SB 944 – Public Information
Recently the Texas Legislature passed new rules around public information and retention, and I’ve been asked by a number of people to look at the bill and weigh in on it.
Our state’s philosophy on access to written communication is clear and reasonable:
Under the fundamental philosophy of the American constitutional form of representative government that adheres to the principle that government is the servant and not the master of the people, it is the policy of this state that each person is entitled, unless otherwise expressly provided by law, at all times to complete information about the affairs of government and the official acts of public officials and employees. The people, in delegating authority, do not give their public servants the right to decide what is good for the people to know and what is not good for them to know. The people insist on remaining informed so that they may retain control over the instruments they have created. The provisions of this chapter shall be liberally construed to implement this policy.
There has been quite a bit of discussion around SB 944, which changes how we are required to store information that we receive in the course of our job as elected officials. I believe that this law was written to prevent a Clinton email server scenario, where a person might run a private message service and restrict public access to the data that’s on it, or remove data in advance of either an Freedom of Information Act (FOIA) request or a criminal investigation.
Here are the high points of the new law:
- As an elected official, I do not ‘own’ the data that I send and receive while in office. This means that if I get a text message or email from someone, that text is part of the public record.
- If the city’s public information officer (PIO) asks me to provide data that I am in custody of, I have 10 days to provide it to them.
- If I fail to either maintain the data or provide it to the PIO when requested, I can be punished civilly and/or criminally.
- This applies to information that is maintained on a privately-owned device; this is an important distinction that I’ll come back to.
- The city sets data retention requirements in accordance with Federal, State, County, and City laws, so presumably after some amount of time the info will be safe to delete. I am choosing not to delete ANY data, because records retention is often subject to debate, differing interpretations, and the mood of the judge or jury that week. Criminal penalties go up to a class B misdemeanor, which have a maximum penalty of 180 days in a county jail and a fine up to $2000. I don’t look good in orange, so I’m going to try and avoid those penalties.
- HIPPA rules still protect health information and is exempted from this law
- The PIO is required to reach out to me if:
- The information has been requested from the city
- The PIO believes I would have that information
- The PIO needs the information to be compliance with the information request
- The information has not already been provided.
Emails managed on your government-issued email address are a no-brainer and should be retained. Emails sent to a non-government email address that might be in the public interest should be forwarded to your government-issued email account as appropriate to create a full and accurate public record of your activity. I am unsure about emails that are sent to the spam folder automatically and have an auto-delete timer associated with them. I’m leaving that in the hands of our city I.T. department, as they are in possession of that information already and will need to work out that retention policy with our city’s PIO.
I’ve publicly questioned how social media is supposed to function with these requirements in place. The law does not provide insight for use of those platforms. Since Facebook, Instagram, Twitter, etc, are not hosted and maintained on private devices, and the vast majority of that information is already in the public domain, trying to capture and store that information does not fit the bill’s intent nor even the letter of the law. However, because records retention combined with social media and data custodianship is such a rapidly-evolving area of law, I am planning to use Facebook’s data archive feature once a year to back up all of my activity on the platform. If I receive a request from a PIO for data and it isn’t readily available on Facebook, I will be able to pull the information from my stored archive.
Additionally, if I accessed my Facebook account and conducted public business from a public computer at the library, I still believe that the intent of the law is to make that information a part of the public record. I don’t want to use a loophole in the law to deny the public a right to information that I created which might be relevant to a legitimate public information request. It is my intent to err on the side of caution and always work to preserve the public record.
iPhones: Text messages sent, received, and managed on Apple’s iCloud service are questionable. While the messages are not maintained on a private device, they are also not publicly accessible, and I share custodianship of that data with Apple. Cloud-based storage with a single access point may still qualify as information that needs to be kept. In the Clinton email server scenario, had the service been cloud-based, I would imagine that the same data retention rules would apply. It is my opinion that public officials should find technology that allows for long term storage and retrieval of text messages in compliance with their city government’s data retention rules. This applies to all platforms including apple, android, etc.
Android: Last night I installed a free app from the google store (SMS Backup+) that backs up and syncs my text messages to my google account. It runs daily to keep them backed up. I should be able to retrieve those texts if I receive an information request from the city PIO.
I publish a blog that is available to the public (you’re reading it now). Since the information is already in the public domain, an FOIA request would not be required to access any part of it. I keep a backup of the site for restoration in case of server failure. Once my time in office is complete, if I decide to take the site down, I will take a final backup of the site and forward a copy to the city’s PIO for long term storage. While I am in office, I don’t believe that there will be an ongoing need to provide that publicly available data to the PIO since it is already retrievable.
I haven’t found anything yet that allows for confidential correspondence via electronic messaging means between a constituent and their representative. If you are concerned for your welfare but still need to talk, voice is your only ‘private’ option. Everything else will be a part of the public record.
The practical impact of this law will be a change in how I manage emails sent to my campaign email address and text messages that I receive. I will:
- Forward messages sent to my campaign email ( firstname.lastname@example.org ) such as requests for city service or policy questions to my email@example.com email address, then answer the request from there.
- Use an app to backup my text messages
- Perform a yearly archive of my Facebook data
- Perform a yearly archive of my Twitter posts (my website generates a tweet automatically when I post something on my website, otherwise I do not tweet)
- Ask that all consultations that require confidentiality be done by voice only.
This law puts several new burdens on your elected officials (who are volunteers by and large) to try our best to archive even the most casual conversations on social platforms that deal with public affairs. I would expect that people who have difficulty with the technology will simply walk away from those platforms. This is understandable, and regrettable. I intend to stick with the platforms that I use today and figure out ways to use them in ways that are compliant with the new law. Neighboring jurisdictions have already begun announcing changes in the way that they will communicate with their citizens. I’ve picked a slightly tougher path for the sake of more open communication, but I do not blame cities for reducing communication to ensure legal compliance.
As legal opinions form and best practices evolve for this law, I will keep you updated here. For now, I’ll work to stay transparent in my council work to the best of my ability.
The new law takes effect on September 1, 2019.