Can a public water utility release customer-usage data after stripping out names, or is the data itself confidential?
Plain-English summary
State Representative Shad Pierce asked the AG a clean statutory-construction question. The Arkansas FOIA exemption at A.C.A. § 25-19-105(b)(20)(A) protects "personal information" of current and former customers of public water systems and municipally owned utility systems. The exemption lists, "without limitation," four kinds of records: home and mobile phone numbers, personal email addresses, home and business addresses, and customer-usage data.
Pierce's question: if a custodian wants to release the customer-usage data, can the custodian just redact the customer's name and address (the identifying information), or is the usage data itself blocked even after deidentification?
The AG answered: the usage data itself is blocked. The reasoning is statutory: each item on a "without limitation" list is given independent effect. The General Assembly listed customer-usage data as its own line item, not as a sub-element of identifying information. Reading the statute to allow disclosure of usage data after redaction would erase the customer-usage-data line item entirely, because deidentified usage data would just collapse into the personal-information exemption that requires identification.
The Question 2 answer is moot. Pierce had asked, "If the custodian can make those redactions, is the custodian obligated to make them?" Since the answer to Question 1 is no, the custodian cannot, so the obligation question goes away.
Why this matters for cities and utilities. Public water systems and municipally owned utilities receive FOIA requests fairly often. Journalists ask about water usage to investigate drought response or large irrigation. Researchers ask about consumption patterns. Watchdogs ask about specific accounts. The default approach of "redact the name and release the rest" is not a permitted approach for customer-usage data under § 25-19-105(b)(20)(A). The data must be withheld even when no individual customer is identifiable in the released file.
The deeper takeaway: Arkansas treats customer-usage data as confidential in itself, like other utility-account-detail records. The privacy concern is not just identification; it is the data pattern.
What this means for you
Records custodians at public water systems and municipally owned utilities
When you receive a FOIA request for customer-usage data:
1. Decline to release the usage data even if the requester offers to accept a deidentified version.
2. Cite A.C.A. § 25-19-105(b)(20)(A) and this opinion (Op. 2023-024).
3. Distinguish customer-usage data from aggregate-level data. Aggregate statistics (total system consumption, average per-customer consumption across the entire system, monthly system flow) are not "customer-usage data" of any particular person. Aggregate stats are typically not exempt.
If your data system can generate true aggregates (no possibility of reverse-identification), you can release those. The line is whether the data ties to one or more identifiable customers' actual usage.
City attorneys advising utility custodians
Document the FOIA-response policy in writing. Train custodians to recognize customer-usage-data requests and to apply the exemption. The exemption applies even when the requester offers to take redacted records.
If a requester challenges the denial, the legal posture is strong: the AG has explicitly opined that deidentification does not cure the exemption.
Journalists and researchers seeking utility data
You will not get individual or sub-aggregated customer-usage data through Arkansas FOIA. The exemption is robust. Alternatives:
- Request aggregate-level data (system-wide totals, sector-wide averages).
- Request policy and operational records (drought response plans, billing policies, conservation programs).
- For specific account information, the customer (subject of the records) can authorize release. So if a story is about one named individual or business with their consent, the request goes through them.
- For research, partner directly with the utility under a research agreement that imposes confidentiality. Some utilities have data-sharing programs for academic research.
- For comparative analysis, look to federal or state aggregate datasets (USGS Water Use Compilations, EPA SDWIS, state water plans).
FOIA requesters generally
Arkansas treats utility-customer privacy aggressively. The water-and-utility customer-usage-data exemption is one of several "without limitation" personal-information exemptions in the FOIA. If you are denied a customer-usage request, the denial is likely correct; do not assume the custodian is overreaching.
For other categories of records, "without limitation" lists are common in Arkansas FOIA. The principle of independent effect (each item gets its own protection) extends across the statute.
Data analysts working for cities
If you are running internal analyses on usage data, your work is fine: the exemption is about disclosure to outsiders, not internal use. But be careful about (a) sharing with consultants without an NDA, (b) producing reports that include customer-level data (those reports would themselves be FOIA-exempt only as long as the underlying data remains exempt), and (c) data-sharing agreements with state agencies or research institutions.
Customers asking for their own data
You are entitled to your own usage data on request, since you are the subject of the records. The exemption protects your privacy, not the utility from you.
Common questions
My utility company is a private corporation, not municipal. Does this opinion apply?
No. The exemption in § 25-19-105(b)(20)(A) covers public water systems and municipally owned utility systems. Private utilities are not subject to Arkansas FOIA at all (the FOIA covers public entities). Private-utility customer data is governed by other privacy law (state and federal consumer privacy statutes, contract terms, regulatory requirements).
What about my own usage data?
You can ask your utility for your own usage records. The privacy exemption protects your information from release to others, not from you.
Can the utility release aggregate statistics?
Yes, generally. Aggregate, system-wide data that cannot be tied to individual customers is not "customer-usage data" of any one person. Utilities can publish total consumption, system-wide trends, and similar statistics.
Can a researcher get access under a confidentiality agreement?
The FOIA does not provide a research-access path. But a utility may have its own data-sharing program for research, separate from the FOIA framework. Ask the utility directly.
What if the request is for my neighbor's usage and I claim "transparency interest"?
The exemption is robust. Generic transparency claims do not enable customer-usage data. Specific compelling-public-interest tests do not apply to this exemption (those tests apply to other categories under the FOIA).
Does this apply to electric, gas, or sewer service from a municipal utility?
Yes, if the utility is a municipally owned utility system. The exemption covers all customer-usage data of such systems, not just water.
Can the city council ask the utility for usage data?
The city council, as the governing body of the city that owns the utility, is generally entitled to internal data for governance purposes. This is internal use, not FOIA-disclosure. Council members should still avoid disclosing the data to constituents or the public outside the FOIA framework.
Background and statutory framework
Arkansas FOIA at A.C.A. § 25-19-105 generally requires public records to be open. Section (b) lists exemptions, including (b)(20)(A) for personal information of customers of public water systems and municipally owned utility systems. The exemption text protects personal information "including without limitation" the four enumerated categories: phone numbers, email addresses, addresses, and customer-usage data.
The statutory-construction rule applied in this opinion (every item must be given effect) traces back to Arkansas Parole Board v. Johnson, 2022 Ark. 209, and is a settled principle of Arkansas law. As the AG quoted from Scalia & Garner's Reading Law: "If possible, every word and every provision is to be given effect. None should be ignored. None should needlessly be given an interpretation that causes it to duplicate another provision or to have no consequence."
If the General Assembly had wanted customer-usage data to be released after redaction of identity, it could have placed customer-usage data on a different list (or written the personal-information exemption differently). Placing customer-usage data alongside other identifying information in the same "without limitation" list confirms that the data itself is independently exempt.
A separate AG framework applies to other categories of records (employee personnel records, employee evaluation records, FOIA-related opinions about disclosure decisions). Those frameworks are not addressed by this opinion.
Citations
- A.C.A. § 25-19-105(b)(20)(A) (customer information of public water and municipal utilities)
- Arkansas Parole Board v. Johnson, 2022 Ark. 209, 654 S.W.3d 820 (statutory construction principle that every provision should be given effect)
- Antonin Scalia & Bryan A. Garner, Reading Law: The Interpretation of Legal Texts 174 (West 2012)
Source
Original opinion text
Opinion No. 2023-024
June 12, 2023
The Honorable Shad Pierce
State Representative
40 Harris Trail
Batesville, Arkansas 72501
Dear Representative Pierce:
You have requested my opinion regarding the exception for customer-usage data to the Arkansas Freedom of Information Act (FOIA) in the following instances:
Question 1: Upon request for customer-usage data, can a custodian redact identifying information of customers so that the records can be disclosed without violating this exception?
Brief response: No, under the FOIA, customer-usage data itself, even when deidentified, is exempt from disclosure.
Question 2: If the custodian can make those redactions, is the custodian obligated to make the redactions?
Brief response: This question is moot because of my response to Question 1.
DISCUSSION
A document must be disclosed in response to a FOIA request if all three of the following elements are met. First, the FOIA request must be directed to an entity subject to the act. Second, the requested document must constitute a public record. Third, no exceptions allow the document to be withheld.
For purposes of this opinion, I am assuming the custodian referenced in your questions works for a public water system or municipally owned utility system, as those are the two entities referenced in the exception for customer-usage data. I am also assuming the information requested from the custodian constitutes a public record. Thus, the first two elements are met, and I will turn to your questions regarding the exception for customer-usage data.
Question 1: Upon request for customer-usage data, can a custodian redact identifying information of customers so that the records can be disclosed without violating this exception?
The text of the FOIA excludes customer-usage data from disclosure even if other identifying information is removed. The exception for customer-usage data is part of a broader exception for all personal information of former and current customers of public water systems and municipally owned utility systems. To maintain customer privacy, the personal-information exception lists certain customer records that are excluded "without limitation:" (1) home and mobile phone numbers, (2) personal email addresses, (3) home and business addresses, and (4) customer-usage data. Each part of the personal-information exception must be given effect. Because the General Assembly listed customer-usage data separately, redacting the customer-usage data to remove other identifying information does not affect this part of the exception.
Question 2: If the custodian can make those redactions, is the custodian obligated to make the redactions?
This question is moot because of my response to Question 1.
Assistant Attorney General Jodie Keener prepared this opinion, which I hereby approve.
Sincerely,
TIM GRIFFIN
Attorney General