Back when he was still roaming the halls of the Virginia General Assembly, and keeping everyone laughing along the way, Del. Chip Woodrum added a nice little provision to the law governing purchases made under the Virginia Public Procurement Act.
Section 2.2-1111(B)(2) says the Department of General Services’ Division of Purchases and Supply may require that for the purchase of any computer system, equipment or software, a government entity “shall consider whether the proposed system, equipment or software is capable of producing products that facilitate the rights of the public to access official records under the Freedom of Information Act.”
From a records management perspective, § 2.2-1111(B)(2) reiterates a principle the Public Records Act already makes clear: records can’t be made inaccessible simply because new hardware or new software is being used.
Most state and local government agencies get this, at least when it comes to migrating old data into new laptops or word processing programs, but where some governments tend to lose sight of the admonition to keep records in new computers or software programs accessible is when they adopt new proprietary software designed to serve a specific government function or need. They buy a new system that automates, integrates and communicates, slices, dices and analyzes, and generally allows agencies to do things that were previously cost-prohibitive or logistically daunting. But some get well into their use of the new systems before realizing that data collected and reports generated by the system are public records subject to FOIA.
Some agencies then wonder if the records should be protected from disclosure, that is, if an exemption does not already apply.
The Virginia Economic Development Partnership (VEDP), for instance, started using a great system that allowed them to better coordinate with localities as they gathered information from local businesses on their future plans. But they feared respondents would be less candid if they thought their answers would be made public. The VEDP thus successfully secured an exemption for the data in the 2009 General Assembly session.
When Prince William County Schools (PWCS) started using the automated Visitor Identification System to check school visitors against sex offender databases across the country, it realized it was collecting and keeping a lot of personal data, all subject to FOIA. The school district twice appeared before the FOI Advisory Council to announce its intent to ask for an exemption for the data.
The school district eventually dropped its plans after getting advice from the council that some of the data could be withheld under existing exemptions, and that administrative difficulties in responding to a request for large numbers of records could be alleviated by working with the system vendor to refine data fields and alter what data would be stored and for how long.
The VEDP, PWCS and all government agencies using new technologies and software should be commended for embracing new opportunities to reach out to more and more segments of their constituents. Surely none of these entities, or the many other entities using new systems to better deliver public services, had the idea to subvert the public’s right to know when they implemented their use.
Here’s the point, then, with a nod to Mr. Woodrum’s amendment: Before a government agency implements a new system — for whatever purpose — it should look at how that system fits into FOIA’s objectives.
Just a few of the questions that should be asked and answered in advance of adopting a particular system include:
- What kind of data does this collect?
- Must the data be disclosed under FOIA?
- Are there exemptions that already apply to the data?
- Is the data easily manipulated to separate exempt from non-exempt materials?
- Will the system generate aggregate or statistical reports that could be released even if exemptions for specific data apply?
These questions are not just ones the government should be asking itself. They should also be asked of the hardware and software vendors.
Vendors want to sell their products. They want to produce a product that their customers will not only buy, but also love. Vendors in the business of developing e-government programs know that their products must be adapted to fit the size, structure and function of government, as well as based on varying state and local laws.
As the customer, the government is in the position to demand certain criteria be included/excluded from the product. The government-customer is also in the position to demand changes to existing programs that no longer meet the government’s needs.
Compliance with records-retention and disclosure laws should always be considered as one of those needs.