RISK MANAGEMENT INFORMATION MINNESOTA GOVERNMENT DATA PRACTICES ACT YOU WANT WHAT? WHEN?

Transcription

1 RISK MANAGEMENT INFORMATION MINNESOTA GOVERNMENT DATA PRACTICES ACT YOU WANT WHAT? WHEN? Overview The Minnesota Government Data Practices Act, Minn. Stat. ch. 13, attempts to balance the public s right to information, individual s right to privacy, and government s need to function responsibly. The general presumption of the Act is simple: government data are public unless otherwise classified by state or federal law. Government data that is collected, created, stored, or maintained by a city are public and are accessible for both inspection and copying. There is nothing in the Act requiring any city to hand over requested information on the spot. While a great deal of the information at city hall is public and must be released when requested, a city is entitled to establish and follow a process for evaluating and complying with data requests. Simply put, it is much better to take a conservative approach when considering a data request, even if that means the data is not released immediately. In the long run, a delay, during which a city confirms the data being requested and ensures that release is permitted under the Act, may prevent a city from being sued for sharing data that should not have been released. The Act requires government entities, including cities, to identify the types of data they maintain and determine how each type of data is classified. A city must develop a public document identifying these data categories and classifications for data on individuals. (The Act does not require such a document for data that is not on individuals.). This public document must contain the name, title, and address of the city s Responsible Authority and copies of any forms used to collect private data on individuals (i.e., Tennesen Warning). This document must be updated annually. While the Act does not require that a data request be in written form, a city may require that data requests be submitted in writing and may require the use of a form designed for this purpose. Cities must respond to data requests appropriately and promptly. More than anything else, what is appropriate and prompt depends upon the scope of the request, and may vary depending upon the size and complexity of a city, the type and/or quantity of data requested, the clarity of the data request, and the number of staff available to respond to the request. Meeting the requirements of the Act can be difficult because of the demands placed on city staff to know intricate details that may differ depending on the data being requested. Finding guidance on how to apply the Act is not always as easy as simply consulting the statutes. In addition to the statutes, the Commissioner of Administration prepares educational materials and model policies. This material is provided as general information and is not a substitute for legal advice. Consult your attorney for advice concerning specific situations.

2 The Commissioner also has authority to issue advisory opinions regarding how the Act should be applied in certain situations. On occasion, Minnesota appellate courts are called upon to interpret provisions of the Act. These court decisions may disagree with the Commissioner s opinions. Appellate court decisions take precedence over Commissioner s opinions. Required Officials A city is required to have two officers to administer the responsibilities set forth in the Act. The required officers are the Responsible Authority and the Compliance Officer. The Responsible Authority is an individual designated by the city council to be responsible for collection, use, and dissemination of any set of data. The Compliance Officer is an individual designated by the Responsible Authority to handle questions or issues with data access. The Compliance Officer can be the same person as the Responsible Authority. According to the Act, requests for data are to be directed to the Responsible Authority. The Responsible Authority then makes the determination to provide or deny access to the data requested. If a person believes he/she has been wrongfully denied access to data, he/she can work with the Compliance Officer. A different outcome seems unlikely if the Compliance Officer is the same person who previously denied access to the requested data in the role of the Responsible Authority. While the concept of having both a Responsible Authority and a Compliance Officer may not seem practical in a smaller city, cities must have both to meet the requirements of the Act. The Responsible Authority may designate one or more persons to perform the required duties of this position. In larger cities, the Responsible Authority is usually the chief administrator. That person in turn might designate a representative in each department to handle data practices requests for information in those departments. In smaller cities, the city clerk is often the Responsible Authority and handles all data requests personally. The Act requires that each Responsible Authority establish procedures to ensure requests are received and complied with in an appropriate and prompt manner. These procedures must be in written form. Changes in personnel or circumstances that might impact public access to government data are to be incorporated by August 1 of each year. A copy of these procedures must be available to the public free of charge or a copy must be posted in a conspicuous place that is easily accessible to the public. Forms of Data Government data are defined as all data collected, created, received, maintained, or disseminated by a city regardless of physical form, storage media, or conditions of use. Besides paper documents, government data includes audio and videotapes, computer disks, s, and even computer hard drives. Mental impressions are not government data. Government data are more than official city records. For example, calendars with dates, times and locations of meetings, as well as notes taken at meetings, are government data. As government data, this information is subject to public access under the Act. A calendar that is a mix of personal 2

3 and public information creates the need for a city to separate the public from private before releasing requested information. Electronic forms of government data present special challenges in meeting the requirements of the Act. One such challenge is the permanency of computer files; when something is deleted on the screen, it is generally still recoverable. This is significant in the context of . Employees often use in the same way as verbal communication not realizing that leaves a record that is likely accessible under the Act. It is important to remember the Act requires that all forms of government data be accessible this includes electronic data. This requirement should be considered both when determining how best to store government data (regardless of its form) and when separating data in response to a request. Charges for Information A city cannot charge a fee for inspection of data. The Act requires that government data be kept in a manner that makes it easily accessible for convenient use. So, no matter how much time and effort is needed to find and retrieve requested data, a city may not charge a fee if a person only requests to inspect data. Inspection includes viewing the data, but does not include a city printing copies of the data unless printing a copy is the only method by which the data could be inspected. When a person requests copies or electronic transmittal of public government data, and the requester is not the subject of the data, a city may require the requester to pay a fee. Suggested guidelines for calculating such a fee are provided below. Regardless of which method is used, a city may not charge a fee for separating public data from private data. Fee Calculation Method I: If 100 or fewer pages of black and white, letter or legal size paper copies are requested, a city may charge a per-page fee of not more than 25 cents for each page copied (50 cents for a two-sided copy). A city may charge only the per-page fee and cannot require the requester to pay any other costs associated with providing the copies. A city is not permitted to divide a single request into multiple requests for copies of fewer than 100 pages in order to avoid charging a fee based on the actual cost of providing copies. Fee Calculation Method II: In all other circumstances, including requests to provide data via facsimile, a city may require the requester to pay the actual costs of searching for and retrieving the data, and for making, certifying, compiling, and electronically transmitting the data or copies of the data. A city may not charge a minimum fee. (Further guidance about this fee calculation method is on the IPAD website at Costs that may be included as long as they are reasonable: Staff time required to: o Retrieve documents, or to remove staples or paper clips o Sort and label documents, only if necessary to identify the data to be copied o Take documents to copier for copying, copy documents Note: a city may not assess a fee for labor costs that exceed those of the lowest paid employee who could complete the task(s) performed Materials (paper, copier ink, staples, magnetic tapes, video or audio cassettes, etc.) 3

4 Special costs associated with making copies from computerized data Mailing costs Vehicle costs (directly involved in transporting data to another facility when necessary to provide copies) Costs that may not be included: Staff time required to: o Separate public from private data o Open a data request that was mailed o Sort, label, or review data if not necessary to identify the data to be copied o Return documents to storage o Provide information about the data to the requester (i.e., explain content and meaning of data) o Prepare data for mailing, prepare cover letter, fax sheet of invoice for copies o Prepare cover letter, fax sheet, or invoice for copies o Credit payment and perform other associated accounting functions Purchase, rental, maintenance, and/or depreciation of copier Normal operating expenses of computer/copier, including electricity used, and machine wear/tear The entire cost of operating a multi-tasked computer for a measured unit of time, when fulfilling a request for copies was only one of the tasks performed during that unit of time Administrative costs that are not related to copying or records storage Sales tax Personnel Data Personnel data are information about an individual collected because the person has or had an employment relationship or applied for a position with the city. The presumption under the Act regarding personnel data is the opposite of the general presumption of the Act: personnel information is presumed to be private data unless otherwise noted in the Act. Tennessen Warning When a city asks a person to provide private data about himself or herself, that person must be informed of: (a) the purpose and intended use of the requested data; (b) whether he/she may refuse or is legally required to supply the requested data; (c) any known consequence of supplying or refusing to supply private or confidential data; and (d) the identity of other persons or entities authorized to receive the data. Access to personnel data in general Private personnel data can only be accessed by the data subject and by government officials whose duties reasonably require access. There is no formal definition of work duties that reasonably require access to private personnel data. This determination depends on the facts of each situation. It is the role of the Responsible Authority to decide if an individual s work duties reasonably require access to such data and to establish written procedures that ensure access is gained only by those entitled. 4

5 A common issue occurs, especially in smaller cities, when a council member requests private personnel data on a city employee. City council members do not have an automatic right to review private personnel data. Facts of the situation at hand must be evaluated by the Responsible Authority who then decides whether or not access to the data should be granted. This scenario may place the Responsible Authority, who is often the city clerk, in a difficult position when access should be denied under the Act. It is a good idea to develop a written policy that specifies when council members can have access to private personnel data. Access to personnel data by data subject A city may limit access by a data subject to all private data (personnel data or other) to once every six months. The data subject is entitled to more frequent access if additional data are collected or created or if there is a dispute about data completeness or accuracy. It is up to each city or Responsible Authority to decide whether they are going to enforce this limitation. If such a restriction is to be enforced, the practice should be in writing and a city must apply it uniformly and not selectively. If a data subject requests access to data about themselves, the Responsible Authority must respond to the request immediately or within ten business days if immediate compliance is not possible. If the subject requested the data within the previous six months, it is acceptable to respond by informing the data subject that the city limits access to private data to once every six months pursuant to the Act and therefore the data cannot be released at this time. Complaints and discipline The existence and status of any complaint about a city employee are public. In general, the identity of the complainant is also public unless the complainant is another employee. When the complainant is another employee, any data collected would be considered personnel data and, as noted earlier, the presumption is that personnel data are private data unless covered by an exception. On occasion, a complaint will result in a city taking disciplinary action against an employee. Prior to what is called a final disposition only the existence and status of the complaint are public. Once a final disposition occurs, then the disciplinary action is public along with specific reasons for the action and data documenting the basis for the action. It is important to note that if no disciplinary action is taken, no final disposition occurs. When this happens, only the existence and status of the complaint are public. When discipline is imposed, the key is determining when the disposition is final. For a non-union employee, final disposition occurs when a city makes its final decision about discipline. For a union employee, if arbitration under a union contract is a possibility, final disposition occurs at the end of the arbitration proceedings or at the expiration of the time period during which arbitration may be requested. 5

6 Other Issues to Note While there are probably as many potential data practices issues and questions as there are Minnesota cities, some issues tend to come up repeatedly. Some of the more common data practices issues and considerations are noted in the following sections. Elected Officials The Act addresses data on applicants for election or appointment separate from personnel data. However, the Responsible Authority may determine that elected and appointed officials are to be treated as employees for purposes of applying the Act. In that case, both the personnel data noted in the Act and the following are considered public data on applicants for election or appointment: name, city of residence, education and training, employment history, volunteer work, awards and honors, and prior government service or experience. Law Enforcement Data Law enforcement agencies are responsible for a tremendous amount of data. Both because of the frequency with which law enforcement data are requested and because of the potentially sensitive nature of the data, it is essential to have a well thought-out policy documenting procedures for requesting and releasing law enforcement data. The following describes the classification of commonly requested law enforcement data: Request for service data are collected or created when a member of the public requests law enforcement services. Request for service data are public data and include data on the nature of the request or activity complained of, the name and address of the person making the request, the time and date of the request, and the response initiated by the law enforcement agency. The audio recording of a 911 call made to request service from a law enforcement, fire, or medical agency is private data with respect to the individual making the call. However, a written transcript of the audio tape is public, unless it reveals the identity of an individual who is entitled to privacy. Response or incident data are collected or created by a law enforcement agency documenting the agency's response to a request for service or describing actions taken by the agency on its own initiative. Response or incident data are public data and include the date, time, and place of the action, a factual reconstruction of events associated with the action, as well as the names and addresses of witnesses, and the names and addresses of victims. Investigative data collected or created by law enforcement to prepare a case are confidential even the subject of the data is denied access while the investigation is active. Inactive investigative data are public unless release of the data would jeopardize another active investigation or would reveal the identity of an individual who is entitled to privacy. Photos that are part of an inactive investigation, but are clearly offensive to common sensibilities are private. However, the existence of such photos must be disclosed. A law enforcement agency is entitled to withhold otherwise public information if it determines that revealing the identity would threaten an individual's personal safety. Law enforcement agencies are required to establish procedures for making the determination as to when it is necessary to protect the identity of an individual. 6

7 Parks and Recreation Data Data used for the purpose of enrolling individuals in a city s recreational and other social programs are private. Specifically, the name, address, telephone number, and other data that identifies an individual are private. So are any data describing the health, medical condition(s), family relationships, living arrangements, and/or opinions as to the emotional makeup or behavior of an individual. Utility Data Data about customers of a municipal utility are public with the exception of electric utility data. If Social Security Numbers are collected in connection with municipal utility service, they must be edited from data provided to a requester. Electric utility data have an exception that makes them private data that may be released to law enforcement, a school for the purposes of assembling pupil census data, and to a public child support authority. Requests for information on new utility customers should be honored by any municipal utility other than an electric utility. Data revealing the identity of people delinquent in their utility bills are also public, again with the exception of electric utility data. It is a city s responsibility to ensure that the information being released is accurate. Releasing information that a customer is delinquent on his/her utility bill when the bill is in fact current could be considered defamatory. Cities should develop a practice of double-checking the accuracy of information before responding to such requests. Property Complaints The identity of a person making a complaint about a violation of law or ordinance concerning the use of real property is confidential data. This classification is used to shield the identity of an individual(s) who complains to a government agency from anyone who might seek retribution against the complainant. The Commissioner has issued opinions that this part of the Act not only covers the physical use of property, but noise and odors, too. Complaints against both city property and private property are included. The general presumption of the Minnesota Government Data Practices Act, Minn. Stat. ch. 13, is simple, but meeting the requirements can be difficult. However, following the items described in this memo can assist you in meeting these requirements. Tracie Chamberlin