August 23, 1999

 

Mr. Joseph A. Glazer
President & CEO
Mental Health Association in
New York State. Inc.
194 Washington Avenue - Suite 415
Albany, NY 12210

The staff of the Committee on Open Government is authorized to issue advisory opinions.
The ensuing staff advisory opinion is based solely upon the information presented in your
correspondence.

Dear Mr. Glazer:

I have received your letter of July 20 and the materials attached to it concerning a
"Member Confidentiality Agreement" that must be signed by persons serving on Institutional
Review Boards (IRB's). Those entities engage in "an observatory role in relation to certain
activities at the State Psychiatric Hospital Facilities run by the New York State Office of
Mental Health." According to the documentation, "a memo was distributed by the Research
Foundation for Mental Hygiene, Inc. to members of the IRB's regarding their confidentiality
responsibilities."

You wrote that you have "serious concerns regarding such mandatory gag
agreements" and asked whether they may be "violative of any state laws regarding access to
information."

While I question the scope of the meaning of the term "confidentiality", the
memorandum on that subject distributed to IRB chairpersons appears in my view to
encourage IRB members to recognize that various records that may come into their
possession may or in some instances must be withheld from the public, and that disclosures
to the public should be coordinated by the OMH public information officer. In this regard,
I offer the following comments.

First, as you may be aware, §89(1) of the Freedom of Information Law requires the
Committee on Open Government to promulgate regulations concerning the procedural
implementation of that statute (21 NYCRR Part 1401). In turn, §87(1) requires the head or
governing body of an agency to adopt rules and regulations consistent those promulgated by
the Committee and with the Freedom of Information Law. Section 1401.2 of the regulations
provides in relevant part that:

"(a) The governing body of a public corporation and the head
of an executive agency or governing body of other agencies
shall be responsible for insuring compliance with the
regulations herein, and shall designate one or more persons as
records access officer by name or by specific job title and
business address, who shall have the duty of coordinating
agency response to public requests for access to records. The
designation of one or more records access officers shall not be
construed to prohibit officials who have in the past been
authorized to make records or information available to the
public from continuing to do so."

Based on the foregoing, I believe that the records access officer has the duty of coordinating
responses to requests.

From my perspective, it is routine to limit the authority of agency personnel and others
to make disclosures on their own initiative or in response to requests. In many agencies,
requests for records are forwarded as a matter of policy to the designated records access
officer in order that he or she can make an initial determination to grant or deny access in
accordance with applicable law. The direction given in the memorandum appears to be
consistent with that kind of procedure.

Second, the Freedom of Information Law pertains not only to records in the physical
possession of an agency, but also those maintained for an agency. That statute applies to
agency records, and §86(4) defines the term "record" expansively to include:

"any information kept, held, filed, produced, reproduced by,
with or for an agency or the state legislature, in any physical
form whatsoever including, but not limited to, reports,
statements, examinations, memoranda, opinions, folders, files,
books, manuals, pamphlets, forms, papers, designs, drawings,
maps, photos, letters, microfilms, computer tapes or discs,
rules, regulations or codes."

The Court of Appeals has construed the definition as broadly as its specific language
suggests. The first such decision that dealt squarely with the scope of the term "record"
involved documents pertaining to a lottery sponsored by a fire department. Although the
agency contended that the documents did not pertain to the performance of its official duties,
i.e., fighting fires, but rather to a "nongovernmental" activity, the Court rejected the claim of
a "governmental versus nongovernmental dichotomy" [see Westchester Rockland
Newspapers v. Kimball, 50 NY2d 575, 581 (1980)] and found that the documents
constituted "records" subject to rights of access granted by the Law. Moreover, the Court
determined that:

"The statutory definition of 'record' makes nothing turn on the
purpose for which it relates. This conclusion accords with the
spirit as well as the letter of the statute. For not only are the
expanding boundaries of governmental activity increasingly
difficult to draw, but in perception, if not in actuality, there is
bound to be considerable crossover between governmental
and nongovernmental activities, especially where both are
carried on by the same person or persons" (id.).

In another decision rendered by the Court of Appeals, the Court focused on an agency
claim that it could "engage in unilateral prescreening of those documents which it deems to
be outside of the scope of FOIL" and found that such activity "would be inconsistent with the
process set forth in the statute" [Capital Newspapers v. Whalen, 69 NY 2d 246, 253 (1987)].
The Court determined that:

"...the procedure permitting an unreviewable prescreening of
documents - which respondents urge us to engraft on the
statute - could be used by an uncooperative and obdurate
public official or agency to block an entirely legitimate
request. There would be no way to prevent a custodian of
records from removing a public record from FOIL's reach by
simply labeling it 'purely private.' Such a construction, which
would thwart the entire objective of FOIL by creating an easy
means of avoiding compliance, should be rejected" (id., 254).

More recently, in a case involving records in possession of a not-for-profit corporation that
carried out certain functions for the State University pursuant to contract, it was held that the
records were held for the University and, therefore, were agency records that fell within the
coverage of the Freedom of Information Law, even though they were not in the physical
custody of the University [see Encore College Bookstores, Inc. v. Auxiliary Services
Corporation of the State University, 87 NY2d 410 (1995)].

While I believe that the Research Foundation for Mental Hygiene, Inc. is an agency
that falls within the requirements of the Freedom of Information Law [see e.g., Buffalo News
v. Buffalo Enterprise Development Corp., 84 NY2d 488 (1994)], irrespective of that issue,
my understanding is that its functions are performed for one or more agencies, such as the
Office of Mental Health, and that, therefore, its records are maintained for an agency and are
subject to rights conferred by the Freedom of Information Law.

Third, based on several judicial decisions, an assertion or promise of confidentiality,
unless it is based upon a statute, is generally meaningless. When confidentiality is conferred
by a statute, an act of the State Legislature or Congress, records fall outside the scope of
rights of access pursuant to §87(2)(a) of the Freedom of Information Law, which states that
an agency may withhold records that "are specifically exempted from disclosure by state or
federal statute". If there is no statute upon which an agency can rely to characterize records
as "confidential" or "exempted from disclosure", the records are subject to whatever rights
of access exist under the Freedom of Information Law [see Doolan v.BOCES, 48 NY 2d 341
(1979); Washington Post v. Insurance Department, 61 NY 2d 557 (1984); Gannett News
Service, Inc. v. State Office of Alcoholism and Substance Abuse, 415 NYS 2d 780 (1979)].
As such, an assertion or promise of confidentiality, without more, would not in my view serve
to enable an agency to withhold a record.

In the context of the kinds of records that may be pertinent to the duties of the
Foundation, the IRB's and the Office of Mental Health, a statute that requires confidentiality
is §33.13 of the Mental Hygiene Law. That statute essentially prohibits the disclosure of
clinical records identifiable to a person receiving treatment except in circumstances that it
prescribes. When records fall within the confidentiality requirements imposed by §33.13, they
would be "specifically exempted from disclosure by...statute" in accordance with §87(2)(a)
of the Freedom of Information Law.

Also pertinent to the duties of those concerned may be the Personal Privacy
Protection Law, which deals in part with the disclosure of records or personal information by
state agencies concerning data subjects. A "data subject" is "any natural person about whom
personal information has been collected by an agency" [Personal Privacy Protection Law,
§92(3)]. "Personal information" is defined to mean "any information concerning a data
subject which, because of name, number, symbol, mark or other identifier, can be used to
identify that data subject" [§92(7)]. For purposes of that statute, the term "record" is defined
to mean "any item, collection or grouping of personal information about a data subject which
is maintained and is retrievable by use of the name or other identifier of the data subject"
[§92(9)].

With respect to disclosure, §96(1) of the Personal Privacy Protection Law states that
"No agency may disclose any record or personal information", except in conjunction with a
series of exceptions that follow. One of those exceptions involves a situation in which a
record is "subject to article six of this chapter [the Freedom of Information Law], unless
disclosure of such information would constitute an unwarranted invasion of personal privacy
as defined in paragraph (a) of subdivision two of section eighty-nine of this chapter." Section
89(2-a) of the Freedom of Information Law states that "Nothing in this article shall permit
disclosure which constitutes an unwarranted invasion of personal privacy as defined in
subdivision two of this section if such disclosure is prohibited under section ninety-six of this
chapter." Therefore, when a state agency cannot disclose records pursuant to §96 of the
Personal Protection Law, it is precluded from disclosing under the Freedom of Information
Law.

When either §33.13 of the Mental Hygiene Law or the Personal Privacy Protection
Law applies, there is essentially no discretion to disclose to the public. In other
circumstances, however, although records may be withheld, there is no obligation to do so.
Reference is made in the materials to "proprietary rights." Depending on the effects of
disclosure, so-called "proprietary" information might properly be withheld under §87(2)(d)
of the Freedom of Information Law. Nevertheless, unlike the provisions cited above, under
§87(2)(d) and the remaining grounds for denial in the Freedom of Information Law, there is
nothing in law that would prohibit disclosure. Section 87(2)(d) permits (but does not require)
an agency to withhold records or portions that:

"are trade secrets or are submitted to an agency by a
commercial enterprise or derived from information obtained
from a commercial enterprise and which if disclosed would
cause substantial injury to the competitive position of the
subject enterprise..."

The mere characterization of a record as "proprietary" or as a trade secret, like a claim of
confidentiality, is essentially meaningless; the capacity to deny access involves the extent to
which disclosure "would cause substantial injury to the competitive position" of a commercial
enterprise.

In sum, it is likely that many of the records used or maintained by IRB members may
be "confidential", but that would be so only when a statute prohibits disclosure. In other
instances, there may be discretion to withhold under the Freedom of Information Law, but
no legal obligation to do so. Perhaps most importantly, the Freedom of Information Law
requires agencies to adopt regulations regarding the procedural implementation of the law.
In accordance with such a procedure, one or more "records access officers" may be given the
duty of coordinating an agency's response to requests and disclosure practices. Unless
authority to disclose is otherwise granted to persons other than the records access officer,
limiting the ability of those other persons to disclose is, in my opinion, within the discretion
of an agency.

I hope that I have been of assistance.

Sincerely,

 

Robert J. Freeman
Executive Director

RJF:jm

cc: Susan J. Delano
Robin Goldman
Roger Clingman