Illinois AG: Records on Personal Electronic Devices and E-mail Accounts Subject to FOIA
November 21, 2011
The Attorney General recently issued an opinion that reinforces the risks associated with public officials’ use of personal electronic devices and e-mail accounts to conduct public business. In the opinion, the Attorney General held that electronic records relating to the transaction of public business are “public records” subject to disclosure under the Freedom of Information Act (FOIA), even if they are generated on a public official’s personal electronic device or e-mail account. The implications of the opinion are significant because of the logistical hurdles, costs associated with searches of such technology, and potential privacy issues. Public bodies may wish to adopt policies and procedures to avoid some of those implications.
In the first binding opinion issued by the Attorney General’s Public Access Counselor (PAC) since April, 2011, the Attorney General addressed a FOIA request from a staff reporter for The News Gazette to the City of Champaign, Illinois. 2011 PAC 15916. The FOIA request sought “[a]ll electronic communications, including cellphone text messages, sent and received by members of the city council and the mayor during city council meetings and study sessions . . . .” The requester clarified that his request applied to “city-issued and personal cellphones, city-issued or personal email addresses and Twitter accounts.”
The City responded to most of the request, but denied the part seeking records from personal electronic devices and e-mail accounts. Although it conceded that there were responsive records available on such technology, the City stated that such records are not within the scope of the FOIA because they were not in the possession of the public body.
The Attorney General disagreed with the City, pointing to the definition of “public records”, which includes “all . . . documentary materials pertaining to the transaction of public business, regardless of physical form . . ., having been or being used by . . . any public body” (emphasis added). The Attorney General indicated that because the communications requested in the FOIA were “prepared by or used by one or more members of a public body in conducting the affairs of government,” they were subject to FOIA.
The Attorney General opinion addressed a situation in which board members were sending text messages regarding public business during city council meetings and study sessions, and so the Attorney General’s decision that the messages were “used by” the Board members during the meeting is understandable. It is less clear whether electronic communications by board members in other contexts or by employees of a public body (as opposed to board members) would also be considered public records under the Attorney General’s recent ruling, although it is conceivable that the opinion is broad enough to reach those records. In light of these uncertainties, public bodies should be prepared to release records in response to requests for information stored on board member and employee personal electronic devices and e-mail accounts. Collecting and reviewing these records poses significant compliance and enforcement issues involving not only obtaining access to electronic devices but also obtaining records from third party e-mail and telephone/text messaging service providers. Moreover, although the Attorney General made clear that personal communications on personal electronic devices and e-mail accounts would not be subject to disclosure under FOIA, the body may be required to review personal communications in order to identify communications that relate to public business.
To mitigate some of these concerns, public bodies may wish to revise or implement new policies and procedures that prohibit officials and employees from conducting public business through personal electronic devices and e-mail accounts. At the least, officials and employees should be discouraged from using personal devices or methods of communication when conducting public business. School districts should also provide district-approved methods of electronic communication (such as district-issued e-mail accounts) for use in conducting public business. Finally, it may be appropriate to review acceptable use policies to address compliance and enforcement issues.