HD25 - Report of the Virginia Freedom of Information Advisory Council - December 2008


Executive Summary:
The Virginia Freedom of Information Advisory Council (the Council) continues to fulfill its role to the Virginia General Assembly by serving as a clearinghouse for public access issues. For the eighth straight year, the Council has conducted in-depth reviews of FOIA and other public access legislation referred by the General Assembly. Seven bills were referred to the Council for study by the 2008 Regular Session of the General Assembly, all addressing different aspects of access to personal information. These issues ranged from public access to social security numbers (SSNs) contained in public records to information about holders of concealed handgun permits and individuals who donate or loan one or more items of personal property to publicly-owned museums. (*1) In addition, the Council undertook the review of legislation passed in 2008 (*2) concerning electronic communication meetings conducted by the Air Pollution Control Board (Air Board) and the State Water Control Board (Water Board) as part of the environmental permitting process. While this issue was not the central thrust of HB 1332/SB423, these specific provisions conflicted with FOIA requirements for conducting teleconferences and other electronic meetings. There was concern that these conflicting provisions, left untouched, would set a bad precedent for other public bodies to follow thereby denying public access to their actions. To study the above-described issues, the Council recommissioned two subcommittees.

The Personal Identifying Information Subcommittee (PII Subcommittee), initially formed in 2007 continued its work on public access to SSNs and concealed handgun permit applications. The PII Subcommittee also examined access to personal information about donors to public museums (HB 858/SB 647) and ultimately decided to take no further action on these bills. For a second year, the PII Subcommittee worked jointly with the SSN Subcommittee of the Joint Commission on Technology and Science (JCOTS) on disclosure of SSNs contained in public records. What initially appeared to be a relatively easy issue to resolve, turned out not to be the case. There was consensus from all sides, however, that greater protection of SSNs was desirable to hamper identity theft and other unlawful uses of SSNs. The statutory method by which that goal was achieved, however, proved more elusive and complex. Testimony before the PII Subcommittee indicated that a FOIA exemption for SSNs was problematic for certain entities (e.g. print media, data aggregators, private investigators, and others) because of their need for access to SSNs to verify an individual's identity. These entities and access advocates both argued that a FOIA exemption for SSNs, although discretionary, would be treated by government as a prohibition and effectively no records containing SSNs would be released. It was further noted that an exemption for SSNs in FOIA itself would be counter to its underlying policy that motive for the request (i.e. verification of identity) is immaterial and this approach would require government entities to ascertain the motive behind the request. In contrast, privacy advocates argued that because FOIA exemptions are discretionary and not mandatory, a government entity could chose to release records containing SSNs absent an express prohibition found in some other law. At the recommendation of the PII Subcommittee, the Council considered several approaches to protect the disclosure of SSNs. There were, however, common threads in each approach. First, protection of SSNs should be a separate statute and not a part of FOIA so as not to harm the underlying policy of FOIA as noted above. Secondly, entire SSNs should be treated as confidential and their release prohibited except under limited circumstances, including to law-enforcement and criminal justice agencies or pursuant to proper judicial order. Ultimately, the Council voted to defer action on this issue because none of the approaches appeared to strike the proper balance. The Council felt that the fact that three different legislative proposals were offered to the resolve the issue was evidence that a recommendation at this time was premature. The Council remains committed, however, to resolution of the issue.

With the enactment of the Council- and JCOTS-sponsored legislation in the 2008 Session prohibiting the collection by state and local agencies of SSNS, beginning July 1, 2009, except where authorized or required by law and essential to the mission of the agency (*3), the Council, with the concurrence of JCOTS, recommends extending the effective date of this prohibition until July 1, 2010. Given the response from the SSN surveys and the tremendous volume of data to process and verify, the Council and JCOTS agreed that an additional year is necessary to thoroughly process and analyze all of the implementation issues relating to the statutory restriction on collection of SSNs.

Additionally, at the request of the General Assembly, the Council re-examined, the issue of public access to records relating to holders of concealed weapons permits (SB 529, Houck). The Council adopted the position of the PII Subcommittee to recommend again SB 529 in 2008 because of its belief that the bill reflects the proper balance between privacy and public access. The recommendation of the Council would require the Department of State Police (DSP) to withhold from pubic disclosure permittee information submitted to the DSP for purposes of entry into the Virginia Criminal Information Network, with a limited exception for access by law-enforcement agencies. Records of the names and addresses of holders of concealed weapons permits issued by the DSP, however, to out-of-state persons would be publicly available from DSP. Permittee records will still be open to the public at each circuit court where the permits are issued.

The Electronic Communications Meeting Subcommittee (Emeetings Subcommittee) considered public access issues raised by statutory changes made in 2008 that would allow members of the State Air Pollution Control Board (Air Board) and the State Water Control Water Board (Water Board) to meet via teleconference under certain circumstances. The various stakeholders testified before the Emeetings Subcommittee on HB 1332/SB 423, and expressed concern that any recommendation of the Council to resolve the FOIA conflicts in the law would reopen other issues, unrelated to the electronic meeting provisions, in HB1332/SB423. The Council felt that such concerns, while valid, were not a compelling reason not to address the access issue given that General Assembly Sessions are rife with bills involving numerous stakeholders resulting in legislation that represents uneasy compromises. As a result, the Council voted unanimously to approve the Emeetings Subcommittee draft legislation and recommend it to the 2009 Session of the General Assembly.

The Council created two additional subcommittees, the Meeting Minutes Subcommittee (Minutes Subcommittee) and the Database Index Subcommittee (DI Subcommittee). The Minutes Subcommittee was formed to examine issues related to the use of new technologies to record meetings and keep meeting minutes. The Subcommittee recommended legislation that would make explicit the current requirement that meeting minutes be kept in writing. The Council recognized that BoardDocs and similar technological advances may provide improvements to public access, especially in enabling access to meeting materials over the Internet before the meeting is held. However, concerns were expressed that the traditional historical form of meeting minutes has always been a written summary, which is not dependent on technologies which change and grow obsolete over time, and which still serves its traditional purpose of providing a readily-accessible synopsis of events at a public meeting. As a result, the Council voted unanimously to approve the recommendation of the Minutes Subcommittee and include it as part of the Council's legislative recommendations to the 2009 Session of the General Assembly.

The DI Subcommittee was formed because of perceived confusion and lack of compliance regarding the requirement that state agencies compile an index of computer databases and annually update it. As a related matter, the DI Subcommittee also examined the current requirement found in § 2.2-3704.1 that state agencies publish a statement of FOIA rights and responsibilities on their respective websites. The Council adopted the DI Subcommittee recommendation to eliminate the requirement for a database index requirement in favor of expanding the statement of rights and responsibilities to include a requirement that the statements also contain a general description of the types of public records an agency has and the types of exemptions that may apply to those records, ensuring meaningful public information and access. To implement these additional requirements, the Council will be proactive in developing a model document for use by state agencies. Additionally, the Council will offer its expertise to assist in customizing the model document to meet the needs of each agency.

The Council continued to monitor Virginia court decisions relating to FOIA. The U.S. District Court for the Eastern District of Virginia heard the case of Chester Szymecki v. the City of Norfolk, involving the required furnishing of a SSN. The relevant facts are that Mr. Szymecki and his family attended Harborfest, a public festival in Norfolk, Virginia. Mr. Szymecki was carrying openly a holstered handgun. A Norfolk ordinance prohibited such carry. Mr. Szymecki was detained and charged with violation of the ordinance. Mr. Szymecki stated that officers demanded his SSN, telling him he could either provide his SSN and be issued a summons, or be arrested and incarcerated if he refused. The police did not state why they needed his SSN, their authority for collecting it, or how it would be used. He provided his SSN, and was issued a summons. The charges for violating the local ordinance were later dropped. Mr. Szymecki further alleged that when he later went to pick up his personal property from the police, they again demanded his SSN, stating that they would not return his property if he did not provide his SSN. Again, the police did not state why they needed his SSN, their authority for collecting it, or how it would be used. Mr. Szymecki again provided his SSN. Among other claims, Mr. Szymecki alleged a federal Privacy Act Section 7 claim for the improper collection of SSNs. (*4) The court first found that Section 7 confers a legal right on individuals, and violations may be enforced through an action under § 1983. (*5) The court further found that Mr. Szymecki had alleged facts sufficient to state a claim for violation of subsections (a) and (b) of Section 7. (*6) This matter is set for trial on December 16, 2008.

In another U.S. District Court case in the Eastern District of Virginia, Ostergren v. McDonnell, the Court considered the prohibition on dissemination of SSNs obtained from public records contained in the Personal Information Privacy Act (PIPA). (*7) Ms. Ostergren advocates for the removal of SSNs from public records, especially court records that are published online. She publishes the Virginia Watchdog website to further those efforts. Among other content on the website, Ms. Ostergren republishes public records that contain SSNs in order to emphasize her advocacy and illustrate the problem. As of July 1, 2008, amendments to PIPA prohibit such republication of public records containing SSNs. Violators may be subject to fines up to $2500 per violation, investigative demands, and injunctions. In its analysis the court reviewed prior Supreme Court decisions and observed that SSNs are generally entitled to privacy as personal identifiers that may be misused. However, the court found that based on the record that the General Assembly did not provide funding for the redaction by court clerks of SSNs from court records, protection of SSNs is not a state interest of the highest order. The court also found that this matter - the protection of SSNs - is a matter of public significance, and that Ms. Ostergren's speech is political in nature and entitled to protection under the First Amendment. The court decided that PIPA is unconstitutional as applied to Ms. Ostergren's website as it presently exists, but further briefing would be required "on the propriety and scope of an injunction other than with respect to Ostergren's website as it exists." (*8) As of the date of this report, the parties have submitted additional briefs and are awaiting the final order of the court.

The Council continued its commitment to providing FOIA training. The Council views its training mission as its most important duty and welcomes every opportunity to provide FOIA training programs. During 2008, Council staff conducted a total of 64 FOIA training programs throughout Virginia at the request of state and local government officials, the media, and citizens. Training programs are tailored to meet the needs of the requesting organization and are provided free of charge. All Council-sponsored training programs, whether the statewide workshops or specialized programs, are approved by the Virginia State Bar for continuing legal education credit for licensed attorneys. In 2009, the Council plans to conduct its statewide FOIA workshops in at least six statewide locations, but is concerned about the appropriateness of conducting these workshops given the current budget shortfall for state and local governments. The Council is exploring ways to provide the much-requested workshops free of charge. In addition to Virginia State Bar continuing legal education credit, these workshops are also pre-approved by the Department of Criminal Justice Services for law-enforcement in-service credit and the Virginia School Board Association for academy points. The Council expects to reach approximately 600 persons, including government officials, media representatives and citizens, through the 2009 statewide FOIA workshops.

For this reporting period, the Council, with a staff of two attorneys, responded to approximately 1,700 inquiries. Of these inquiries, 11 resulted in formal, written opinions. The breakdown of requesters of written opinions is as follows: one by government officials, two by media representatives, and eight by citizens. The remaining requests were for informal opinions, received via telephone and e-mail. Of these requests, 827 were made by government officials, 641 by citizens, and 206 by media. Over the past several years, the Council has seen an increase in the number of informal opinion requests as compared to requests for formal written opinions. This trend appears to stem from the Council's reputation as a valuable resource for answering FOIA questions before disputes arise.

FOIA was again the subject of significant legislative activity in the 2008 Session. The General Assembly passed a total of 21 bills amending FOIA. Of the 21 bills, nine bills created seven new record exemptions to FOIA, three bills added new closed meeting exemptions, and eleven bills amended existing provisions of FOIA. One successful bill amending FOIA--SB 131 (Houck)/HB 854 (Ebbin), concerning emergency meetings of local public bodies--was a recommendation of the Council. Additionally, a joint recommendation of the Council and JCOTS, SB 132 (Houck)/HB 634 (May), amending provisions of the Government Data Collection and Dissemination Practices Act, was enacted. Similarly, SB 133 (Houck) and HB 633 (May), amending the Personal Information Privacy Act, also passed as a joint recommendation of the Council and JCOTS. SB 529 (Houck), concerning access to concealed carry handgun permits, was introduced as a recommendation of the Council and, as noted above, was re-referred to the Council for further study during the 2008 interim. A more detailed report of the bills passed during the 2008 Session appears on the Council's website and is attached to this report as Appendix E.

In August, the Council elected Delegate H. Morgan Griffith to chair the Council, with Senator Edd Houck elected as vice-chair. The Council also bid farewell to outgoing Council members John B. Edwards and W. Wat Hopkins, both original members of the Council whose membership terms expired July 1, 2008. The Council welcomed new members Forrest M. "Frosty" Landon, appointed by the Senate Committee on Rules, and John G. Selph, appointed by Speaker of the House of Delegates, to fill these vacancies.

Finally the Council adopted, by a vote of 6 to 5, a formal statement concerning the conduct of electronic meetings promoting face-to-face meetings as the preferred standard. The statement of principle, as adopted by the Council, reads as follows:

The Freedom of Information Advisory Council believes that technology can expand public monitoring of and participation in the affairs of government. It also believes representative government is best served when public officials meet face-to-face in regularly scheduled public meetings.

One of the primary responsibilities of accepting public office is the regular participation in face-to-face public meetings. The Council believes such meetings should continue to be the rule rather than the exception.

As technology advances, the use of electronic meetings will accelerate. As that occurs, the FOIA Council will continue to balance the preference for face-to-face meetings against the emerging technology in light of the clear policy statement of FOIA to afford citizens every opportunity to witness the operation of government, "since at all times the public is to be the beneficiary of any action taken at any level of government."
___________________________________
(*1) In brief, SB 529 concerned public access to concealed carry handgun permits; HB 858 and SB 647 were identical bills that would have provided an exemption for records of a publicly owned museum that could be used to identify an individual who donates or loans one or more items of personal property to the museum; four bills concerned different aspects of access to social security numbers (SSNs): HB 1087 would have exempted SSNs contained in local government records, HB 1088 would have exempted SSNs contained in records of the Department of Game and Inland Fisheries, HB 1096 would have established the Protection of Social Security Numbers Act, and HB 1102 would have provided a general FOIA exemption for SSNs.
(*2) Chapters 276 and 557 of the 2008 Acts of Assembly (SB 423 (Puckett/HB 1332 (Landes)).
(*3) Chapters 840 and 843 of the 2008 Acts of Assembly, amending the Government Data Collection and Dissemination Practices Act.
(*4) 5 U.S.C. § 552a Note ("Section 7" refers to § 7 of Pub. L. No. 93-579, 88 Stat. 1909 (1974)).
(*5) Apparently the federal circuit courts are split on these points, and there is no relevant precedent in the Fourth Circuit.
(*6) Id. (the relevant portions of Section 7 read as follows: "(a)(1) It shall be unlawful for any Federal, State, or local government agency to deny any individual any right, benefit, or privilege provided by law because such individual's refusal to disclose his social security account number .... (b) Any Federal, State, or local government agency which requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.")
(7*) Code § 59.1-443.2.
(*8) In full, the Court concluded "that Virginia Code §59.1-443.2 is unconstitutional as applied to Ostergren's website as it presently exists. However, given the significant public interest issues presented by the spreading of SSNs on the Internet, the Court will require further briefing on the propriety and scope of an injunction other than with respect to Ostergren's website as it exists."