The Office of Open Records (OOR) recently issued an email notice to agency open records officers in response to inquiries about a number of appeals related to Right to Know requests that originated with the FOIA Buddy website.
What is FOIA Buddy
FOIA Buddy purports to offer a service to “simplify the process of requesting public records.” It appears that one can submit records requests via the website for free, or on a subscription basis. In recent months, many school entities have received multiple requests from one or two individuals via the site. It is not clear whether the two names associated with the requests are pseudonyms. The address for response is a FOIA Buddy domain email address and a PO Box. The requests are often misdirected and duplicated to schools rather than the open records officer and tend to be vague and/or repetitive.
The OOR Notice
The OOR notice recommended that public entities review their policies regarding the acceptance and processing of anonymous RTK requests. Notably, RTKL states that public agencies “may” respond to verbal, written or anonymous verbal or written requests for access to records. This provision allows agencies discretion whether to respond to anonymous requests.
Another section of RTKL requires written requests to include the name and address to which the agency should address its response. When the name and/or address are incomplete, the request may be deemed anonymous. OOR determinations have found requests to be anonymous when the requester fails to provide a last name and have analyzed whether a full mailing address must be provided to establish whether the requester is a legal resident to which a response is required.
OOR indicated that their review of appeals from requesters using FOIA Buddy will include a determination whether the requester is a “valid requester.” If so, the agency will be given the usual opportunity to provide information about its initial response or denial, as well as applicable exemptions.
Cyber Security Concerns
The current spate of requests from the FOIA Buddy platform reference staffing, budget and other details of school cyber systems. RTKL exempts from disclosure, records regarding computer hardware, software and networks, including administrative or technical records, which, if disclosed, would be reasonably likely to jeopardize computer security. If responsive public records exist, they must be provided. However, schools should carefully review responsive records to determine whether redaction is needed to protect cybersecurity.
Bottom Line For Schools
We echo the recommendation that schools review and revise their RTK policy from time to time as issues are redefined by legal precedents. Schools that receive requests via FOIA Buddy should continue to review and process them with the assistance of counsel as deemed necessary. The attorneys at KingSpry will continue to monitor these issues.
