California Supreme Court Holds Public Records Sent Through Private Email Accounts and Devices May Be Subject to Disclosure
In a much-anticipated decision, the California Supreme Court held on March 2, 2017, that when a public employee uses a personal account or device to communicate about the conduct of public business, the writings may be subject to disclosure under the California Public Records Act (CPRA). (City of San Jose v. Superior Court of Santa Clara County (2017) Case No. S218066.)
In June 2009, Ted Smith requested disclosure of records from the City of San Jose, certain elected officials, and their staff. The request sought records related to the City’s redevelopment efforts in the downtown area, and included emails and text messages sent or received on officials’ and employees’ private devices. When the City refused to disclose communications made from private devices, Smith sued for declaratory relief. The trial court ordered the City to disclose the records, but the Court of Appeal reversed, holding that public agencies need not produce messages on personal electronic devices and accounts, or search those devices and accounts for such records. Smith appealed and the Supreme Court granted review.
The Supreme Court’s Decision
The Court described the single "narrow issue" in the case: "Are writings concerning the conduct of public business beyond CPRA’s reach merely because they were sent or received using a nongovernmental account?"
Noting the competing interests of openness in government and protecting personal privacy, the Court concluded, "Employees’ communications about official agency business may be subject to CPRA regardless of the type of account used in their preparation or transmission." The Court made no distinction between the terms employee and official for purposes of the CPRA requirements.
The Court focused primarily on the definition of a "public record" under the CPRA: "(1) a writing; (2) with content relating to the conduct of the public’s business, which is (3) prepared by, or (4) owned, used, or retained by any state or local agency." The Court did not address whether any exemptions under the CPRA could apply because the City had not invoked any CPRA exemptions.
With regard to the second element of a public record, its content, the Court clarified that "at a minimum, a writing must relate in some substantive way to the conduct of the public’s business." This standard, the Court specified, should not be "so elastic as to include every piece of information the public may find interesting." If a communication is primarily personal in nature, it should not be considered a public record. As an example, a public employee casually discussing a colleague’s "personal shortcoming" through email "will often fall far short" of becoming a public record.
As to the third element, noting that an agency can act only through its individual officers and employees, the Court concluded that if a writing is prepared by an employee, regarding agency business, it is "prepared by" the agency regardless of whether a personal account was used.
The Court interpreted the fourth element to mean that records in the entity’s actual or constructive possession are subject to a CPRA request. An agency has constructive possession of records if it has the right to control them, either directly or through another person. Therefore, the Court held, writings prepared by a public employee regarding agency business are public records, regardless of where they are located.
The Court concluded the Legislature never intended for public officials to have the ability to "shield communications about official business simply by directing them through personal accounts." Any other interpretation would mean that "sensitive information could routinely evade public scrutiny."
Practical Effect on Public Agencies
Recognizing that the CPRA does not prescribe specific methods of searching for records, the Court offered agencies limited guidance for complying with the duty to disclose records from private employee accounts or devices. Though the Court did not indicate that following its guidance would guarantee compliance, it noted the two suggestions offered are already being used by federal agencies to respond to requests under the Freedom of Information Act.
First, when faced with a CPRA request seeking records believed to be in an employee’s personal account or device, the agency should communicate the request to that employee. The agency may "reasonably rely" on the employee to search his or her own personal files, accounts, and devices for responsive material. For this procedure to be adequate under the CPRA, the employee must be trained in distinguishing public records from private records. An "employee who withholds a document identified as potentially responsive may submit an affidavit providing the agency, and a reviewing court, ‘with a sufficient factual basis upon which to determine whether contested items were "agency records" or personal materials.’" When an employee makes a good faith effort to comply with the request, the agency fulfills its responsibility to conduct a reasonable search under the CPRA.
Second, the Court suggested that agencies develop policies that reduce the incidence of public records being maintained solely in private accounts and devices. For example, the agency could require that all emails involving agency business, sent by an employee through a private account, be copied to the employee’s agency email account. (See, e.g., 44 U.S.C. § 2911(a) [prohibiting use of personal electronic accounts for official federal agency business unless messages are copied or forwarded to an official account]; 36 C.F.R. § 1236.22(b) [requiring federal agencies to ensure official email messages in employees’ personal accounts are preserved in the agencies’ recordkeeping system].)
This decision is likely to result in many more requests for records that reside on officials’ and employees’ personal devices. To be prepared for these requests, public agencies are advised to promptly adopt the measures suggested by the Supreme Court: (1) training all employees and officials in identifying public records, (2) developing an appropriate affidavit for employees to use, and (3) adopting policies to discourage the use of personal accounts and devices for the conduct of public business. Our team of attorneys can assist any public agency in implementing these measures.