January 21, 2010
The staff of the Committee on Open Government is authorized to issue advisory opinions. The ensuing staff advisory opinion is based solely upon the information presented in your correspondence.
I have received your letter and hope that you will accept my apologies for the delay in response. You have requested an advisory opinion concerning the status of “data contained in a web-based candidate software application” under the Freedom of Information Law.
By way of background, you wrote that the New York City Campaign Finance Board intends to develop the software “not only to store financial data and to produce and submit disclosure reports, but also to store and manage mailing lists, correspondence, personal information concerning contributors, information related to campaign events, and miscellaneous notes and comments.” You indicated that candidates/campaigns “will maintain exclusive control over the data – only they will be able to enter, alter, delete and access the data” (emphasis yours), and that “[t]he only data the Board will see is that which is contained in disclosure statements submitted to the Board.” Further, according to your letter:
“If certain encryption methodologies are used, the Board will not be able to access the data without assistance from the campaigns. If no encryption technology is used, however, the Board, as the developer of the software code, will have the technical ability to access the data, extract raw data, and, if it were to perform additional programming, the Board could also produce reports using the data stored in the system. However, the Board’s intent is to never access the data and to provide very strong assurances to campaigns that their data will remain confidential even from Board staff.”
The issue, as you suggested, involves whether the data in question, prior to being submitted to the Board by a campaign, would constitute “records” subject to rights of access conferred by the Freedom of Information Law. Section 86(4) of that statute defines the term “record” expansively to include:
"any information kept, held, filed, produced, reproduced by, with or for an agency or the state legislature, in any physical form whatsoever including, but not limited to, reports, statements, examinations, memoranda, opinions, folders, files, books, manuals, pamphlets, forms, papers, designs, drawings, maps, photos, letters, microfilms, computer tapes or discs, rules, regulations or codes."
As I understand the matter, there are two possible responses.
First, if the encryption methodologies are used, data stored by campaigns on Board supported software and servers would not be accessible by the Board. When a campaign is required to submit reports, the reports would be limited in content. Although the reports would be released or “transmitted” to the Board, the Board would continue to be blocked from accessing any of the data not included in the report. Under this scenario, I believe that it could be concluded that not all of the data would be maintained by or for the Board and, therefore, that the data not “transmitted” to the Board would not constitute “records” subject to the Freedom of Information Law. In that situation, the data accessible only to the campaign would not constitute a “record” of the Board until or unless it is shared with the Board.
Second, on the other hand, when data is stored on the Board’s server and is not encrypted, the Board would have the ability to access and extract the data. In that circumstance, because the data would be in the custody of and accessible to the Board, in my view, it would constitute Board records and, therefore, subject to rights of access conferred by the Freedom of Information Law, notwithstanding an agreement to refrain from accessing the data.
In a case in which an agency claimed, in essence, that it could remove various documents from the coverage of the Freedom of Information Law, the Court of Appeals found that:
"...respondents' construction -- permitting an agency to engage in a unilateral prescreening of those documents which it deems to be outside the scope of FOIL -- would be inconsistent with the process set forth in the statute. In enacting FOIL, the Legislature devised a detailed system to insure that although FOIL's scope is broadly defined to include all governmental records, there is a means by which an agency may properly withhold from disclosure records found to be exempt (see, Public Officers Law §87; §89,. Thus, FOIL provides that a request for access may be denied by an agency in writing pursuant to Public Officers Law §89(3) to prevent an unwarranted invasion of privacy (see, Public Officers Law §89) or for one of the other enumerated reasons for exemption (see, Public Officers Law §87). A party seeking disclosure may challenge the agency's assertion of an exemption by appealing within the agency pursuant to Public Officers Law §89(4)(a). In the event that the denial of access is upheld on the internal appeal, the statute specifically authorizes a proceeding to obtain judicial review pursuant to CPLR article 78 (see, Public Officers Law §89[b]). Respondents' construction, if followed, would allow an agency to bypass this statutory process. An agency could simply remove documents which, in its opinion, were not within the scope of the FOIL, thereby obviating the need to articulate a specific exemption and avoiding review of its action. Thus, respondents' construction would render much of the statutory exemption and review procedure ineffective; to adopt this construction would be contrary to the accepted principle that a statute should be interpreted so as to give effect to all of its provisions...
"...as a practical matter, the procedure permitting an unreviewable prescreening of documents -- which respondents urge us to engraft on the statute -- could be used by an uncooperative and obdurate public official or agency to block an entirely legitimate FOIL request. There would be no way to prevent a custodian of records from removing a public record from FOIL's reach by simply labeling it 'purely private'. Such a construction, which could thwart the entire objective of FOIL by creating an easy means of avoiding compliance, should be rejected" [Capital Newspapers v. Whalen, 69 NY 2d 246, 253-254 (1987)].
Moreover, a request for or promise of confidentiality is irrelevant in determining the extent to which records may be withheld under the Freedom of Information Law. The Court of Appeals has held that a request for or a claim or promise of confidentiality is all but meaningless; unless one or more of the grounds for denial appearing in the Freedom of Information Law may appropriately be asserted, the record sought must be made available. In Washington Post v. Insurance Department [61 NY2d 557 (1984)], the controversy involved a claim of confidentiality with respect to records prepared by corporate boards furnished voluntarily to a state agency. The Court of Appeals reversed a finding that the documents were not "records" subject to the Freedom of Information Law, thereby rejecting a claim that the documents "were the private property of the intervenors, voluntarily put in the respondents' 'custody' for convenience under a promise of confidentiality" [Washington Post v. Insurance Department, 61 NY 2d 557, 564 (1984)]. Moreover, it was determined that:
“Respondent’s long-standing promise of confidentiality to the intervenors is irrelevant to whether the requested documents fit within the Legislature’s definition of ‘records’ under FOIL. The definition does not exclude or make any reference to information labeled as ‘confidential’ by the agency; confidentiality is relevant only when determining whether the record or a portion of it is exempt (see Matter of John P. v Whalen, 54 NY2d 89, 96; Matter of Fink v Lefkowitz, 47 NY2d 567, 571-572, supra; Church of Scientology v State of New York, 61 AD2d 942, 942-943, affd 46 NY2d 906; Matter of Belth v Insurance Dept., 95 Misc 2d 18, 19-20). Nor is it relevant that the documents originated outside the government...Such a factor is not mentioned or implied in the statutory definition of records or in the statement of purpose...”
The Court also concluded that “just as promises of confidentiality by the Department do not affect the status of documents as records, neither do they affect the applicability of any exemption” (id., 567).
In sum, I believe that there is a distinction between the situation in which the Board has no ability to gain access to data unless and until it is made available or shared by a campaign, in which case, I do not believe that the data would constitute agency records, and that in which the Board has the ability to gain access to the data, even though it may promise or agree not to do so. In that latter instance, the data would in my view consist of records that fall within the scope of the Freedom of Information Law.
I hope that I have been of assistance.
Robert J. Freeman