Many companies find themselves in the position of voluntarily sharing some of their most sensitive data and other confidential information with state and local governments. For example, this type of information-sharing may occur in the pursuit of a public-private partnership, or in the course of soliciting business from a government agency. The type of information shared runs the gamut from highly sensitive trade secrets to proprietary methods of doing business and may include employee names, addresses, and telephone numbers as well as confidential financial information.
In many instances, the business personnel assigned to a particular project may simply assume that marking the documents as “Confidential” or “Exempt from the FOIA or Public Records Disclosure” or with some other similar label means just that: the records will invariably remain confidential and forever exempt from disclosure by the state or municipal agency that possess them. As we discuss below, however, this is a misconception that can leave companies vulnerable to public disclosure of their proprietary information.
Over the last decade, the number of FOIA and PRA requests submitted to state and local governments has increased exponentially. For example, the city of Lakewood, WA – a small municipality of just 60,000 residents – has reported receiving 1,200 FOIA/PRA requests in 2018 alone, and over 2,500 more since then. This is by no means an outlier.
While many FOIA/PRA requests are made by concerned citizens who seek information about a discrete matter of interest, others are not. A growing number of requestors seek access to a much wider array of information in the government’s possession, including public-private contracts, bid data, and other information that a company may deem sensitive or proprietary. And a claim of confidentiality or “trade secret” alone may not exempt the record from governmental disclosure.
Problematically, more sophisticated record requesters are using state FOIA/PRA laws to troll for data to support lawyer-driven class action lawsuits and to probe for sensitive data provided by competitors. In the past, it was generally difficult to know of the existence of these types of records because they were sensitive and therefore not “advertised.” But a more recent trend, and one that we expect will only continue to grow, is for state and local governments to provide public-facing indices of documents in their possession and routinely post pending government actions on their websites and social media. These new processes make it easier for requestors with whatever motives to identify records they want to pursue.
Every company doing business in the United States knows that differences in state and local regulation are as varied as state and local governments themselves. This is no less true when it comes to FOIA/PRA laws.
Using the “trade secrets” exemption as an example, most states follow the Uniform Trade Secrets Act to determine whether certain information is, in fact, a trade secret. And while most state laws exempt trade secret information from a FOIA/PRA request in one form or another, most courts have interpreted the trade secret FOIA/PRA exemption quite narrowly. One such statute explains why this is (see Revised Code of Washington, 42.56.030):
The people of this state do not yield their sovereignty to the agencies that serve them. The people, in delegating authority, do not give their public servants the right to decide what is good for the people to know and what is not good for them to know. The people insist on remaining informed so that they may maintain control over the instruments that they have created. This chapter shall be liberally construed and its exemptions narrowly construed to promote this public policy and to assure that the public interest will be fully protected. In the event of conflict between the provisions of this chapter and any other act, the provisions of this chapter shall govern.
For these reasons, labeling a document “Confidential” or “Exempt from the FOIA or Public Records Disclosure” alone will be generally insufficient to prevent disclosure unless the records fall within a recognized FOIA/PRA exemption. The government official charged with analyzing a FOIA/PRA request, and the court that may be called to assess whether the government official’s decision was correct, will generally look beyond labels and decide “ties” in favor of disclosure. This is especially true in those states where erroneously withholding information, even in good faith, means the requester may recover attorney’s fees and a per page penalty from the governmental entity.
While labels alone will often not suffice to block disclosure in response to a FOIA/PRA request, there are some things companies can do to protect their most sensitive information. We encourage companies to consider this list in light of the particular local and state laws that govern records requests, as a tailored approach may be needed in different jurisdictions.
Through these and other thoughtful practices, companies can better balance their interest in information-sharing with governmental partners and clients with protection of sensitive information about their business and their employees.