Ezel / AG Opinions / ND
ND 2023-O-08 2023-11-20

Does a North Dakota agency violate the open-records law if a citizen's email request never reached the agency because it was filtered out as spam?

Short answer: No. Three state entities did not violate the open-records law when they failed to respond to emailed records requests they never received: the emails were quarantined by state IT security filters as suspected spam and deleted after thirty days. Once the agencies were notified through the AG's complaint process, they searched and produced what they had.
Disclaimer: This is an official North Dakota Attorney General opinion. AG opinions are persuasive authority but not binding precedent. This summary is for informational purposes only and is not legal advice. Consult a licensed North Dakota attorney for advice on your specific situation.
About this page: The plain-English summary, reader guidance, and Q&A below were written by Ezel based on the official AG opinion. The original opinion (linked at the bottom of this page, or PDF in the sidebar) is the authoritative source for any reliance.
View original AG opinion (PDF)

Plain-English summary

Karen Jordan sent records requests by email to the Governor's Office, the North Dakota Department of Agriculture, and the North Dakota Information Technology department (NDIT) over the summer of 2022. None of the three responded, and she eventually filed a complaint with the Attorney General.

When the AG's office contacted the agencies, all three discovered the same problem: Mrs. Jordan's emails had never reached an inbox. NDIT traced the issue to a network-level spam filter that quarantines suspected malicious senders for thirty days, then deletes the messages. The same filter served the Governor's Office and the Agriculture Department. Once notified, the agencies searched for responsive records: the Governor's Office and Agriculture Department had none; NDIT found one and produced it.

The AG concluded that none of the three agencies violated the open-records law. The statute requires response only after receipt of a request. When the technical failure was identified, the agencies acted promptly.

What this means for you

Citizens who never received a response to an email records request

The opinion holds that the open-records duty under N.D.C.C. § 44-04-18 is triggered only upon receipt of the request. Where an email was quarantined by state IT security filtering and never reached the agency, the opinion treats the agency as not in violation.

North Dakota state agencies

The opinion concludes that none of the three entities (Governor's Office, Agriculture Department, NDIT) violated the open-records law because they did not receive the requests and acted promptly once they were notified through the AG complaint process. The opinion notes that NDIT's filtering quarantines suspected malicious senders for 30 days and then deletes the messages.

NDIT and similar IT operations

The opinion describes the NDIT filter as a network-level security measure protecting the State's email system from malicious senders. It does not opine on filter design, but the agencies' diligent forensic work after the complaint surfaced was part of the basis for finding no violation.

Requesters and recordkeepers generally

The opinion confirms that under § 44-04-18(4), a public entity has no duty to "create or compile a record that does not exist" and only has to search the records in its possession. Two of the three agencies had no responsive records; NDIT found one and produced it.

Common questions

Q: Does the open-records law penalize an agency for emails it never saw?
A: No. The statute's clock starts when the agency receives the request. If a request never reaches the agency, no violation has occurred. The AG's analysis here turned on the documented technical reason the emails were dropped and the agencies' prompt action once they learned of the issue.

Q: What is N.D.C.C. § 44-04-18(2)?
A: It is the basic obligation: a public entity must provide "one copy" of a public record when properly requested. The duty is triggered by receipt; without receipt there is nothing to respond to.

Q: Did any of the three agencies have responsive records?
A: The Governor's Office and the Agriculture Department reported they had no responsive records. NDIT found one record and produced it after the complaint surfaced the original request.

Q: How long did the quarantined emails stay around?
A: Thirty days, then they were automatically deleted under the state IT system's standard policy. By the time the AG's office got involved, the original messages had been purged from the quarantine.

Q: What did the agencies do once they learned of the requests?
A: The opinion describes the Governor's Office and Agriculture Department searching for and confirming no responsive records, and NDIT searching, finding one responsive record, and providing it to the requester. NDIT also corrected its filtering so Mrs. Jordan's future emails would reach the agencies.

Background and statutory framework

North Dakota's open-records law requires public entities to provide "one copy" of public records on request, and to respond within a reasonable time, under N.D.C.C. § 44-04-18. The statute does not impose a duty to respond to messages that never arrive: the duty kicks in on receipt. Agencies may not deliberately avoid receipt to dodge the law, but legitimate technical interception (spam filtering, network security blocking) is not a violation in itself.

The opinion treats this as a question of intent and diligence. The agencies did not "intentionally ignore" Mrs. Jordan's request. Once put on notice through the AG complaint, they searched, produced what they had, and corrected the filtering issue so future emails would reach the right inboxes.

Citations and references

Statutes:
- N.D.C.C. § 44-04-18 (Access to public records; reasonable time)
- N.D.C.C. § 44-04-18(2) (Duty to provide one copy)
- N.D.C.C. § 44-04-18(4) (No duty to create or compile records)
- N.D.C.C. § 44-04-21.1 (Request for AG opinion procedure)

Source

Original opinion text

Best-effort transcription from a scanned PDF. Minor errors may remain — the linked PDF is authoritative.

STATE OF NORTH DAKOTA

OFFICE OF ATTORNEY GENERAL

www.attorneygeneral.nd.gov
(701) 328-2210

Drew H. Wrigley
ATTORNEY GENERAL

OPEN RECORDS AND MEETINGS OPINION
2023-O-08

DATE ISSUED: November 20, 2023

ISSUED TO: Office of the Governor
North Dakota Department of Agriculture
North Dakota Information Technology

CITIZEN'S REQUEST FOR OPINION

Karen Jordan requested an opinion from this office under N.D.C.C. § 44-04-21.1 asking whether the Office of the Governor (Governor's Office), the North Dakota Department of Agriculture (Agriculture Department), and the North Dakota Information Technology department (NDIT) violated N.D.C.C. § 44-04-18 by failing to respond to requests for records.

FACTS PRESENTED

On June 28, 2022, Karen Jordan sent an email to the Governor's Office requesting records and received no response. On July 19, 2022, she made a request for records to the Agriculture Department and received no response. On August 10, 2022, she requested records from NDIT by emailing Shawn Riley, who was the CIO at the time.

ISSUE

Whether the Governor's Office, the Agriculture Department, and the NDIT violated the open records law by failing to respond to requests for records.

ANALYSIS

The North Dakota open records law provides that a public entity must provide "one copy" of a specific public record when requested. The public entity must either provide or deny the record in a reasonable time. A public entity does not have to "create or compile a record that does not exist" and only has to search the records in its possession.

The Governor's Office, the Agriculture Department, and the NDIT were not aware that Mrs. Jordan requested records from them until this office asked them to reply to her complaint. Upon hearing from our office, the agencies searched their email accounts for her request and also for the records she had requested. The Governor's Office and the Agriculture Department did not have responsive records. NDIT found a responsive record and provided it to Mrs. Jordan.

When searching for Mrs. Jordan's email to NDIT's then CIO, Shawn Riley, NDIT discovered that her email was filtered out of the inbox because CIO Riley had email rules set up to control the number of spam messages coming into his inbox. Based on research done by NDIT on behalf of the Governor's Office, it appears Mrs. Jordan's emails were not received because they were being filtered out by the security measures put in place for the State's IT network to block senders of malicious emails. This means that the emails are quarantined for 30 days and then are deleted. The Agriculture Department is also on the NDIT system, so the same security measures were in place for their emails.

Neither the Governor's Office, the Agriculture Department, nor the NDIT intentionally ignored the request by Mrs. Jordan for records. Every mode of communication has vulnerabilities. Once detected, the systems were corrected to allow Mrs. Jordan to email the Governor's Office, the Agriculture Department, and the NDIT.

CONCLUSION

Neither the Governor's Office, the Agriculture Department, nor the NDIT violated the open records law when they failed to respond to a request for records that they did not receive.

Drew H. Wrigley
Attorney General

cc: Karen Jordan