January 2, 2009
The staff of the Committee on Open Government is authorized to issue advisory opinions. The ensuing staff advisory opinion is based solely upon the information presented in your correspondence.
Dear Mr. Gasperini:
As you are aware, I have received your letter and the materials attached to it. Please accept my apologies for the delay in response.
You have sought an advisory opinion concerning the propriety of a denial of a request made to the Village of Tarrytown for “the password, name of banks and account numbers for electronic viewing on [your] home computer of checks issued for all payments to vendors and salaries.” The request was denied on the ground that “computer access codes” may be withheld.
In this regard, I offer the following comments.
First, the Freedom of Information Law generally provides the public with the right to inspect records at locations designated by an agency (see regulations promulgated by the Committee on Open Government, 21 NYCRR §1401.3). There is no provision that would require an agency, such as a village, to enable you or others to view records on a home computer in the context of your request.
Second, that law is based upon a presumption of access. Stated differently, all records of an agency are available, except to the extent that records or portions thereof fall within one or more grounds for denial appearing in §87(2)(a) through (j) of the Law.
The exception pertinent to your request is §87(2)(i). For several years, that provision authorized an agency to withhold “computer access codes.” Based on its legislative history, that provision was intended to permit agencies to withhold access codes which if disclosed would provide the recipient of a code with the ability to gain unauthorized access to information. Insofar as disclosure would enable a person with an access code to gain access to information without the authority to do so, or to shift, add, delete or alter information, i.e., to make electronic transfers, I believe that a password, a bank account or ID number could justifiably have been withheld. Section 87(2)(i) was amended in recognition of the need to guarantee that government agencies have the ability to ensure the security of their information and information systems. That provision currently states that an agency may withhold records or portions of records which “if disclosed, would jeopardize an agency’s capacity to guarantee the security of its information technology assets, such assets encompassing both electronic information systems and infrastructures.” Insofar as disclosure of a password or a bank account number could enable a person to gain access to or in any way alter or adversely affect an agency’s electronic information or electronic information systems, I believe that it may justifiably be withheld.
I hope that the foregoing serves to enhance your understanding of the matter and that I have been of assistance.
Robert J. Freeman
cc: Jeffrey Shumejda
Carol A. Booth