The California State Bar is not required to engage in the significant work of anonymizing data from its bar admissions database that would be needed to release that information to the public while still protecting individual applicants’ privacy, a state appellate court ruled August 23 (Sander v. State Bar of California).
The amount and type of work needed to ensure an appropriate level of anonymity would constitute the creation of new records, the court held, a duty not imposed by California’s Public Records Act.
The case is a continuation of an attempt by the First Amendment Coalition, an organization that advocates government transparency, to use the Act to gain access to admissions database records from the bar.
The bar resisted the Coalition’s request, but a 2013 California Supreme Court decision held that the public had an interest in the disclosure of those records and that the bar has a duty to produce them if it could do so while protecting applicants’ privacy. The court then remanded the case for a lower court to answer those questions.
On remand, the parties debated whether the information sought by the coalition—applicants’ race or ethnicity, law school grades, performance on bar exam, law school graduation, and transfer years—would allow individual applicants to be identified through the piecing together of their information, even if individually-identifying information such as names and Social Security Numbers were removed from each record.
In order to protect the identity of the applicants, the document-seeking plaintiffs proposed several fairly complicated data handing regimens, including physically limiting access to data and using detailed data manipulation, segmentation, and statistical techniques to assure no individuals could be identified from the combination of their different data points.
After a trial court rejected the petitioners’ claims on the grounds that the level of work proposed by the petitioners in order to allow the disclosure of the database records would require the creation of new records, the petitioners appealed and the case went back up to the state Court of Appeals for the 1st Division, which issued a decision in favor of the bar.
The court agreed with the bar that the release of the data in a way which would protect the anonymity of the applicants would require the bar to create new records, a duty not imposed by the Public Records Act. “We have found no cases addressing proposals for data manipulations as complex as those proposed by Petitioners,” Judge Peter Siggins wrote.
The significant recoding of the original information, the creation of new data classes, and the creation of physical enclaves where the information could be accessed in a restricted fashion required the bar to create new records or take other extraneous steps not contemplated by the Act. Thus, the bar had no duty to take those actions.
Although state agencies could, at times, be required to program or manipulate records in order to remove identifying information for release, Judge Siggins wrote that “segregating and extracting data is a far cry from requiring public agencies to undertake the extensive manipulation or restructuring of the substantive content of a record such as Petitioners propose here.”
“Certainly, they have not identified any instances in which courts have compelled a public agency to undertake programming that would assign new or different values to existing data, replace groups of data with median figures or variables, and collapse and band data into newly defined categories.”
Having rejected the proposals of the petitioners, the court upheld the denial of their petition.