that an agency, such as a state office, is not required to create or prepare a record in response to a request. Therefore, if, for example, there is no record reflective of a web browser’s history, or email history from years ago, the agency would not be obliged to prepare a new record that contains the information of your interest.
In a related vein, we note that the Freedom of Information Law pertains to all agency records, and that §86(4) defines the term "record" expansively to include:
“...any information kept, held, filed, produced, reproduced by, with or for an agency or the state legislature, in any physical form whatsoever including, but not limited to, reports, statements, examinations, memoranda, opinions, folders, files, books, manuals, pamphlets, forms, papers, designs, drawings, maps, photos, letters, microfilms, computer tapes or discs, rules, regulations or codes.”
Therefore, insofar as the agency maintains records, irrespective of their physical form, that contain the information requested, we believe that they would be subject to rights of access conferred by the Freedom of Information Law. From our perspective, when data stored in a computer can be brought up on a screen or printed, it constitutes a record that falls within the coverage of the Freedom of Information Law.
Any analysis of requests for emails sent during a particular period, or data captured by a personal computer during a certain period, must include consideration of whether the request “reasonably” describes” agency records, as outlined in the following two opinions: http://docs.dos.ny.gov/coog/ftext/f18863.doc and Slattery, August 20, 2012 (yet to be numbered, enclosed). In short, and based on the analysis provided in the opinions, we believe that it may not be reasonable to expect an agency to respond to a request for “all emails sent during a particular period”, for example, depending on the period of time, the age of the records, and the volume of material identified.
As a general matter, the Freedom of Information Law is based upon a presumption of access. Stated differently, all records of an agency are available, except to the extent that records or portions thereof fall within one or more grounds for denial appearing in §87(2)(a) through (l) of the Law.
Perhaps pertinent with respect to access to records of an employee’s internet use are §§87(2)(b) and 89(2)(b), both of which pertain to the ability to deny access when disclosure would constitute an unwarranted invasion of personal privacy. Based on the judicial interpretation of the Freedom of Information Law, it is clear that public officers and employees enjoy a lesser degree of privacy than others, for it has been found in various contexts that those individuals are required to be more accountable than others. The courts have found that, as a general rule, records that are relevant to the performance of the official duties of a public officer or employee are available, for disclosure in such instances would result in a permissible rather than an unwarranted invasion of personal privacy [see e.g., Farrell v. Village Board of Trustees, 372 NYS 2d 905 (1975); Gannett Co. v. County of Monroe, 59 AD 2d 309 (1977), aff'd 45 NY 2d 954 (1978); Sinicropi v. County of Nassau, 76 AD 2d 838 (1980); Geneva Printing Co. and Donald C. Hadley v. Village of Lyons, Sup. Ct., Wayne Cty., March 25, 1981; Montes v. State, 406 NYS 2d 664 (Court of Claims, 1978); Powhida v. City of Albany, 147 AD 2d 236 (1989); Scaccia v. NYS Division of State Police, 530 NYS 2d 309, 138 AD 2d 50 (1988); Steinmetz v. Board of Education, East Moriches, Sup. Ct., Suffolk Cty., NYLJ, Oct. 30, 1980); Capital Newspapers v. Burns, 67 NY 2d 562 (1986)]. Conversely, to the extent that items relating to public officers or employees are irrelevant to the performance of their official duties, it has been found that disclosure would indeed constitute an unwarranted invasion of personal privacy [see e.g., Matter of Wool, Sup. Ct., Nassau Cty., NYLJ, Nov. 22, 1977, dealing with membership in a union; Minerva v. Village of Valley Stream, Sup. Ct., Nassau Cty., May 20, 1981, involving the back of a check payable to a municipal attorney that could indicate how that person spends his/her money; Selig v. Sielaff, 200 AD 2d 298 (1994), concerning disclosure of social security numbers].
Based on the decisions cited above, when a public officer or employee uses a personal computer or laptop in the course of his or her official duties, logs involving the use of that computer, in our opinion, would be relevant to the performance of that person's duties. On that basis, we do not believe that disclosure would result in an unwarranted invasion of personal privacy with respect to an officer or employee serving as a government officer or employee. Were a log of this nature to include the time of day or the amount of time that the employee spent reviewing a particular website, or perhaps particular pages reviewed, whether disclosure would cause an unwarranted invasion of personal privacy, in our opinion, would be speculative.
Perhaps pertinent with respect to public access to website addresses that permit employees to access agency databases, in our view, is §87(2)(i), which permits an agency to deny access to records that “if disclosed, would jeopardize the capacity of an agency or an entity that has shared information with an agency to guarantee the security of its information technology assets, such assets encompassing both electronic information systems and infrastructures”. In the event that knowledge of a website address through which an employee may access agency databases would permit a person to implement an attack on the database, or somehow render the database less secure, it is possible that the agency could justifiably rely on this exception to withhold such addresses.
It is important to note that while logs of internet use and emails sent/received are “records” subject to the Freedom of Information Law, their nature determine whether they are required to be made available upon request. For instance, depending on content, it is possible that disclosure of emails would constitute an unwarranted invasion of personal privacy with respect to persons other than the employees using the computer; many email communications might consist of inter-agency or intra-agency materials falling within §87(2)(g). Due to the nature of the services provided by OTDA, it is likely that there may be information contained in many email communications that is protected by provisions within the Social Services Law and perhaps any federal law.
In sum, the foregoing is not intended to suggest that the email communications to which you referred must be disclosed or should be withheld in their entirety. Like other records, the content of those communications is the primary factor in ascertaining rights of access, and we would refer you to advisory opinions that focus more closely on content.
We hope that this is helpful.
Attachment: Slattery, August 20, 2012
cc: Linda Hunt, Associate Attorney, OTDA
Shari Calnero, Associate Counsel, JCOPE