Freedom of Information Advisory Council

December 1, 2008

The Freedom of Information Advisory Council (the Council) held its final meeting of 2008 in Richmond.

Subcommittee Reports

Personal Identifying Information Subcommittee: The PII Subcommittee, with the concurrence of the JCOTS SSN Subcommittee, recommended to the Council the following legislative proposals:

• Amendments to the Government Data Collection and Dissemination Practices Act (GDCDPA): Clarification that the recently enacted prohibition on collection of social security numbers without authorization would apply to the collection of all or any portion of a social security number; and extension of the implementation date of the prohibition to July 1, 2010. Currently, the prohibitions are set to become effective on July 1, 2009. However, due to the response from the social security number surveys and the immense amount of data to process and verify, it was recommended that an additional year might be necessary to thoroughly review and process all of the implementation issues.
• Concealed Handgun Permits: The PII Subcommittee voted again to recommend SB 529 as introduced in 2008 because of its belief that it reflects the proper balance between privacy and public access. The draft legislation would require the Department of State Police (DSP) to withhold from pubic disclosure permittee information submitted to the DSP for purposes of entry into the Virginia Criminal Information Network, with a limited exception for access by law-enforcement agencies. Records of the names and addresses of holders of concealed weapons permits issued by the DSP to out-of-state persons would be publicly available from DSP. Permittee records will still be open to the public at each circuit court where the permits are issued.
• Protection of Social Security Numbers in Public Records: HB 1096 would prohibit the release of social security numbers on public records, but would allow the last four digits to be released for purposes of identity verification to certain entities, such as the press, private investigators, and data aggregators. Questions were raised about allowing the last four digits to be released to the press, private investigators, and data aggregators for verification purposes, and not to the general public. This provision raised questions about the definition of a news-gathering organization as the proliferation of electronic media makes it difficult to determine. The joint subcommittees recommended reintroduction of HB 1096, but would allow anyone to receive the last four digits of a social security number for verification purposes.

Staff presented three approaches to protect the disclosure of SSNs, including the PII Subcommittee recommendation. The reason for differing approaches came as a result of questions raised during the drafting of the PII Subcommittee recommendation. First, protection of SSNs should be a separate statute and not a part of FOIA so as not to harm the underlying policy of FOIA as noted above. Secondly, entire SSNs should be treated as confidential and their release prohibited except under limited circumstances, including to law-enforcement and criminal justice agencies or pursuant to proper judicial order. The joint subcommittees voted to table further consideration of HB 1102 that would create a FOIA exemption for social security numbers.

Electronic Meetings Subcommittee: Chair Craig Fifer, reported that the subcommittee unanimously recommends draft legislation that would allow the Air Board and the Water Board to meet by electronic means provided the meeting is held in compliance with the provisions of the FOIA, specifically § 2.2-3708, except that a quorum of the respective Boards would not be required to be physically assembled at one primary or central meeting location. The draft legislation also required that discussions of the respective Boards held via such electronic communication means must be specifically limited to those matters for which the meeting was called, and no other matter of public business shall be discussed or transacted by the respective Boards.

Database Index Subcommittee: Chair Frosty Landon reported that the subcommittee met to consider the database index requirement set forth in subsection J of § 2.2-3704, and as a related matter, the statement of rights and responsibilities required under § 2.2-3704.1. The Subcommittee voted unanimously to recommend a draft that would repeal the database index requirement as it found that agencies were not complying with the requirement and the public was not inquiring about the indices. The draft would also amend the required rights and responsibilities statement to require agencies to provide a general description, summary, list, or index of the types of records it has and exemptions that may apply to those records. The new requirements would help to increase public oversight without trying to define the term "database." The new provisions could also be used by agencies to help coordinate disclosure with the required retention schedules under the Virginia Public Records Act. Mr. Landon reported that while it may entail a little more work at first, the general reaction from state agencies was supportive.

Meeting Minutes Subcommittee: Staff reported that the subcommittee recommended draft legislation that would require explicitly that meeting minutes be in writing. The recommendation is declaratory of existing law, and makes technical changes.

Action on Subcommittee Reports

• Personal Identifying Information Subcommittee: The Council voted unanimously to adopt the PII Subcommittee recommendations to amend the GDCDPA. With respect to the protection of SSNs, the Council voted to defer action on this issue because none of the approaches appeared to strike the proper balance.
• Electronic Meetings Subcommittee: The Council voted unanimously to adopt the EMeetings Subcommittee recommendation.
• Database Index Subcommittee: The Council voted unanimously to adopt the Database Index Subcommittee recommendation.
• Meeting Minutes Subcommittee: The Council had previously voted unanimously to approve the recommendation of the Subcommittee.

The Council will include draft legislation on above as part of the its legislative recommendations to the 2009 Session of the General Assembly.

Legislative Preview (Part II)

Delegate Griffith reminded the Council that Part I of the annual legislative preview was held at the October 6, 2008 meeting where the Council heard from the Virginia Economic Development Partnership Authority and the Virginia Municipal League. Delegate Griffith also reminded the Council that the purpose of the legislative preview was not to take action on any particular proposal, but instead to bring the issues to light so that resolution of them might be achieved before Session.

William Watt, Policy and Planning Specialist, Department of the Treasury, advised the Council of the need for a FOIA exemption for the Commonwealth's agency risk management and internal control standards assessments. Mr. Watt explained that the proposal is a result of the Comptroller's directive to implement an annual assessment of agency internal control systems in order to provide reasonable assurances of the integrity of all fiscal processes related to the submission of transactions to the Commonwealth's general ledger and stewardship over the Commonwealth's assets. The concern was that if internal controls were known, they could be defeated at the risk of the Commonwealth's assets.

The Council then heard from Sandy McNinch of the Virginia Economic Development Authority (VEDP) concerning expansion of the current record exemption for economic development to include certain business retention information. Ms. McNinch reported that there was agreement that business retention information should be protected; however, there was disagreement on how to accomplish it. She advised that VEDP prefers the draft option that does not require the "earmarking" of proprietary documents upon submission as it is impracticable in the fast paced economic development setting. Craig Merritt, representing VPA, reported that VPA favored the earmarking provision and suggested that to address VEDP's concerns that earmarking would slow down the economic development process VEDP would not be required to make a written determination of which records would be protected. VEDP responded that this suggestion did not change their position. All parties agreed to continue to work to find a compromise.

James G. Council on behalf of the Prince William County School Board discussed with the Council the School Board proposed legislation to exempt from FOIA records relating to the school system's electronic visitor identification system. He explained that the system was capable of taking government identification and scanning it into a database which captures name, address, SSN, date of birth, and other personal information. He stated that the system was beneficial to the schools because they could cross check this information with sexual predator registries, for example. Craig Merritt, representing VPA, advised the Council that FOIA already covered protection of security systems and that the collection of other personal information was not essential to the school security mission. He suggested that this issue be given to the PII Subcommittee for further examination.

The Council then heard from Mark Flynn of the Virginia Municipal League (VML) concerning the expansion of the exemption for complainant information related to zoning violations found at subdivision 10 of § 2.2-3705.3 to also provide protection for individual building code and fire prevention code complaints. He noted that there had been some compromise with the VPA. Craig Merritt on behalf of VPA explained that the compromise made the proposal better, but not good. VPA opposes the exemption on the basis that there should be no anonymous "snitching" on neighbors.

Other Business

Mr. Fifer proposed that the FOIA rights and responsibilities statement currently required for state public bodies under § 2.2-3704.1 be expanded to apply to local public bodies. Mr. Fifer requested the Council to take action on his proposal. After public comment that this issue had not been vetted, the Council by consensus agreed to appoint a subcommittee to work on this issue in 2009. Staff distributed the executive summary for the Council's 2008 annual report to the Governor and the General Assembly, and requested that any revisions be submitted in a timely fashion.

Chairman:
The Hon. H. Morgan Griffith

For information, contact:
Maria Everett, Executive Director
Alan Gernhardt, DLS Staff

Privacy Statement | Legislative Services | General Assembly