But Her Emails!

Does it matter where? 
Toensing v. The Attorney General of Vermont, 2017 VT 99

By Elizabeth Kruska

This decision seems like a big deal, but when you boil it down, it actually seems a lot more like common sense. I will sum up: sometimes state officials use their personal email accounts to send “work email” and if they do, sometimes those documents are public records. If those documents are public records, and if someone makes a Public Records Act request for them, they may have to be disclosed.

Vermont has the Public Records Act (PRA), which governs disclosure of, well, public records. The point is that we, as the citizenry, have the right to know what our government officials are doing. The PRA sets forth what is a public record, and what kinds of records are exempt from disclosure. For various reasons the public doesn’t get the right to see everything generated by the government. But if a citizen makes a request for certain documents, the government has to either (a) turn them over or (b) say why they shouldn’t have to turn them over.

So, apparently Brady Toensing wanted to see some government-related emails and made a PRA request. The request included disclosure of emails sent by certain government officials through their state email addresses as well as certain emails they sent using their private email accounts. The Attorney General’s Office (AGO) did a search and identified something like 13,000 state emails that fit the bill. Some were disclosed, some were exempt, all came from the government officials’ official state email addresses.

Plaintiff said, “hold the phone, there’s more, and I know about it, and I want to see it,” referring to some government-related emails sent through private accounts. AGO said, essentially, “we can’t give that to you because it’s not a public record and we don’t have control of it.” AGO went on to take the position that the legislature wouldn’t have intended PRA to extend to private email accounts, and further, that Plaintiff didn’t provide sufficient justification for the privately-held documents.

Plaintiff said, “It doesn’t matter where it’s stored; if it’s a public document, it’s a public document.” AGO filed a motion for summary judgement, which was granted. Plaintiff appealed, and SCOV reverses.

Here’s an analogy that feels pretty apt in this case. Let’s go back to the dark ages when documents were stored on paper in file drawers. Suppose Plaintiff made a request for public documents to a government agency. The agency official would go over to the drawer, pull out the folder, and show the document. It would simply not fly as a non-disclosure defense if the agency official declined to show a paper document because it was stored in a private off-site storage facility. It doesn’t lose its character as a public document because of where it’s held.

Furthermore, suppose the court went the other way and agreed that the storage location could change the character of whether or not something is a public document. No agency official ever would do his or her work through their official work email; it would all be done through “private” accounts. SCOV sees this as a real concern. The legislature very clearly meant for PRA to be expansive and to give citizens access to information within their government, and it’s not appropriate for the government to try to circumvent the legislature’s intent by sending emails from superhighlevelgovernmentofficial@aol.com. You’ve got mail, indeed.

SCOV says that AGO has the burden to do a reasonable search of their documents. And if there’s a request like the one made here, AGO’s burden is to ask its affected employees to do a reasonable search of their personal email accounts (or other communication media) to find documents that may fit the description and to turn them over. From there it’s up to the agency to determine if they’re public documents or not.

To be sure, nobody was suggesting, and nobody suggests that anyone who works for the state and who also has a personal email account has to turn over their passwords to let some third party search the private account to see if there are affected documents lurking therein. SCOV recognizes that we all have privacy interests and that people use private email accounts for personal things.

SCOV stops short of giving instruction on exactly how agencies are supposed to deal with this. Basically, there should be good training so that employees know what are and aren’t public documents. And if there’s a request like the one here, they should be asked by their superiors to search their own emails. If there’s something that fits the bill, turn it over. SCOV recognizes that documents sought are going to be different in every situation, so it’s not going to make a one-size-fits-all rule on how to do handle such disclosures. SCOV also decided it wasn’t going to require employees to submit an affidavit attesting they’d done the search and disclosure, because a well-trained employee’s good faith search should be sufficient.

And now for the editorial portion: it seems the safest way to prevent this sort of thing from happening is to just not send business emails from a personal account. Then nobody looks like they’re skirting the rules or hiding anything or trying to avoid disclosures. Not to mention security issues; it seems like it’s every other day there’s some story about how millions of accounts got hacked.

To sum up—some privately-held emails might be public records that have to be disclosed pursuant to a PRA request.

Comments