FREEDOM OF INFORMATION COMMISSION
OF THE STATE OF CONNECTICUT
| In the Matter of a Complaint by | FINAL DECISION | ||
| Stephen Whitaker, | |||
| Complainant | |||
| against | Docket #FIC 2008-391 | ||
|
Diane Wallace, Chief Information Officer, State of Connecticut, Department of Information Technology; State of Connecticut, Department of Information Technology; and Commissioner, State of Connecticut, Department of Public Works, |
|||
| Respondents | May 27, 2007 | ||
The above-captioned matter was heard as a contested case on September 30, 2008, at which time the complainant and the Department of Information Technology (hereinafter “DOIT”) appeared, stipulated to certain facts and presented testimony, exhibits and argument on the complaint. Following the close of the hearing, the DOIT respondents submitted additional documents as exhibits. This matter was continued to November 25, 2008, at which time the complainant and the DOIT respondents appeared, stipulated to certain facts and presented testimony, exhibits and argument on the complaint. On December 1, 2008, the Commissioner of the Department of Public Works (hereinafter “DPW”) was added as a party, pursuant to §1-210(d), G.S. This matter was continued to December 30, 2008, at which time the complainant and all the respondents, appeared, stipulated to certain facts and presented testimony, exhibits and argument on the complaint.
After consideration of the entire record, the following facts are found and conclusions of law are reached:
1. The respondents are public agencies within the meaning of §1-200(1), G.S.
2. It is found that by email dated May 5, 2008, the complainant renewed his original October 12, 2007 request to the respondent Chief Information Officer of the Department of Information Technology for copies of the following information:
a. “All Geographic Information Systems (GIS) coverages, geodatabases, shapefiles, attribute tables, etc. created or acquired by the [respondent DOIT]. This includes any or all the orthophotography in both compressed (.sid) format as well as the uncompressed images, all oblique angle photography, false color infrared imagery, DTM/DEM files, all of the thematic (layers) coverages and feature classes, including parcels, hydrography, roads, public lands, parks, cemeteries, etc. as well as all associated attribute information;”
b. “…all metadata (documentation) associated with these coverages, geodatabases and shapefiles and a list of all available data including those which may be exempt for reasons of public safety or environmental protection. All data requested is to be the most current and updated as close as possible to the date of delivery, yet may also include prior datasets which have since been superseded;”
c. “…any programs, macros, map display templates, web display templates, style sheets etc, prepared with public funds and written for the purposes of display and analysis of this GIS data;” and
d. “…any programs, necessary for viewing and display of the GIS data, including those programs or program modules, required for testing the underlying data and scenario assumptions. For example: for the purposes of estimating road, train, and marine capacity, for human and pet evacuation time windows for tidal wave, radiological plume dispersion or toxic spills, to the extent that those applications, are used, planned or anticipated for use and analysis with the GIS data.”
(Hereinafter “the requested records”).
3. It is found that, by email dated May 7, 2008, DOIT’s chief information officer replied to the complainant’s May 5, 2008 email described in paragraph 2, above, by stating that she asked DOIT’s general counsel to “look into this matter and get back to the [complainant] promptly to address [his] concerns.”
4. It is found that, by letter dated May 8, 2008, DOIT’s general counsel responded to the complainant’s May 5, 2008 email described in paragraph 2, above, by stating that, “at the time the [complainant] made [his] original request the information that [he] requested was not in a form that could be released.” DOIT’s counsel also stated that organizing and categorizing the requested records had “turned out to be a very time consuming task,” however, the information was now gathered. DOIT’s counsel further stated that DOIT forwarded the requested records to DPW for a review for security issues. Such letter also indicated that Tele Atlas North America, Inc., a state of Connecticut contractor and licensor of portions of the requested records, was also contacted to determine if Tele Atlas considered such records exempt under the Freedom of Information (hereinafter “FOI”) Act.
5. By email dated and filed June 6, 2008 with attached amended complaint, the complainant appealed to the Commission, alleging that DOIT violated the FOI Act by failing to comply with his May 5, 2008 renewed request described in paragraph 2, above. The complainant also alleged that DOIT did not comply with §1-211(c), G.S., “despite testimony in [Docket #FIC2007-091], such that timely access to the requested records could be provided in accordance with law.” The complainant further requested that a civil penalty be ordered against DOIT for withholding all nonexempt records.
6. Section 1-200(5), G.S., provides:
“Public records or files” means any recorded data or information relating to the conduct of the public's business prepared, owned, used, received or retained by a public agency, or to which a public agency is entitled to receive a copy by law or contract under section 1-218, whether such data or information be handwritten, typed, tape-recorded, printed, photostated, photographed or recorded by any other method.
7. Section 1-210(a), G.S., states in relevant part:
Except as otherwise provided by any federal law or state statute, all records maintained or kept on file by any public agency, whether or not such records are required by any law or by any rule or regulation, shall be public records and every person shall have the right to…receive a copy of such records in accordance with section 1-212.
8. Section 1-211(a), G.S., provides in relevant part:
Any public agency which maintains public records in a computer storage system shall provide, to any person making a request pursuant to the Freedom of Information Act, a copy of any nonexempt data contained in such records, properly identified, on paper, disk, tape or any other electronic storage device or medium requested by the person, if the agency can reasonably make such copy or have such copy made. Except as otherwise provided by state statute, the cost for providing a copy of such data shall be in accordance with the provisions of section 1-212.
9. Section 1-211(c), G.S., further provides:
On and after July 1, 1992, before any public agency acquires any computer system, equipment or software to store or retrieve nonexempt public records, it shall consider whether such proposed system, equipment or software adequately provides for the rights of the public under the [FOI] Act at the least cost possible to the agency and to persons entitled to access to nonexempt public records under the [FOI] Act.
10. It is found that DOIT maintains the requested records and that such records are public records within the meaning of §§1-200(5), 1-210(a), and 1-211(a), G.S.
11. At the September 30, 2008 hearing on this matter, the complainant contended that the respondents still had not provided him with any of the requested records described in paragraph 2, above, nor did the respondents provide a reasonable explanation for their delay and failure in complying with such request. The complainant also claimed that respondents’ exhibits 2 and 3 were available at the time of his requests described in paragraph 2, above, and that such exhibits contain or reference metadata and documentation within the scope of his requests. The complainant further reiterated his claim that the respondents demonstrably failed to comply with §1-211(c), G.S. The complainant also raised specific concerns about the claims of the contractor and licensor, Tele Atlas North America, Inc. (hereinafter “Tele Atlas”), that all of its GIS data, in all formats was proprietary.
12. The DOIT respondents contended that after their contractors completed loading and testing all geographic information system (hereinafter “GIS”) data into DOIT’s geographic information database system (hereinafter “GEMS”), DOIT gathered the requested records from GEMS and sent such records to DPW for a safety risk review pursuant to the provisions of §1-210(d), G.S. The respondent DPW claimed that their delay in reviewing the records was due to lack of familiarity with GIS data, limited staffing, agency workload and difficulty in coordinating the schedules of other state agency personnel necessary to assist in the safety risk review of the requested records.
13. At the time of the complainant’s May 5, 2008 request for copies of records, §1-210(d), G.S., provided, in relevant part:
Whenever a public agency … receives a request from any person for disclosure of any records described in subdivision (19) of subsection (b) of this section under the Freedom of Information Act, the public agency shall promptly notify the Commissioner of Public Works of such request, in the manner prescribed by such commissioner, before complying with the request as required by the Freedom of Information Act … If the commissioner, after consultation with the chief executive officer of the applicable agency, … believes the requested record is exempt from disclosure pursuant to subdivision (19) of subsection (b) of this section, the commissioner may direct the agency to withhold such record from such person…
[Emphasis added.]
14. With respect to the complainant’s allegation that the respondents failed to provide him with the requested records, it is found that as of the September 30, 2008 hearing in this matter, the respondents had not provided the complainant with any of the requested records.
15. It is found that prior to the development of GEMS, a GEMS project steering group was assembled to oversee the entire GEMS development process, which included interviewing various state agencies about their data, identifying data to be included in GEMS, and coordinating with the GIS contractor, ESRI, Inc. and subcontractor, Applied Geographics, Inc., (hereinafter “contractors”) on when to begin extracting, transforming, loading, and testing data into GEMS.
16. It is found that at the time of the complainant’s original October 12, 2007 request to DOIT, GIS data was still being “extracted, transformed, and loaded” into DOIT’s GEMS database system by the contractors. It is also found that the contractors completed loading and testing the GEMS data in January 2008. It is further found that after loading such data, the contractors provided DOIT with a report (exhibit 3) cataloguing the 2.7 terabytes of GIS information contained in GEMS and gathered from various state agencies. In addition, it is found that GEMS data was then accessible to DPW online.
17. It is found that in November 2007, DOIT contacted the GEMS project steering group about the complainant’s October 12, 2007 request and identifying data in GEMS that would be responsive to such request. It is also found that once GEMS was completed in January 2008, DOIT’s director of security (hereinafter “DOIT’s director”) notified DPW’s director of safety and security (hereinafter “DPW’s director”) about the complainant’s request, by telephone and by email as early as January 2008. It is further found that DOIT’s director assisted DPW’s director by identifying and clarifying the complainant’s request and by providing DPW with a March 31, 2008 email with attached catalogue of the GEMS data (exhibit 3). In addition, it is found that after March 31, 2008, DOIT’s director continued to check on the status of the safety risk review by regularly contacting DPW’s director through September 2, 2008.
18. It is therefore found that DOIT’s director promptly notified DPW before complying with the complainant’s request, within the meaning of §1-210(d), G.S.
19. As for the complainant’s claim that respondents’ exhibits 2 and 3 reference or contain metadata available at the time of the complainant’s requests described in paragraph 2, above, §1-206, G.S., provides in pertinent part that:
“(a) Any denial of the right to inspect or copy records provided for under section 1-210 shall be made to the person requesting such right by the public agency official who has custody or control of the public record, in writing, within four business days of such request, except when the request is determined to be subject to subsections (b) and (c) of section 1-214, in which case such denial shall be made, in writing, within ten business days of such request. Failure to comply with a request to so inspect or copy such public record within the applicable number of business days shall be deemed to be a denial.
(b)(1) [a]ny person denied the right to inspect or copy records under section 1-210…may appeal therefrom to the [FOI] Commission, by filing a notice of appeal with said commission. A notice of appeal shall be filed within thirty days after such denial….”
[Emphasis added.]
20. It is found that by email dated October 22, 2007, DOIT’s general counsel responded to the complainant’s original October 12, 2007 request.
21. It is found that the notice of appeal in this matter, dated and filed on June 6, 2008, was filed more than thirty days after October 22, 2007.
22. It is therefore found that a complaint was not timely filed within the jurisdiction time prescribed in §1-206(b)(1), G.S., with respect to the original October 12, 2007 request.
23. Accordingly, it is concluded that the Commission lacks subject matter jurisdiction as it relates to the complainant’s original October 12, 2007 request.
24. It is found, however, that exhibits 2 and 3 reference or contain metadata available at the time of the complainant’s May 5, 2008 renewed request to the respondents DOIT.
25. It is found that exhibit 2 is an email dated November 8, 2007 that references an attachment entitled “Data set2.xls,” which was submitted as exhibit 9 and created in response to the complainant’s original October 12, 2007 request. Such attachment contained a collection of GIS data and information provided by the GEMS project steering group shortly after DOIT contacted the group as described in paragraph 17, above.
26. It is also found that exhibit 3, dated January 7, 2008 and entitled “GEMS Geodatabase Metadata and Data Loading Information,” is a hard copy of a report which contains a catalogue of information loaded into GEMS by the contractors.
27. It is found that at the time of the request in this matter, DOIT had already identified, compiled and sent a catalogue of the requested records to DPW for a safety risk review on March 31, 2008.
28. Based on the facts and circumstances in this case, it is found that there was reasonable delay on the part of DOIT in complying with the complainant’s request described in paragraph 2, above. It is therefore concluded that the respondents DOIT did not violate the FOI Act by withholding such records from the complainant pending DPW’s safety risk review.
29. With respect to the complainant’s claims as they apply to DPW, it is found that DOIT’s director met with DPW’s director on March 3, 2008 and July 22, 2008, to discuss the requested records in greater detail. It is also found that, at the March 3, 2008 meeting, DPW’s director affirmed that it would conduct the safety risk review of the requested records and then provide DOIT with a response as to what records were disclosable to the complainant. By email dated March 31, 2008, DOIT provided DPW’s director with all documents related to the complainant’s request, as described in paragraph 17, above.
30. It is found that there were various causes for the delay in completing the safety risk review of the requested records. DPW’s director testified that some delay was in part due to his lack of understanding and familiarity with the GIS data in GEMS. DPW’s director also testified that while he is an expert in safety and security issues, it was necessary for him to review exhibit 3 with representatives from the source and custodial state agencies who were knowledgeable about the voluminous amount of data contained in GEMS.
31. It is found that DPW’s director contacted and scheduled meetings with state personnel from source and custodial agencies familiar with the GEMS data, including DOIT, the Department of Emergency Management and Homeland Security, the Department of Developmental Services, the Department of Public Health, and the Department of Environmental Protection (hereinafter “DEP”). It is also found that DPW’s director had some difficulty coordinating and scheduling meetings with such state personnel. DPW’s director testified that while it took him some time to coordinate the requisite meetings with source and custodial agencies, it was necessary in order to complete the safety risk review of the requested records.
32. It is found that DPW had preceding priorities and responsibilities ranging from safety and security emergencies at state facilities to other FOI requests requiring safety risk reviews. DPW’s director also testified that he had no staff to assist him in conducting safety risk reviews related to various FOI requests.
33. At the November 25, 2008 hearing on the matter, DPW’s director testified that the safety risk review was completed and that ninety-nine percent (99%) of the records described in paragraph 2, above, would be releasable to the complainant. DPW’s director also testified that a letter detailing the conclusions of the safety risk review was drafted for delivery to DOIT and would likely be signed later that day.
34. It is found that upon receipt of DPW’s completed safety risk review letter, DOIT could likely have the requested records to the complainant within one week.
35. It is found, however, that DPW had not provided DOIT with a safety risk review letter until December 29, 2008, a day before the final hearing in this matter.
36. It is found that while there may have been exigent circumstances that delayed DPW’s ability to complete the safety risk review concerning the complainant’s request, the record fails to provide reasonable bases for the extent of delay. It is found that DPW’s security risk review identified and adequately supported data entitled “Environmental Ground Water Well” as a safety risk under §1-210(b)(19), G.S. It is also found that GEMS contained a considerable amount of data. While it is found that a miscommunication occurred between DOIT and DPW as to their roles with respect to the safety risk review, the respondent DPW failed to provide a reasonable cause for seven months of delay, after which, DPW’s review resulted in identifying one category of data deemed to be a safety risk.
37. Based on the facts and circumstances in this case, it is found that DPW’s delay in preparing the safety risk review for delivery to DOIT was unreasonable and delayed DOIT from complying with the complainant’s request described in paragraph 2, above. It is therefore concluded that the respondents DPW violated the FOI Act by not promptly responding to DOIT’s request for the safety risk review of such records.
38. The complainant next contends that the respondents did not comply with §1-211(c), G.S., despite DOIT’s testimony in Docket #FIC2007-091.
39. The Commission takes administrative notice of its records and files in Docket #FIC 2007-091, Stephen Whitaker v. Director State of Connecticut, Department of Information Technology (Nov. 14, 2007); and Docket #FIC 2007-514, Stephen Whitaker v. Commissioner, State of Connecticut, Department of Environmental Protection; Commissioner, State of Connecticut, Department of Public Works; and Pictometry International Corp. (Sep. 3, 2008). The Commission concluded in both dockets that §1-211(c), G.S., requires only that the respondents consider whether a proposed system, equipment or software adequately provides for the rights of the public under the FOI Act at the least cost possible to the agency and to persons entitled to access to nonexempt public records under the FOI Act. In Docket #FIC 2007-091, the Commission found that the respondent DOIT adequately considered FOI rights when acquiring the same computer system at issue in this matter. Therefore, the Commission declines to address the complainant’s §1-211(c), G.S., claim herein.
40. As to the complainant’s requests described in paragraph 2, above, as it pertains to GIS data, particularly imagery data related to Connecticut roads, licensed to DOIT by Tele Atlas, it is found that by email dated May 15, 2008, Tele Atlas claimed all its data, in all formats, as proprietary.
41. In Docket #FIC 2007-514, the Commission concluded that the respondent DEP violated the disclosure requirements of the FOI Act by failing to provide the complainant with copies of the licensed GIS imagery data provided by a state GIS contractor for use by DEP. While Docket #FIC 2007-514 is the subject of a pending appeal in Superior Court, such decision has the effect of law until overruled by a Connecticut Court. Therefore, it is found that requested records in this matter containing licensed GIS imagery data are also subject to public disclosure because the Commission has previously concluded that imagery data of this type is not exempt from disclosure as proprietary.
42. It is also found that the respondent DPW failed to prove that any of Tele Atlas’s data is exempt as a trade secret under §1-210(b)(5), G.S.
43. Under the facts and circumstances of this case, the Commission declines to consider the imposition of civil penalties against the respondents.
The following order by the Commission is hereby recommended on the basis of the record concerning the above-captioned complaint:
1. The complaint is dismissed with respect to the respondents DOIT. The Commission, however, urges DOIT to promptly provide the complainant with a copy of all non-exempt records described in paragraph 2, of the findings, above, on an external hard drive provided by the complainant at the complainant’s cost, if DOIT has not already done so.
2. The Commission is not persuaded that the respondent DPW’s response time in conducting the safety risk review in this matter was reasonable. The Commission, however, cautions the respondent DPW to be more mindful of the technical requirements of the FOI Act when conducting such safety risk reviews. In this regard, the Commission urges the respondent DPW to reasonably minimize the time within which it provides a prompt response to state agencies seeking a security risk review of public records.
Approved by Order of the Freedom of Information Commission at its regular meeting of May 27, 2009.
________________________________
Petrea A. Jones
Acting Clerk of the Commission
PURSUANT TO SECTION 4-180(c), G.S., THE FOLLOWING ARE THE NAMES OF EACH PARTY AND THE MOST RECENT MAILING ADDRESS, PROVIDED TO THE FREEDOM OF INFORMATION COMMISSION, OF THE PARTIES OR THEIR AUTHORIZED REPRESENTATIVE.
THE PARTIES TO THIS CONTESTED CASE ARE:
Stephen Whitaker
15 East Putnam Avenue, Suite 311
Greenwich, CT 06830
Diane Wallace, Chief Information Officer,
State of Connecticut, Department of
Information Technology; and State of
Connecticut, Department of Information
Technology
c/o Charles H. Walsh, Esq.
Assistant Attorney General
55 Elm Street
Hartford, CT 06106
Commissioner, State of
Connecticut, Department of Public Works
c/o Charles H. Walsh, Esq.
Assistant Attorney General
55 Elm Street
Hartford, CT 06106
___________________________________
Petrea A. Jones
Acting Clerk of the Commission
FIC/2008-391FD/paj/5/29/2009