February 23, 1996

 

Mr. Michael Carlucci
Senior Associate
MCL Associates
793 Washington Street
Canton, MA 02021

The staff of the Committee on Open Government is authorized to issue advisory opinions. The ensuing staff advisory opinion is based solely upon the information presented in your correspondence, unless otherwise indicated.

Dear Mr. Carlucci:

As you are aware, I have received your letter of February 2 concerning a denial by the Office of the State Comptroller of your request "for vendors names on the system's outstanding and uncashed check listing."

In my view, if the contentions expressed by the records access officer, Jeffrey R. Gordon, are accurate, the information sought could likely be justifiably denied.

It is noted that I have conferred with individuals representing both New York State government and the banking community with respect to your request in an effort to ascertain the effects of disclosure. While I am not suggesting that your intent is to engage in any sort of illegal activity, I have been informed that financial institutions have experienced a significant increase in check fraud during recent years due in part to the proliferation of desktop publishing. Through the development of software and laser products, checks can be duplicated or printed and, therefore, counterfeited. In the context of your request, a disclosure of the information you seek coupled with a check number, the date of issuance of the check and its amount would enable unscrupulous recipients of those items to create duplicate fraudulent checks. The records access officer wrote that the ability to do so would cause substantial harm to both the state and its bank and undermine existing security protocols. If that is so, it would appear that both of the grounds for denial cited by the records access officer would be pertinent.

By way of background, the Freedom of Information Law is based upon a presumption of access. Stated differently, all records of an agency are available, except to the extent that records or portions thereof fall within one or more grounds for denial appearing in §87(2)(a) through (i) of the Law.

The so-called "trade secret" exception, §87(2)(d) of the Freedom of Information Law, authorizes an agency to withhold records that:

"are trade secrets or are submitted to an agency by a commercial enterprise or derived from information obtained from a commercial enterprise and which if disclosed would cause substantial injury to the competitive position of the subject enterprise..."

Based upon the statement offered by the records access officer, it would appear that the bank involved in the transactions has expended substantial time, effort and money in developing security protocols to ensure the integrity of financial transactions and to prevent or diminish the possibility of fraud or other illegal activity. If disclosure would nullify or reduce the value of the efforts undertaken by the bank to ensure security, the bank could be placed at a disadvantage in relation to is competitors, and disclosure in that event could cause "substantial injury to its competitive position." Assuming the accuracy of those contentions, it would appear that §87(2)(d) would serve as a valid basis for a denial of access.

The other provision upon which the Office of the State Comptroller relied, §87(2)(i), states that an agency may withhold "computer access codes." The intent of that exception in my view is to enable an agency to withhold codes that would permit unauthorized access to an agency's computers or information stored electronically, and to preclude a person without authority to do so to add, delete, alter or use information that is stored or which can be generated electronically. It is my understanding that although a check number is not a "computer access code" per se, it is used in much the same manner as a computer access code. In other words, if the account number is disclosed in combination with other data, it could be used to engage in unauthorized and perhaps illegal activity. If that is so, based upon the intent of §87(2)(i), it would appear that an account number, particularly when coupled with additional unique information, might be justifiably withheld. I hope that I have been of some assistance.

Sincerely,

 

Robert J. Freeman
Executive Director

RJF:jm

cc: Jeffrey Gordon, Records Access Officer