When a Maine state agency's records sit on computers run by the central Office of Information Technology, who is the records custodian for FOAA requests?

Subject

Whether the Maine Office of Information Technology's policy assigning responsibility for fulfilling Freedom of Access Act requests to the agency that originated the records, rather than to OIT itself, complied with Maine's Freedom of Access Laws.

Currency note

This opinion was issued in 2009. Subsequent statutory amendments, court decisions, or later AG opinions may have changed the analysis. Treat this page as historical context, not current legal advice. Verify current law before relying on any specific rule, deadline, or remedy mentioned here.

Plain-English summary

Maine consolidated its IT operations into a central Office of Information Technology in the early 2000s. That meant data collected by other state agencies (Health and Human Services, DEP, Education, etc.) physically lived on OIT-managed servers. When someone made a Freedom of Access Act request for those records, who was supposed to respond?

OIT had a written policy answering that question: the originating agency. Section IV.B. of OIT's policy assigned the agency that "collected and used" the records the responsibility for "the scope of the search, the redaction or withholding of information, the timing and cost of production, etc." OIT cited 5 M.R.S.A. § 1982(9), which says "All data files are the property of the agency or agencies responsible for their collection and use."

Senator David Trahan asked AG Janet Mills whether this policy was overly narrow as a matter of FOAA compliance. AG Mills concluded it was not. Her reasoning:

• FOAA (1 M.R.S.A. § 408) gives the public the right to inspect public records held by "the agency or official having custody of the public record." It does not specify which agency must respond when more than one might have custody.
• Many records are non-public under § 402(3) carve-outs or confidentiality statutes. Determining the correct line between public and non-public material requires familiarity with the substantive program. The originating agency, not the IT host, has that familiarity.
• Confidentiality statutes often carry penalties for improper disclosure, and they protect third-party interests. Putting the call in the hands of the originating agency reduced the risk of incorrect disclosure.
• OIT having physical custody of records did not strip the originating agency of "custody" for FOAA purposes. Both could reasonably be viewed as having custody, and FOAA did not require OIT to take the lead.
• The provisions of 1 M.R.S.A. §§ 531-538 (InforME) deal with making information available electronically; they do not interpret FOAA.

Common questions

Q: If I send a FOAA request to OIT for an HHS file that lives on OIT servers, who has to respond?

Under the OIT policy upheld here, OIT would route the request to HHS, and HHS would handle the response (search, redaction, timing, cost). The requester might be told to address the request to HHS in the first place.

Q: Does OIT escape FOAA entirely?

No. OIT has its own records that are responsive to FOAA requests for OIT data (procurement records, internal policies, OIT email). The opinion addresses only records that originated with another agency and happen to sit on OIT systems.

Q: What if the originating agency is slow or refuses?

FOAA's enforcement provisions apply. Under § 408, a person denied access can pursue available remedies. Whether OIT is also liable for delay depends on the facts; the 2009 opinion does not directly address that.

Background and statutory framework

Maine's Freedom of Access Laws (FOAL) at 1 M.R.S.A. § 401 et seq. establish a presumption that government records are public, with specific exceptions in § 402(3) (records made confidential by statute, etc.). Section 408 sets the procedural framework: requests run through the agency or official "having custody of the public record."

The Office of Information Technology was created in 2005 (the position of Chief Information Officer is in 5 M.R.S.A. § 1982). Subsection 9 says all data files are the property of the agency that collected them, not OIT. The statute thus contemplated a hosting relationship rather than a transfer of records ownership.

InforME, the public-records electronic portal, is governed by 1 M.R.S.A. §§ 531-538. The opinion noted that InforME's mission is to make public information available; it does not interpret which agency answers a particular FOAA request.

Citations

• 1 M.R.S.A. § 402(2)(A), § 402(3), § 403(3)(A), § 408 (Freedom of Access Act core provisions)
• 1 M.R.S.A. §§ 531-538 (InforME)
• 5 M.R.S.A. § 1982(9) (CIO duties; data file ownership)

Source

• Landing page: https://www.maine.gov/legis/lawlib/lldl/agops/agops.htm
• Original PDF: https://lldc.mainelegislature.org/Open/AG/Opinions/2009/ag_20090305.pdf

Original opinion text

Best-effort transcription from a scanned PDF. Minor errors may remain — the linked PDF is authoritative.

MAINE STATE LEGISLATURE

    The following document is provided by the
   LAW AND LEGISLATIVE DIGITAL LIBRARY

at the Maine State Law and Legislative Reference Library
http://legislature.maine.gov/lawlib

Reproduced from scanned originals with text recognition applied
(searchable text may contain some errors and/or omissions)
 2009-01

                                                                                       REGIONAL OFFICES:
                                                                                       84 HARLOW ST., 2ND FLOOR
                                                                                       BANGOR. MAINE.04401
                                                                                       TEL: (207) 941-3070
                                                                                       FAX: (207) 941-3075

]ANETT. MILLS
ATTORNEY GENERAL 44 OAK STREET. 4TH FLOOR
PORTLAND, MAINE,04101-3014
TEL, (207) 822,0260
FAX; (207) 822-0259
TDD: (877) 428-8800
ST/1.TE OF MAINE
TEL: (207) 626-8800 OFFICE OF THE ATTORNEY GENERAL 14 ACCESS HJGHWAY, STE. l
TTY: 1-888-577-6690 CARIBOU, MAINE,04736
6 STATE HousE STATION TEu (207) 496-3792
AUGUSTA, MAINE 04333,0006 FAX: (207) 496-3291

                                                  March 5, 2009


 The Honorable David Trahan
 3 State House Station
 Augusta, ME 04333-0003

 Dear Senator Trahan:

       You have asked for an opinion as to wh~ther the Policy on Access to Data and
Information on State Owned Computer Devices of the Maine Office oflnformation Technology
("OIT") is in compliance with the Freedom of Access Laws ("FOAL"). In particular, you
question whether, by placing responsibility for fulfilling FOAL requests for electronic records on
the agency that generated the record, the OIT policy results in an overly nm.Tow interpretation of
the public's right to inspect records or othenvise violates the FOAL. For the reasons discussed
below, I do not believe that a court would conclude that the OIT policy violates the FOAL.

       The OIT policy addresses FOAL requests made ofOIT for data or fnformatiori that has
been collected and used by a state agency other than OIT, and describes their respective
responsibllities. For purposes of your questions, the central provision of the policy is found in_
Section IV.B., which provides:

                  State departments and agencies, as required by the Freedom of Access
                  Act, are responsible for fulfilling requests for access to public records in
                  their possession or custody, including information and data h9sted on
                  state-owned computer devices. All responses and decisions regarding the
                  production of such information or data, such as the scope of the search, the
                  redaction or withholding of information, the timing and cost of product1on,
                  etc., are the sole responsibility of the department or agency.

       The legal authority cited in support of this part of the OIT policy is 5 MRSA § 1982(9).
Section 1982 sets out the responsibilities of the OIT Director, and subsection 9 states:

                  9. Protection of infom1ation files. The Chief Informatiot1 Officer shall
                  develop rules regarding the safeguarding, maintenance and use of
                  information files relating to data pro.cessing, subject to the approval of the
                  commissioner. The office is responsible for the enforcement of those rules.
                  All data files axe the property of the agency or agencies responsible for
                  their collection and use.

Senator David Trahan
Page 2
March 5, 2009

    As you note, the FOAL provides the right to inspect and copy public records. Public

records are defined by I M.R.S.A. §402(3), and the term contains a number of exclusions,,
including records made confidential by statut.e. § 403(3)(A). The language of§ 408 states, in
relevant part, that "every person has the right to inspect and copy any public record during the
regular business hours of the agency or official having custody of the public record within a
reasonable period of time after malcing a request to inspect or copy the public record." The
procedural requirements applicable to requests for records are primarily set out in 1 M.R.S.A.
§ 408. These procedures anticipate the need for review of records prior to their being made
available for inspection in order to separate those records that are not public because they are
covered by one or more of the exclusions in§ 402(3). Redaction of non-public material may
also be approp1iate.

    The FOAL does not specify who undertakes the review of agency records r~sponsive to a

request in order to determine which are public or should be redacted to protect non-public
information. The OIT policy designates the agency that has collected the records under
5 M.R.S.A. § 1982(9) as the party responsible for conducting this review and for malcing
decisions necessary to ensure compliance with the FOAL. As a practical matter, this is the
agency that is most familiar with the documents as well as the various provisions that may apply
to make some of them non-public. Many confidentiality statutes (and other grounds for malcing
records non-public) protect the interests of third parties, and these statutes often contain penalties
for improper disclosru:e. Accurate application of confidentiality statutes protects both the
public's right to know as well as the interests of those third,parties.

    In the case of records that have been received or used by a state agency other than O IT

but which are maintained on state-ovVD.ed computers, both can reasonably be viewed as having
"custody" of the records. The fact that OIT may also have custody of another agency's records
does not prevent it from requiring that the agency take responsibility for ensuring compliance
with the FOAL. The provisions of Title 1, §§ 531-538 concern the Infonnation Resource of
Maine ("InforME") and its mission to make public information available electronically; they do
not relate to the interpretation of the FOAL.

    For these reasons, I do not believe that a court would conclude that the OIT policy

violates the FOAL. I hope t.his information is helpful.

                                           Sincerely,

                                         CJuJ--/~
                                       /;ANETT. MILLS
                                          ATTORNEY GENERAL

Cc: Senator Lawrence Bliss and Representative Charles R. Priest,
Chairs, Joint Standing C01m11ittee on the Judiciary
Richard B. Thompson, Chief Information Officer