Public Records Act Does Not Require Creation of Generalized Electronic Data

September 2018
Number 48

A California appellate court has ruled that public agencies are not required to provide anonymized data in response to California Public Records Act (CPRA) requests when doing so would require the public agency to create new data.

Background

The CPRA requires public entities to disclose public records unless there is a specific legal exemption. The courts have previously affirmed that the CPRA does not require public agencies to create new records to satisfy a CPRA request. However, in some circumstances public agencies are required by statute to compile or extract data from electronic records, provided that the requester pays for any associated programming or computer services costs.

Sander v. State Bar of California

In Sander v. State Bar of California, decided on August 23, researchers made a CPRA request for information from the State Bar of California related to applicants to the California Bar Examination, such as applicant race, law school, year of graduation, and undergraduate grade point average, in order to study bar passage rates among racial and ethnic groups. The researchers proposed four methods by which the State Bar could provide access to this data without violating the privacy interests of the applicants. The first method was for the State Bar to create a physical “data enclave” where the public could access and analyze the data under State Bar supervision after it had been stripped of personal identifiers and other sensitive information. The other three proposed methods involved providing anonymized data through various means. All of the methods of anonymizing the data involved some level of “generalizing” the data, such as replacing specific grade point averages with averages or ranges and replacing law school names with law school classifications.

The Court of Appeal affirmed the general principal that the CPRA requires public agencies to provide access to their existing records but does not require the creation of new records to satisfy a request. While public agencies are required to search, extract, compile, or redact electronically stored data, the court held that a request that requires a public agency to create new data is outside of the CPRA. The court also held that nothing in the CPRA required the State Bar to create a supervised “data enclave”.

Takeaways

  • Public agencies are not required to create new records in response to CPRA requests.
  • While public agencies are required to search, extract, compile, or redact electronically stored data, public agencies do not have to create new data in response to CPRA requests.
  • Public agencies are not required to anonymize data by replacing existing data with new, “generalized” data.

From a broader standpoint, this case supports public agencies that are asked to alter or manipulate existing documents or data to meet the demands of a public records requestor. As observed by the Sander court, a public agency “cannot be required to create a new record by changing the substantive content of an existing records or replacing existing data with new data”.

If you have any questions about Sander, or about the CPRA in general, please contact the authors of this Client News Brief or an attorney at one of our eight offices located statewide. You can also visit our website, follow us on Facebook or Twitter or download our Client News Brief App.

Written by:

Harold M. Freiman

Partner

Nicholas J. Clair

Associate

©2017 Lozano Smith

As the information contained herein is necessarily general, its application to a particular set of facts and circumstances may vary. For this reason, this News Brief does not constitute legal advice. We recommend that you consult with your counsel prior to acting on the information contained herein.