On March 2, 2017, the California Supreme Court reversed the Court of Appeal in City of San Jose v. Superior Court (Smith), and held that communications by a city employee concerning public business on a personal account, such as email, phone or computer, may be subject to disclosure under the California Public Records Act (“PRA”).
In 2009, Ted Smith presented the City of San Jose with a PRA request for communications regarding a development project for the City. Specifically, Smith sought voicemails, emails or texts sent or received on personal electronic devices used by the mayor, city council members and staff. The City agreed to produce records stored on its servers and those transmitted to or from private devices using City accounts, but did not produce communications from the individuals’ personal electronic accounts that were stored solely on personal devices or servers.
Smith filed a successful action for declaratory relief in Superior Court which found that the City was required to produce the requested communications notwithstanding the fact that the communications were not directly accessible by the City since they had been sent from and received on private devices using private accounts. The Court of Appeal reversed on the basis that the requested electronic communications were not public records because they were not “prepared, owned, used, or retained” by the public agencies that are the subject of the Act.
The Supreme Court unanimously reversed the Court of Appeal, holding that a city employee’s communications about public business are not excluded from the PRA just because they are sent, received, or stored in a personal account. The Court emphasized the PRA’s purpose is to provide public access to “the conduct of the people’s business” and the California Constitution’s mandate to broadly construe statutes providing for access to public information. In reaching its decision, the Court focused on the definition of a “public record” under the PRA and explained that “a public record has four aspects. . . (1) a writing, (2) with content relating to the conduct of the public’s business, which is (3) prepared by, or (4) owned, used, or retained by any state or local agency.” Writings include electronic communications and “must relate in some substantive way to the conduct of the public’s business” to meet this test. The Supreme Court disagreed with the Court of Appeal on the meaning of “prepared by any state or local agency.” State and local agencies can only act through their individual officials and employees, so when individual employees are conducting public business, they are acting on the agency’s behalf. Thus, writings relating to the public’s business prepared by agency employees are public records, regardless of whether the employee prepared the record on a personal or agency account. The Court explained that the location where the writing is stored is irrelevant; a writing does not lose its status as a public record merely because it is stored in an employee’s personal account.
The Supreme Court also addressed policy concerns implicated by its decision. Because there is no law requiring public employees to only use government accounts for public business, government employees could simply hide any communications from disclosure by using their personal account. This would be incompatible with the purposes of the PRA. Moreover, the Court explained privacy concerns would still be considered because the PRA exempts many documents from disclosure and even has a catchall exemption to balance privacy concerns. The focus in determining whether a communication is a public record should always be on the content of the record – not its location or the medium of the communication.
How does this decision affect your agency?
Because public agencies will likely be concerned about how to search and obtain public records that may reside in employees’ personal accounts, the Supreme Court issued guidance on this issue. Since the Court was not ruling on any specific search, the Court’s instructions are not legal precedent, but likely will be looked to in the future by other courts and can act as a roadmap to agencies in navigating obtaining public records from employees’ personal accounts.
Agencies only need to conduct reasonable searches; “extraordinarily extensive or intrusive searches” are not required.
Agencies can develop their own internal policies for conducting searches and request and “reasonably rely on [their] employees to search their own personal files, accounts, and devices for responsive material.” The Court noted employees can be trained how to search for and segregate public from private records. In addition, agencies can satisfy their obligations under the PRA when employees act in good faith and submit an affidavit with sufficient facts to show the information in their personal records is not a public record under the PRA.
Agencies can also adopt policies requiring employees to refrain from using their personal accounts for public business, or requiring them to copy communications to their government accounts when they do so. This would minimize public records from existing solely on personal accounts.
The Supreme Court’s guidance places the burden on public agencies to develop proper policies and procedures regarding the use of personal devices by employees and officials to conduct public business. A failure to timely comply with the PRA can result in an order to disclose records as well as an order to pay attorney’s fees. While the safest approach to comply with the PRA based on this decision would be to require all employees and officials to only use agency computers and accounts for communications about public business, that policy may not be advisable for some agencies. In those cases, a strong policy that puts the burden on agency employees to verify they have conducted a thorough search for public records will be the agency’s best defense to PRA claims. Agencies will also want to provide training to their employees on these policies and document the training. Strong policies and training of employees on those PRA policies will minimize the risk to public agencies of non-compliance with the PRA.