This is another in a series of articles by the Reporters Committee for Freedom of the Press covering legal issues that affect journalists. RCFP’s Legal Fellow Kristin Bergman wrote this article.This spring, Democratic presidential candidate Hillary Clinton came under fire when the State Department disclosed her exclusive use of a personal email server during her time as Secretary of State.
This raised major transparency concerns because she used a private account and her email correspondence was not available for production when the State Department received Freedom of Information Act requests. The State Department is now in the process of reviewing and producing the roughly 55,000 pages of email Clinton and her staff determined should be turned over to it – and those may even be incomplete.
Clinton is not alone in using a personal email address for public business: in a survey of 412 high-level government employees conducted by Atlantic Media’s Government Executive Media Group, one-third of the employees admitted they use their private email account for government business at least sometimes.
At the federal level, relatively recent regulations and legislation control government employees’ obligations to preserve email in personal accounts. In 2009, the National Archives and Records Administration (NARA) issued revised regulations on records management, requiring that agencies make sure federal records sent or received on an employee’s personal email account are preserved.
After additional bulletins and directives issued by the President, NARA, and the OMB, the Presidential and Federal Records Act Amendments of 2014 tightened this expectation; now, use of personal email accounts for public business is prohibited unless messages are transferred to the government’s system within 20 days. If followed, this requirement, combined with the federal government’s traditional seven-year retention policy, will help preserve all government officials’ work-related email, thereby preventing individuals using private accounts to avoid FOIA and public scrutiny.
The relationship between email management and freedom of information can be even more complicated at the state level, where open records laws rarely specify email retention requirements, and other laws or regulations often give too much discretion to individual employees. Without clear email retention and management policies that address both official and personal accounts, state public access laws can be effectively nullified with respect to these records.
One recent case in Pennsylvania – PG Publishing v. Governor’s Office of Administration – illustrates how state policies that allow for employee discretion to determine what email should be retained undermine open records statutes.
Under Pennsylvania’s Right-to-Know Law (RTKL), the Pittsburgh Post-Gazette challenged the email retention policy established by the Governor’s Office of Administration. Under this policy, each agency employee is afforded discretion to determine whether an email he or she sends or receives constitutes a “public record” that needs to be preserved or a “transitory” non-record that may be deleted. Individual government employees are tasked with making such determinations based on the state records manual and some training, and there is little to no oversight. In addition, just five days after an individual employee determines that an email need not be saved as a public record and deletes it, the email is permanently deleted from the agency server and cannot be recovered. As a result of this system, the Post-Gazette received only five email records in response to a RTKL request it submitted. Earlier this month, a panel of Commonwealth Court judges dismissed the suit, upholding this policy and practice, a decision the paper intends to fight on appeal.
The Post-Gazette lawsuit demonstrates how the combination of a short record retention period and employee discretion in recordkeeping threatens the efficacy of state open records laws and their goal of government transparency. With little to no oversight, an individual employee has the ability to hand select which records may reach the public. Such discretion may be easily manipulated to hide information from the public. News organizations and journalists can draw attention to this problem and place pressure on government employees to be forthcoming by recognizing public record use in stories, mentioning when information came from a public records request as well as when emails could not be obtained despite submitted requests.
Pennsylvania offers just one example of how troublesome email management and retention policies may thwart access to public records. Other states with policies and practices that can obstruct public access to government email include, but are not limited to:
- New York: While Governor Cuomo’s 90-day retention policy and accompanying records purge have received much criticism, one of the most concerning aspects of New York’s email management regime is its guidelines for implementation. With over 100 pages of complex rules explaining what email must be retained, it is hard to believe the policy has been implemented effectively. In addition, while there are exceptions that can “pause” the deletion window and trigger record retention beyond 90 days – for example, for records relating to filed freedom of information requests or pending litigation – these exceptions are only useful if the subject of the request or lawsuit comes to light within the three month time period.
- Maryland: Like Pennsylvania, Maryland’s email retention guidelines task government employees with determining whether their email constitutes a public record, and if so, whether they have permanent value. Personal and non-record email may be immediately deleted, while permanent email are transferred to the archives. Non-permanent email with “temporary importance” is subject to various retention schedules. In addition, some employees use personal accounts and individually determine which correspondence is government-related and thus should be retained. As many retention schedules only require records to be retained for 30 days before deletion, Maryland’s Public Information Act effectively allows for a non-permanent email exemption by permitting custodians to take 30 days to reply to requests.
- Florida: Though email retention periods in Florida vary greatly based on the content and nature of the record, Governor Rick Scott introduced Project Sunburst in 2012 for the stated purpose of increasing transparency in his office and other executive branch agencies. This unique program gives the public digital access to the Governor’s email, as well as those of the executive staff, within one week of receipt or creation. Though there are some exemptions, this material may be requested through traditional public records requests. In practice, however, the Governor began to use an unofficial account (and failed to forward messages to his public government one) and correspondence from some others in his office is unavailable.
Public record laws can be effective news gathering tools and help increase government accountability, but only when government records are properly preserved and maintained. When employees have too much discretion over their own email accounts and determine what to delete and what to retain, and when retention policies include short windows for preservation, these public records laws are severely undermined.
Do not let this inhibit freedom information requests, though. If anything, file early and file frequently. While requests may not be answered with as much substantive material as may have been sought or anticipated, making the inquiry and showing an interest in these materials is still important. Ultimately, sunshine laws are only as strong as the underlying records management policies and practices, and spreading awareness helps to fight this limitation.