Government must remember FOIA when trying out new technology

Back when he was still roaming the halls of the Virginia General Assembly, and keeping everyone laughing along the way, Del. Chip Woodrum added a nice little provision to the law governing purchases made under the Virginia Public Procurement Act.

Section 2.2-1111(B)(2) says that the Division of Purchases and Supply within the Department of General Services may require that for the purchase of any computer system, equipment or software, that a government entity "shall consider whether the proposed system, equipment or software is capable of producing products that facilitate the rights of the public to access official records under the Freedom of Information Act."

From a records management perspective, Section 2.2-1111(B)(2) reiterates a principle the Public Records Act already makes clear: that records can't be made inaccessible simply because new hardware or new software is being used.*

I think most state and local government agencies get this, at least when it comes to migrating old data into new laptops or word processing programs. At VCOG, we don't get too many calls from citizens who are denied records because the records cannot be retrieved from older computer systems.

We do hear of two related problems, though: records being destroyed before the expiration of the retention period mandated by the Library of Virginia, and access to older e-mails made difficult by their storage on back-up tapes. The first problem can often be chalked up to sloppy records management, but it can also raise suspicions that the records were destroyed to cover something else.

The second problem is one borne out of an understandable desire to be efficient, but which loses sight of the general notion that e-mail and paper records are to be treated the same, at least for purposes of FOIA or the PRA.

But where some governments tend to lose sight of the admonition to keep records in new computers or software programs accessible is when they adopt the use new proprietary software designed to serve a specific government function or need. They buy a new system that automates, integrates and communicates, slices, dices and analyzes, and generally allows agencies to do things that were previously cost-prohibitive or logistically daunting. That's great stuff, but....

Flush with excitement over the possibilities the systems open up, the agencies snap the systems up and are well into using them well before it then becomes clear that the data collected and reports generated by the system are public records.

Should someone ask for system records through a FOIA request, the agency would be required to turn them over unless an exemption applied. Some agencies then wonder if the records should be protected from disclosure, either because of some specific reason -- because it includes a trade secret or health information, for instance -- or because of the workload involved in gathering all the data responsive to a request or reviewing the data for exempt material.

The Virginia Economic Development Partnership, for instance, started using a great system that allowed them to better coordinate with localities as they gathered information from local businesses on their future plans. But they feared local businesses would not be as candid if they thought their answers would be made public. So, the Partnership successfully secured an exemption for the data in the 2009 General Assembly session.

The 2008 General Assembly enacted a law on meeting minutes that arose out of local government use of a service called Board Docs. The service puts meeting recordings and all agendas and supporting materials together in one spot and cross-references and indexes them. The question in the study committee was whether the recordings could serve as the public body's minutes of a meeting. Noting that a large percentage of interested individuals still did not have computers or high-speed Internet, and noting that minutes serve as much of a historical record as a present-day record, the committee ultimately rejected the notion that recordings satisfied the minutes requirement and instead recommended a bill that said meeting minutes must be in writing.

When the Prince William Count School District started using its automated Visitor Identification System to check school visitors against sex offender databases across the country, it realized it was collecting and keeping a lot of personal data, all subject to FOIA. The school district twice appeared before the FOI Advisory Council to announce its intent to ask for an exemption for the data.

The school district eventually dropped its plans after getting advice from the council that some of the data could be withheld under existing exemptions, and that administrative difficulties in responding to a request for large numbers of records could be alleviated by working with the system vendor to refine data fields and alter what data would be stored and for how long.

The Partnership, the Prince William schools, and all the public bodies using Board Docs should be commended for embracing new technologies to reach out to more and more segments of their constituents. Surely none of these entities, or the many other entities using similar or even entirely different systems to better deliver public services, had the idea to subvert the public's right to know when they began using the system.

Here's the point, then, with a nod to Mr. Woodrum's amendment: Before a government agency implements a new system -- for whatever purpose -- it should look at how that system fits into FOIA's objectives. Just a few of the questions that should be asked and answered in advance of adopting a particular system include:

(1) what kind of data does this collect?
(2) must the data be disclosed under FOIA?
(3) are there exemptions that already apply to the data?
(4) is the data easily manipulated to separate exempt from non-exempt materials?
(5) will the system generate aggregate or statistical reports that could be released even if exemptions for specific data apply?

And these questions are not just ones the government should be asking itself. It should also be asking them of the software vendors. And that's the beauty of this.

Software vendors want you to buy their products. They also know that because all government entities are just a little bit different their products will need to be modified here, tweaked there or whole elements added or deleted. As the customer, the government is in the position to request changes that make it acceptable not only to the specific service they want to deliver, but also make it compatible with existing access and records-retention laws.

Let technology work with public records laws, not thwart it. Make Chip Woodrum smile.

===========

*Specifically, § 42.1-85 of the Public Records Act says,

"....The agency shall be responsible for ensuring that its public records are preserved, maintained, and accessible throughout their lifecycle, including converting and migrating electronic records as often as necessary so that information is not lost due to hardware, software, or media obsolescence or deterioration. Any public official who converts or migrates an electronic record shall ensure that it is an accurate copy of the original record. The converted or migrated record shall have the force of the original."

Add new comment

Filtered HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <p> <br> <h2> <h3> <h4>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.