Emails and E-Discovery: California Public Records Act
BB&K's Christine Wood Explores San Jose Ruling Repercussions in PublicCEO
By Christine N. Wood
When does a public employee’s personal privacy interests outweigh the public’s right to access records?
This question was at the crux of City of San Jose v. Superior Court in which the California Supreme Court unanimously held the public has a right to see emails and text messages pertaining to public affairs that are sent from, or received on, government employees’ and officials’ personal devices and email accounts.
The California Public Records Act is one of the state’s two Sunshine Laws that ensure government access, accountability and transparency. Under the law, a public record is defined as “any writing containing information relating to the conduct of the public’s business prepared, owned, used, or retained by any state or local agency regardless of physical form or characteristics.”
Emails: The San Jose Standard
In 2009, a local attorney sought communications from San Jose’s mayor, council members and staff after suspecting city officials had used private devices and email accounts to conceal dealings on a downtown redevelopment project that used public and private funds. The request explicitly sought “voicemails, emails and texts messages sent or received on private electronic devices” of city officials and employees.
While some documents were produced, the City responded that records on the personal devices and within the personal email accounts of the mayor and city councilmembers and staff were not public records because the City didn’t prepare, own, use or retain any of those records. The state Supreme Court disagreed and decided very clearly in 2017 that a public record is still a public record no matter where it is kept, how it was transmitted or where it is retained.
The Court established a four-part test to help agencies determine whether a communication constitutes a public record. Communication is a public record if it is:
- a writing,
- with content relating to the conduct of the public’s business
- prepared or
- owned, used or retained by any state or local agency.
The Court also gave factors to consider when identifying public records in electronic communications:
- Who is the author?
- Who is the recipient?
- What is the subject?
- What is the content?
- Was it prepared by an employee within the scope of employment?
- Does it include elected officials?
While the Court provided some guidance, it ultimately left it up to agencies to adopt policies to comply with the decision. The Court cited the following policies and procedures for agencies to consider:
- Prohibit the use of personal electronic accounts for official business unless messages are copied or forwarded to an official account.
- Require that agencies ensure official email messages in employees’ personal accounts are preserved in the agency’s recordkeeping system.
- Encourage a policy that official emails be preserved in employees’ personal accounts as well.
The Court also provided guidance for collecting records from personal devices:
- Agencies can rely on employees to search their own devices for responsive records.
- Agencies should train employees on how to distinguish public vs. private records.
- Employees need to be prepared to sign affidavits that they have conducted adequate searches and produced the responsive records.
While emails from personal devices and accounts are subject to the CPRA, it doesn’t mean the records will automatically be disclosed. It does, however, mean that such records need to go through the same processing and retention practices that other public records are subject to.
E-Discovery: An Effective PRA Tool
After San Jose, local agencies should become familiar with e-discovery as an incredibly valuable tool to reduce costs associated with electronic record production.
E-discovery is the process in which electronic data is sought, located, secured and searched for with the intent of using it as evidence in a civil or criminal case. While typically used in support of litigation, e-discovery can be utilized by agencies responding to electronic records requests.
There is one big caveat: Not all CPRA requests are created equal.
It is essential agencies have records response procedures established that can be both expanded and contracted as needed. While some request responses will not require the same depth of search as another, it is important agencies have defensible standards and practices in place in the event that a PRA request is litigated.
For public agencies fulfilling records requests, three e-discovery phases can prove helpful: identification, preservation and collection.
Identification – When presented with a request, be careful to first assess the request.
- What items are being requested?
- What date range does the request cover?
- What custodians will/could have these records?
- What are the key search terms (including jargon and acronyms) of the request?
- What other data sources might exist?
Preservation – After relevant electronically stored records are identified, agencies must ensure those records are protected from inappropriate alteration and deletion. If proper protections are not in place, agencies could be exposed to litigation.
Collection – One way to simplify the collection process is to maintain a data map containing of all the agency’s data sources. This could be as simple as a spreadsheet giving those within the organization responding to records requests a clear picture of what data is where.
The process of gathering information for future use, especially from personal devices and email accounts, is not always easy. But it is doable. Just be careful to get the assistance of e-Discovery counsel or technicians to assist in this effort.
For more on the electronic records conversation, including records storage, retention and deletion policies, check out "Digital Public Records" and watch the BB&K webinar "Do You Know the Way [After] San Jose?"
This article was originally published July 18, 2018 in PublicCEO. Republished with permission.