What Cities Should Know About Public Records in Private Accounts
HongDao Nguyen is a municipal associate with the law firm of Best Best & Krieger LLP and co-authored the League’s friend-of-the-court brief for the City of San José v. Superior Court case. Jolie Houston, partner with Berliner Cohen LLP and chair of the League’s California Public Records Act Committee, also contributed to this article.
Local agencies throughout the state have wrestled with the decision in City of San José v. Superior Court since the California Supreme Court issued its opinion earlier this year.1 The court found that records on local agency employees’ personal accounts and devices may be subject to the California Public Records Act (CPRA) if the records pertain to public business. In the opinion’s aftermath, many local agencies have received requests for records in public employees’ and officials’ personal email, text messaging and social media accounts.
This column answers commonly asked questions about the practical effects of the San José case on local agency practices under the CPRA. These answers offer guidance only and should not be substituted for advice from a public agency attorney.
Does San José apply to public officials or just public employees?
Most likely, San José applies to public officials in addition to public employees. The court held that “when a city employee uses a personal account to communicate about the conduct of public business, the writings may be subject to disclosure under the California Public Records Act.”2 Some have questioned whether the ruling applies to public officials because the ruling calls out only city employees. However, there’s a good reason why San José likely applies to public officials, too: The CPRA request at issue targeted, among other things, text messages on council members’ personal phones. Certainly the court was aware of the underlying facts of the case.
Moreover, the opinion is peppered with references to public officials. For example, in supporting its ruling, the court opined, “there is no indication the Legislature meant to allow public officials to shield communications about official business simply by directing them through personal accounts.” The justices also opined, “We are aware of no California law requiring that public officials or employees use only government accounts to conduct public business. If communications sent through personal accounts were categorically excluded from the CPRA, government officials could hide their most sensitive, and potentially damning, discussions in such accounts.” [Emphasis added.] As such, it would be risky for a local agency to assume that public officials are not subject to the San José ruling.
What is the process of obtaining potential public records from public officials’ and public employees’ personal accounts?
San José includes a section titled “Guidance for Conducting Searches.” In this portion of the opinion, the court emphasized that employees and officials do not lose all of their privacy rights simply because they work for a public agency. The court explained that in responding to a CPRA request for public records in personal accounts, a local agency does not need to seize computers and obtain individuals’ user names and passwords to search for public records in personal accounts and devices. Rather, local agencies are obligated to conduct searches that are “reasonably calculated” to locate responsive records and disclose records that the agencies can find with “reasonable effort.”
Like any other CPRA request, upon receiving a request for public records on individuals’ personal accounts and devices, the local agency’s custodian of records should reach out to the employees and officials who are the subject of the request. San José suggests that employees and officials may then search their own personal files, accounts and devices for responsive material.
Does San José really apply the CPRA to text messages?
In the wake of San José, some have expressed dismay that text messages on public employees’ and officials’ personal phones could be public records under the CPRA. This is understandable, as text messaging is a newer form of electronic communication. However, as mentioned earlier, the request at issue in San José targeted “emails and text messages ‘sent or received on private electronic devices used by’ the mayor, two city council members and their staffs.” Thus, text messages in an employee’s or official’s personal account or device may be subject to the CPRA if those text messages pertain to public business.
Does San José really apply the CPRA to social media accounts?
San José does not explicitly mention social media accounts like Facebook or Twitter. However, the court acknowledged that records on “other electronic platforms” could also be subject to the CPRA. For example, if a city employee or council member emails a constituent from his or her personal account about a civic center groundbreaking, for practical purposes that same correspondence should also be a public record even if the discussion occurred in a private Facebook message. In San José, the court looked past where the message resided and which electronic medium was used. Rather, if a record meets the following “factors,” it is probably a public record subject to the CPRA.
What “factors” should a local agency consider when deciding whether a record is public or personal?
The court provided local agencies with the following “factors” to consider when determining whether a document is a public document or a personal one.
Content. Does the content of the email relate in a substantive way to the conduct of the agency’s business? In San José, the court stated, “Whether a writing is sufficiently related to the public business will not always be clear. For example, depending on the context, an email to a spouse complaining ‘my co-worker is an idiot’ would likely not be a public record. Conversely, an email to a superior reporting the co-worker’s mismanagement of an agency project might well be.”
Context/Purpose. Why was the email written? Was it written to conduct the local agency’s business or further the local agency’s interest?
Audience. To whom was the email sent? Was it sent to an agency employee, official, resident, consultant, agency stakeholder, etc.? Or was the email sent to a friend or family member?
Scope. Was the email written in the individual’s capacity as an agency official or as an employee representing the agency? Or was the email written as a private individual?
Each record must be reviewed on a case-by-case basis to determine whether it is a public or personal record.
How long should public employees and officials retain public records in their personal accounts and devices?
Although the CPRA is not a record retention statute, local agency public records generally must be retained in accordance with Government Code Section 34090, which requires certain public records3to be kept for at least two years.4 The retention statutes do not provide a specific retention period for emails, texts or other forms of social media.
Now that we know public records may reside in personal accounts and devices, however, public employees and officials should be aware of their respective agencies’ records retention policies. If a public employee or official is concerned with following retention schedules for messages in personal accounts and devices, the easiest solution is not to use personal accounts and devices for public business. If that’s not possible, then public employees or officials could make a habit of forwarding public records from a personal account and device to the local agency’s server. Another solution is to courtesy copy (cc) a local agency account on the public message so that the message reaches the local agency’s server. After taking one or both of those actions (forwarding or copying the messages) the messages in the personal account and devices may be deleted. The CPRA does not require an agency to keep duplicate copies of a record.
If a local agency chooses to use an affidavit like the one the court referenced in San José,what should the affidavit contain?
In San José, the court suggested that if a public employee or official withholds documents from his or her personal account and devices, then the individual may “submit an affidavit with facts sufficient to show the information is not a ‘public record’ under the CPRA.” This practice is modeled after the federal Freedom of Information Act and a practice used in the State of Washington.
There is no consensus, however, on whether local agencies should follow this practice or how to implement it. The CPRA and San José do not require this practice. However, if a local agency decides to use an affidavit to demonstrate that it has asked employees and officials to search their personal accounts and devices, the affidavit could include the following: a description of the CPRA request, language stating that the employee or official searched his or her personal accounts and devices, and what action he or she is taking (for example, disclosing records, not disclosing records — including a description of why — or disclosing some and withholding some). The affidavit could then be filed away and produced if needed to defend the local agency in litigation or it could be provided to the requestor.
How should a local agency deal with public records in former public employees’ and officials’ personal accounts and devices?
In San José, the court noted that “an agency’s public records ‘do not lose their agency character just because the official who possesses them takes them out the door.’” This appears to be true of former public employees and officials as well. In other words, just because a former public employee or official has left with public files or has them filed in his or her personal inbox does not mean that the records lose their public character.
One way local agencies may deal with this issue is to ask a former employee or official to search his or her personal accounts and devices for public records that may have been generated when he or she was employed or in office. Of course, any record that the former employee or official generated after he or she left office would not be subject to the CPRA. Regardless of how the local agency decides to deal with the issue, the agency should be prepared to demonstrate (either to the requestor or a court or both) that it complied with San José and reasonably conducted its search by communicating the CPRA request to former officials and employees, as necessary.
How have other states, such as Washington, dealt with similar laws and case law providing that records on a public official’s or employee’s private devices or accounts may be subject to public disclosure?
Other states, like Washington, have had more time to digest the idea of public records residing in personal accounts and devices. In San José, the court relied on a case decided by the Washington Supreme Court: Nissen v. Pierce County.5 In Nissen, the court held that an elected county prosecutor’s text messages regarding work-related matters sent and received from his private cell phone could be public records. Following Nissen, additional case law is beginning to emerge, giving us a glimpse of what may eventually transpire in California.
For example, in 2016, a Washington appeals court found that under Nissen, a trial court could require an elected city council member to produce emails stored in his personal email account that were deemed city records. The trial court was also allowed to require the council member to submit an affidavit attesting to the adequacy of his search in his personal account.6 The council member had refused to provide records in his personal accounts, arguing (among other things) that he had a constitutional privacy right to personal records. Moreover, the city and council member argued that Nissen applied only to elected executive officers, not elected legislative officials. The Washington appellate court rejected those arguments.
Are public officials’ campaign-related records in their private accounts and devices subject to disclosure under the CPRA?
No. Campaign-related records in personal accounts and devices are not subject to the CPRA. State law prohibits individuals from using public resources for political purposes. Public officials may lawfully use only their personal or campaign accounts and devices for campaign purposes; such proper use of personal accounts and devices would not expose those political messages to public scrutiny under the CPRA.
 City of San Jose v. Sup. Ct. (2017) 2 Cal.5th 608.
 Id. at p. 614.
 Though there is no definition of “records” for purposes of the retention requirements applicable to local agencies, the retention requirements and the disclosure requirements of the CPRA should complement each other. Local agencies should exercise caution in deviating too far from the definition of “public records” in the CPRA in interpreting what records should be retained under the records retention statutes. See League of California Cities publication The People’s Business: A Guide to the California Public Records Act, revised April 2017, p. 67.
 Retention of special district records are governed by Government Code sections 60200 through 60203, which do not include the same two-year minimum retention as Section 34090. However, many special districts follow the general two-year retention in Section 34090 for emails.
 Nissen v. Pierce County (2015) 183 Wn2d 863.
 West v. Vermillion (2016) 196 Wn.App. 627.
Photo credit: Takom/Shutterstock.com (people on stairs); Blvdone/Shutterstock.com (woman on street)
About Legal Notes
This column is provided as general information and not as legal advice. The law is constantly evolving, and attorneys can and do disagree about what the law requires. Local agencies interested in determining how the law applies in a particular situation should consult their local agency attorneys.