In a major victory for transparency, the California Supreme Court ruled today that when government officials conduct public business using private email or personal devices, those communications may be subject to disclosure under the California Public Record Acts (CPRA).

In the unanimous opinion, the court overturned an appellate court ruling, writing:

CPRA and the [California] Constitution strike a careful balance between public access and personal privacy. This case concerns how that balance is served when documents concerning official business are created or stored outside the workplace. The issue is a narrow one: Are writings concerning the conduct of public business beyond CPRA’s reach merely because they were sent or received using a nongovernmental account? Considering the statute’s language and the important policy interests it serves, the answer is no. Employees’ communications about official agency business may be subject to CPRA regardless of the type of account used in their preparation or transmission.

EFF has long been concerned with the potential for officials to hide public records by using private online accounts or personal phones and computers to conduct business. In this case, activist Ted Smith was seeking records from the City of San Jose that may have been stored in personal devices or accounts. These issues have come up, not only on the local level, but federal as well—all the way up to former Secretary of State Hillary Clinton, who was embroiled in a high-profile scandal over her use of a private email server based out of her home.

EFF joined the ACLU in filing an amicus brief in this case, asking the Supreme Court to overturn an appellate court ruling in favor of the City of San Jose. As we wrote in our opening:

[The court of appeal's] holding violates both the letter and spirit of the California Public Records Act and Article I, section 3 of the California Constitution by holding that emails related to official business are outside the PRA merely because they are sent and receiving using non-governmental accounts. And the court’s reasoning would allow government officials and employees to circumvent the PRA simply by opening a new browser window and logging into a personal web-based email account as they sit at their government-owned computers. The result would be to curtail if not eliminate public access to informal emails between individual officials and employees and with industry and special interests that provide critical insight into the government operations beyond the often sanitized contents of formal memoranda and bulletins: not just what the government is doing but why it is doing it and at whose behest.

The California Supreme Court pointed out in its ruling that agencies aren’t just disembodied entities, but rather rely on human beings to prepare, retain, or use records: “When employees are conducting agency business, they are working for the agency and on its behalf.”

The court added: “The whole purpose of CPRA is to ensure transparency in government activities. If public officials could evade the law simply by clicking into a different email account, or communicating through a personal device, sensitive information could routinely evade public scrutiny.”

While government officials should not be able to use private devices to evade public scrutiny, at the same time, government employees shouldn’t have to forfeit all rights to privacy by holding public office, and their personal communications shouldn’t be subject to search every time someone files a public records request. The court seemed to take this issue into account and provided some guidance on what records on private devices would be subject to disclosure. As the Court wrote in the opinion:

We clarify, however, that to qualify as a public record under CPRA, at a minimum, a writing must relate in some substantive way to the conduct of the public’s business. This standard, though broad, is not so elastic as to include every piece of information the public may find interesting. Communications that are primarily personal, containing no more than incidental mentions of agency business, generally will not constitute public records. For example, the public might be titillated to learn that not all agency workers enjoy the company of their colleagues, or hold them in high regard. However, an employee’s electronic musings about a colleague’s personal shortcomings will often fall far short of being a “writing containing information relating to the conduct of the public’s business."

Ultimately, the Court’s message was clear: if you’re a government official conducting the public’s business, those are public records, no matter where those records are stored. Today’s decision will have wide-ranging impact on how public records are treated throughout the state, whether that’s elected officials communicating with lobbyists through Twitter direct messages or law enforcement officers exchanging controversial text messages on their personal smartphones. The case doesn’t end the discussion, though. We hope it will also trigger policy reforms within agencies to ensure that employees and officials do not use personal communications tools to conduct public business: this requirement would ultimately be the best way to ensure transparency and privacy.