STRIKING A BALANCE BETWEEN PUBLIC INTEREST OF
TRANSPARENCY OF GOVERNMENT AND THE PRIVACY
OF PERSONAL IDENTIFICATION AND SECURITY
INFORMATION: AN EXAMINATION OF TRIBUNE-REVIEW
PUBLISHING CO. V BODACK
I. INTRODUCTION
Pennsyivanians generally want the government to work
properly and to be free from corruption. They also generally want
to know how tax dollars are spent and how efficiently the
government works. The Right-to-Know Law provides access to
state government public records to any individual or entity that
properly requests them. ' The purpose of this law is to give a level
of transparency to the inner workings of the state government.^
However, this right to access public records could lead to the
inadvertent disclosure of important personal identification and
security information of innocent, private citizens.
Under the Right-to-Know Act, the state court system took
responsibility for determining not only what fits into the definition
of a "public record," but also whether the public interest in the
information outweighs the possible " 'impairment of a person's
reputation or personal security' " by the disclosure of that
information.^ Because, historically, Pennsylvania courts have
broadly interpreted the public record definition, individuals are at a
' Right-to-Know Law, 65 PA. STAT. ANN. §§ 67.101- .1102 (West Supp.
2009). The Right-to-Know Law completely overhauled public records access in
Pennsylvania, effective January 1, 2009. Id. §67.101. However, this act only
applies to requests for public records after December 31, 2008. Id. § 67.3101. So
any case pending with a request for information prior to December 31, 2008,
should be decided under the former Right-to-Know Act. The implications of the
revised Right-to-Know Law are discussed in the evaluation section. See infra pt.
IV.
' Pa. State Univ. v. State Employees' Ret. Bd. {Penn State), 935 A.2d 530,
533 (Pa. 2007) (citing Sapp Roofmg Co. v. Sheet Metal Workers' Int'l Ass'n,
Local Union No. 12, 713 A.2d 627, 629 (Pa. 1998)).
^ Id. at 538 (quoting § 66.1(2), repealed by Right-to-Know Law, 65 PA.
STAT. ANN. §67.102 (West Supp. 2009)) (citing Goppelt v. City of Phila.
Revenue Dep't, 841 A.2d 599, 603-04 (Pa. Commw. Ct. 1998)).
577
578 WiDENER LAW JOURNAL [Vol. 19
greater risk of having personal identification and security
information released to the public; and therefore, the courts have
been forced to carefully balance the competing interests of the
public and of the private individual.'*
This survey will examine how Pennsylvania courts have
attempted to achieve a balance between the public's interest in the
transparency of government and the private individual's interest in
the confidentiality of personal identification and security
information. Part II examines the case law prior to Tribune-Review
Publishing Co. v. Bodaclê as well as the development of the
exception to the required disclosure of information in public
records. Part III discusses Tribune-Review Publish.
Interactive Powerpoint_How to Master effective communication
STRIKING A BALANCE BETWEEN PUBLIC INTEREST OFTRANSPARENCY OF.docx
1. STRIKING A BALANCE BETWEEN PUBLIC INTEREST OF
TRANSPARENCY OF GOVERNMENT AND THE PRIVACY
OF PERSONAL IDENTIFICATION AND SECURITY
INFORMATION: AN EXAMINATION OF TRIBUNE-REVIEW
PUBLISHING CO. V BODACK
I. INTRODUCTION
Pennsyivanians generally want the government to work
properly and to be free from corruption. They also generally
want
to know how tax dollars are spent and how efficiently the
government works. The Right-to-Know Law provides access to
state government public records to any individual or entity that
properly requests them. ' The purpose of this law is to give a
level
of transparency to the inner workings of the state government.^
However, this right to access public records could lead to the
inadvertent disclosure of important personal identification and
security information of innocent, private citizens.
Under the Right-to-Know Act, the state court system took
responsibility for determining not only what fits into the
definition
of a "public record," but also whether the public interest in the
information outweighs the possible " 'impairment of a person's
reputation or personal security' " by the disclosure of that
information.^ Because, historically, Pennsylvania courts have
broadly interpreted the public record definition, individuals are
at a
2. ' Right-to-Know Law, 65 PA. STAT. ANN. §§ 67.101- .1102
(West Supp.
2009). The Right-to-Know Law completely overhauled public
records access in
Pennsylvania, effective January 1, 2009. Id. §67.101. However,
this act only
applies to requests for public records after December 31, 2008.
Id. § 67.3101. So
any case pending with a request for information prior to
December 31, 2008,
should be decided under the former Right-to-Know Act. The
implications of the
revised Right-to-Know Law are discussed in the evaluation
section. See infra pt.
IV.
' Pa. State Univ. v. State Employees' Ret. Bd. {Penn State), 935
A.2d 530,
533 (Pa. 2007) (citing Sapp Roofmg Co. v. Sheet Metal
Workers' Int'l Ass'n,
Local Union No. 12, 713 A.2d 627, 629 (Pa. 1998)).
^ Id. at 538 (quoting § 66.1(2), repealed by Right-to-Know Law,
65 PA.
STAT. ANN. §67.102 (West Supp. 2009)) (citing Goppelt v.
City of Phila.
Revenue Dep't, 841 A.2d 599, 603-04 (Pa. Commw. Ct. 1998)).
577
578 WiDENER LAW JOURNAL [Vol. 19
greater risk of having personal identification and security
3. information released to the public; and therefore, the courts
have
been forced to carefully balance the competing interests of the
public and of the private individual.'*
This survey will examine how Pennsylvania courts have
attempted to achieve a balance between the public's interest in
the
transparency of government and the private individual's interest
in
the confidentiality of personal identification and security
information. Part II examines the case law prior to Tribune-
Review
Publishing Co. v. Bodaclê as well as the development of the
exception to the required disclosure of information in public
records. Part III discusses Tribune-Review Publishing Co. in
more
depth and examines the facts, procedural history, and the
Supreme
Court of Pennsylvania's rationale and holding. In part IV, the
ramifications and future impact of the Tribune-Review
Publishing
Co. decision is examined in light of prior case law as well as
new
legislation. Finally, a brief conclusion follows in part V.
11. BACKGROUND
Transparency is a key concept that is necessary for democracy
to work. In order for there to be transparency in government,
the
public needs to have access to public records.^ The Sunshine
Act,
combined with the Right-to-Know Act, was meant to provide
some
transparency to the inner workings of the government. The
4. Sunshine Act was enacted based on the following government
findings:
[t]he right of the public to be present at all meetings of
agencies and to witness the deliberation, policy formulation
and decisionmaking of agencies is vital to the enhancement and
proper functioning of the democratic process and that secrecy
in public affairs undermines the faith of the public in
" See Tribune-Review Publ'g Co. v. Bodack, 961 A.2d 110, 114
(Pa. 2008)
(citing Penn State, 935 A.2d at 533-34).
^ Id
^ See generally 65 PA. CONS. STAT. § 702(b) (2006).
' Id.; Penn State, 935 A.2d at 533 (citing Sapp Rooftng Co., 713
A.2d at
629) (explaining the purpose of the Right-to-Know Law).
2010] PENNSYLVANIA ADMINISTRATIVE LAW 579
government and the public's effectiveness in fulfilling its role
in a democratic society.̂
The Right-to-Know Law provides access to state public
records^ for "examination and inspection,"'*' allowing private
citizens to serve as a watchdog over state government.
However,
there are concems about the risk to individuals whose personal
identification information is contained within the disclosed
public
records."
5. In Pennsylvania State University v. State Employees'
Retirement Board {Penn State), the Supreme Court of
Pennsylvania dismissed the appellants' argument that a person's
right to privacy should bar the disclosure of certain
information.'^
The court stated that the Right-to-Know Act protects "the
' 65 P A . C O N S . S T A T . § 702(a). The Sunshine Act goes
on to "declare[] it to
be the public policy of this Commonwealth to insure the right of
its citizens to
have notice of and the right to attend all meetings of agencies at
which any
agency business is discussed or acted upon." Id. § 702(b).
' A public record is defined as:
Any account, voucher or contract dealing with the receipt or
disbursement of
funds by an agency or its acquisition, use or disposal of services
or of
supplies, materials, equipment or other property and any
minute, order or
decision by an agency fixing the personal or property rights,
privileges,
immunities, duties or obligations of any person or group of
persons:
Provided, That the term "public records" shall not mean any
report,
communication or other paper, the publication of which would
disclose the
institution, progress or result of an investigation undertaken by
an agency in
the performance of its official duties, except those reports filed
by agencies
pertaining to safety and health in industrial plants; it shall not
6. include any
record, document, material, exhibit, pleading, report,
memorandum or other
paper, access to or the publication of which is prohibited,
restricted or
forbidden by statute law or order or decree of court, or which
would operate
to the prejudice or impairment of a person's reputation or
personal security, or
which would result in the loss by the Commonwealth or any of
its political
subdivisions or commissions or State or municipal authorities of
Federal
funds, excepting therefrom however the record of any
conviction for any
criminal act.
65 PA. STAT. ANN. § 66.1(2) (West 2000), repealed by Right-
to-Know Law, 65
PA. STAT. ANN. § 67.102 (West Supp. 2009).
'° Id. § 66.2, repealed by Right-to-Know Law, 65 PA. STAT.
ANN. § 67.102
(West Supp. 2009).
" Times Publ'g Co. v. Michel, 633 A.2d 1233, 1237-38 (Pa.
Commw. Ct.
1993).
'' Penn State, 935 A.2d at 538.
580 WiDENER LAW JOURNAL [Vol. 19
individual's right to privacy by excluding from the defmition of
7. 'public record' 'any record . . . which would operate to the
prejudice
or impairment of a person's reputation or personal security.' "'^
Courts have historically interpreted this exclusion from the
definition as the creation of an exception to the disclosure rule
of
the Right-to-Know Act.''* Pennsylvania courts have now
embarked
on the path to determine just what qualifies under this exception
and what it means to the overall disclosure of public records.
In Sapp Rooflng Co. v. Sheet Metal Workers' International
Ass'n, Local Union No. 12, the Supreme Court of Pennsylvania
examined whether payroll records of a private contractor, which
were turned over to a school board while performing work for
the
district, would be considered public records and, if they were,
whether the information contained within those records would
qualify under the security exception.'^ "The records . . .
contain[ed] the names . . . addresses . . . social security
numbers,
job positions, rates of pay and hours worked" of the Sapp
employees working for the school board.'^ The court held that
the
payroll records qualified as public records "because they . . .
evidence [d] a disbursement [of public funds] by the school
district."'^ The court reasoned that even though the records
would
not be public records if held solely by Sapp Roofing Co., the
records became part of the public record when they were turned
over to the school board, because the records were instrumental
in
the relationship between Sapp Roofing and the school board.'^
The court found that the asserted public interest in the
requested information, the enforcement of the Prevailing Wage
8. Act, was unpersuasive.'^ The court believed that the public
interest
'̂ Penn State, 935 A.2d at 538 (quoting 65 PA. STAT. ANN. §
66.1(2)).
'" Id. (citing Goppelt v. City of Phila. Revenue Dep't, 841 A.2d
599, 603-
04 (Pa. Commw. Ct. 2004)).
'̂ Sapp Roofing Co. v. Sheet Metal Workers' Int'l Ass'n, Local
Union No.
12, 713 A.2d 627, 628 (Pa. 1998). The payroll records had to be
turned over to
the school board so that the board could comply with the
Prevailing Wage Act.
Id. (citing Prevailing Wage Act, 43 PA. STAT. ANN. §§ 165-1
to -17 (West
2009)).
"Id
''^ Id ai 629.
"Id
'^ Id at 630.
2010] PENNSYLVANIA ADMINISTRATIVE LAW 5 81
in the information would do little to help enforce the Prevailing
Wage Act.'̂ *' The court used a balancing test between "the
public
interest in disclosure of the information . . . [and] the
individual's
right to privacy and personal security."^' In this particular case,
there was little evidence to show that the public had much of an
9. interest in the disclosure of the information; therefore, the only
information that the court allowed to be disclosed was the
payroll
information, not the personal identification and security
information.^^
In Penn State, the Supreme Court of Pennsylvania dealt with a
request for the release of information about various
Pennsylvania
State University employees, including the famed football coach
and professor Joe Patemo.^^ The information was held by the
State
Employees' Retirement System (SERS), the state agency that
manages the retirement benefits of state employees.̂ "* While
the
University itself was not subject to full public record disclosure
requirements under the Right-to-Know Law,̂ ^ when its
employees
choose to take advantage of the state retirement system their
information becomes part of SERS records, which are subject to
disclosure under the Right-to-Know Law.̂ ^ The court held that
the
public had an interest in the information, which includes
"names,
service history and salaries," so far as the information was
"necessary to justify all guaranteed disbursements from the
fund."^^ Salary information was allowed because it "is not so
personal and inextricably linked to a person's identity as to
threaten
one's personal security."^^ The court went on to specify that its
Sapp Roofing Co., 713 A.2d at 630.
" Pa. State Univ. v. State Employees' Ret. Bd. {Penn State), 935
A.2d 530,
532 (Pa. 2007).
10. "^ Id at 532-33 (citing 71 PA. CONS. STAT. § 5102 (2006)).
" Id. at 533 (citations omitted). But see 65 PA. STAT. ANN. §§
67.1501 -
.1503 (West Supp. 2009). "State related" schools, such as
Pennsylvania State
University, are now subject to limited disclosure requirements
under the Right-
to-Know Law. Id §§ 67.1501-.1503.
'^ Penn State, 935 A.2d at 533.
" Id at 534.
'' Id. (quoting Pa. State Univ. v. State Employees' Ret. Bd., 880
A.2d 757,
767 (Pa. Commw. Ct. 2005)).
582 WiDENER LAW JOURNAL [Vol. 19
holding did not include "information pertinent to an individual's
personal security such as addresses, telephone numbers, or
social
security numbers."^^
The Supreme Court of Pennsylvania emphasized that the
definition of a public record should be "broadly construed" and
that the meaning of "account" in the public record definition
extends to anything that bears a close connection to any
statutory
category included in the defmition of public record.^° The court
also emphasized the fact that University employees avail
themselves of the services offered by SERS, and therefore it is
necessary for SERS to maintain proper records of the
11. relationship
between itself and University employees.'" The University tried
to
claim that the records were not considered public records
because
they were not "created by a public agency," but the court
deemed
this argument immaterial.^^
In order for information to be disclosed it must be considered
relevant to the public interest asserted, which may vary based
on
the type of information requested.''^ While names, service
records,
and salaries might be considered relevant to the public's interest
in
ensuring that SERS performs properly, "one's social security
number, telephone number or . . . address" is hardly relevant. '̂*
The
court again applied " 'a balancing test, weighing privacy
interests
and the extent to which they may be invaded, against the public
benefit which would result from disclosure.' "̂ ^ An "
'intrinsically
harmful' analysis" would offer an alternative for determining
whether the information should be disclosed or withheld.
However, the court stated that, while the intrinsically harmful
''^ Penn State, 935 A.2d at 534.
^̂ Id. (citing La Valle v. Office of Gen. Counsel, 737 A.2d 330,
332 (Pa.
Commw. Ct. 1999)).
'' Id at 535.
^' Id. (citing Tribune-Review Publ'g Co. v. Dep't of Cmty. &
Econ. Dev.,
12. 859 A.2d 1261 (Pa. 2004)).
" Id at 539.
'Ud
'^ Penn State, 935 A.2d at 541 (quoting Times Publ'g Co. v.
Michel, 633
A.2d 1233, 1239 (Pa. Commw. Ct. 1993)).
^̂ Id. (quoting Moak v. Phila. Newspapers, Inc., 336 A.2d 920
(Pa.
Commw. Ct. 1975), abrogated by Penn State, 935 A.2d 530).
2010] PENNSYLVANIA ADMINISTRATIVE LAW 583
nature of the disclosure may be considered in the balancing test,
it
"may not be regarded as the sole determining factor."''^
III. ANALYSIS
In Tribune-Review Publishing Co., the Supreme Court of
Pennsylvania held, after applying a balancing test, "that . . .
telephone numbers must be redacted from the telephone bills
prior
to public disclosure of those bills under the Right-to-Know
Act."^^
This case stemmed from a request made by "[t]he Tribune-
Review
Publishing Company and Andrew Conte, a journalist [for the
publication]," to acquire "itemized billing records for cellular
telephones" purchased with taxpayer funds.''̂ The phones were
"purchased by the City of Pittsburgh . . . and issued to City
Council
13. members Leonard Bodack and Barbara Bums."''^ The
information
sought by the appellants included "the telephone numbers of
both
incoming calls to and outgoing calls from each phone, the time
of
each call, and the duration and cost of each call" between
January
1, 2002, and August 1, 2003, as well as a record of "which calls
were personal calls for which the council members had
reimbursed
the City.""'
The city denied the request, claiming that:
(1) the records were excludable under the Right-to-Know Act
because they contained private telephone numbers, which, if
revealed, could potentially result in danger to the owners of the
telephone numbers and/or danger that persons would be
reluctant to contact the City regarding local problems; and (2)
such bills were not, in general, public records subject to the
Right-to-Know Act because the council members had
reimbursed the City for their cellular telephone '̂
After the city issued its denial, the appellants appealed to the
Court of Common Pleas of Allegheny County, which ordered
the
" Penn State, 935 A.2d at 541.
^' Tribune-Review Publ'g Co. v. Bodack, 961 A.2d 110, 118
(Pa. 2008).
^ ' M at 111-12.
""W. at 112.
"Id
14. 584 WiDENER LAW JOURNAL [Vol.19
information to be released.'*^ The appellees, in turn, appealed
the
order to release the information to the Commonwealth Court of
Pennsylvania.'*'* The commonwealth court reversed, holding
"that
the telephone bills did not fall within the defmition of 'public
record.' "'^
The Commonwealth Court of Pennsylvania found that the
telephone bills fell under the defmition of public record because
the bills were considered " 'account[s or] voucher[s] . . . dealing
with the receipt or disbursement of funds by an agency.' . . .
However, [the court found that] the disclosure of [the bills] . . .
could compromise the privacy" of those individuals whose
telephone numbers appeared on the bills."*^ The court really
prohibited the disclosure of the bills with the telephone numbers
on
them, not necessarily the disclosure of the cellular telephone
bills
in some alternative form."*̂
When reviewing the commonwealth court's decision on
appeal, the Supreme Court of Pennsylvania focused on two main
issues."*^ First, do "itemized cellular telephone bills" fall under
the
defmition of a public record? and second, "[d]o the personal
security and privacy exceptions in the Right-to-Know Act create
legal defenses to access that need not be supported with
substantial
evidence?"'*^ The court emphasized that the defmition of public
record is broadly construed, putting heavy meaning on the word
"̂ Tribune-Review Publ'g Co., 961 A.2d at 112 (citing 65 PA.
15. STAT. ANN.
§ 66.4(b) (West 2000), repealed by Right-to-Know Law, 65 PA.
STAT. ANN.
§§ 67.301-.304 (West Supp. 2009) (containing the former
appeals procedure)).
""Id
"*' Id. (citing 65 PA. STAT. ANN. § 66.1, repealed by Right-to-
Know Law,
65 PA. STAT. ANN. § 67.102 (West Supp. 2009)).
"̂ Id. at 112-13 (quoting 65 PA. STAT. ANN. § 66.1, repealed
by Right-to-
Know Law, 65 PA. STAT. ANN. §67.102 (West Supp. 2009))
(discussing
Tribune-Review Publ'g Co. v. Bodack, 875 A.2d 402, 407-08
(Pa. Commw. Ct.
2005)).
"' Id at 113 (discussing Bodack, 875 A.2d at 407-08).
"^/i/. at 114.
•*' Tribune-Review Publ'g Co., 961 A.2d at 114. The court was
very
specific when it stated "cellular telephone" because the
commonwealth court
drew a distinction between traditional telephones and cellular
phone in its
rationale. Id. at 113 (quoting Bodack, 875 A.2d at 407). This
aspect of the
opinion is discussed later in part III. See infra pt. IIL
2010] PENNSYLVANIA ADMINISTRATIVE LAW 585
16. "any."^° Additionally, the word "account," within the definition
of
public record, " 'is to be broadly construed for the benefit of the
public, encompassing, at minimum, the [agency's] financial
records of debit and credit entries, as well as monetary receipts
and
disbursements.' " '̂ When looking at the definition of a public
record broadly, the supreme court found that the commonwealth
court correctly determined that, "in general terms," the cellular
telephone bills are considered a public record.^^
The court also held that the lower court correctly recognized
that the public record definition contains some exceptions for
records which, if disclosed, " 'would operate to prejudice or
impair[] . . . a person's reputation.' "̂ ^ Traditionally,
" 'Pennsylvania courts have interpreted this reputation and
personal
security exception as creating a privacy exception to the [Right-
to-
Know Act's] general disclosure rule.' "^"^ The court found that,
in
order "to determine whether the privacy exception should"
apply to
records, the questions to be examined were " 'whether the
records
requested would potentially impair the reputation or personal
security of another, and whether that potential impairment
outweighs the public interest in the dissemination of the records
at
issue.' " ^ These two questions essentially create a balancing
test
between the personal security interest in preventing the
disclosure
of information and the public interest in knowing the
information.
17. The party asserting that the information falls under the
definition of a public record has the burden of proof ^̂
However, if
^' Tribune-Review Publ'g Co., 961 A.2d at 114 (emphasis
omitted) (citing
Pa. State Univ. v. State Employees' Ret. Bd. {Penn State), 935
A.2d 530, 533
(Pa. 2007)).
' ' Id. at 114 (quoting Penn State, 935 A.2d at 534).
'^ Id. The city tried to claim that, since the agency was
reimbursed for the
private phone calls, the records were no longer part of the
public record. Id.
However, the court determined that this "does not change the
fact that" at some
point public funds were disbursed to pay the bills, which makes
them part of the
public record. Id. at 114-15.
" Id. at 115 (quoting 65 PA. STAT. ANN. § 66.1 (West 2000),
repealed by
Right-to-Know Law, 65 PA. STAT. ANN. § 67.102 (West Supp.
2009)).
^̂ Id. (quoting Penn State, 935 A.2d at 538).
" Id. (emphasis omitted) (quoting Penn State, 935 A.2d at 538).
'* Tribune-Review Publ'g Co., 961 A.2d at 115 (citing
Uniontown
Newspapers, Inc. v. Roberts, 839 A.2d 185, 189 n.l (Pa. 2003);
Tribune-Review
18. 586 WiDENER LAW JOURNAL [Vol. 19
the burden is met, the party attempting to withhold the
information
has the burden of proving it meets an exception.^^ In this
particular
case, the appellants claimed they met their burden of proving
that
the information was a public record but that the appellees failed
to
meet their burden.^^ The court disagreed with the appellants'
argument that evidence of specific security and privacy concems
had to be presented in order for an exception to apply, stating
that
"we have never held that the requisite balancing test is utilized
only after the agency has established, through particular and
item-
specific evidence, that the challenged information in an
otherwise
public record defmitively meets one of the exceptions set forth"
in
section 66.1 of the Pennsylvania Public Officers Code.^^
The court went on to explain former precedent:
[I]f anything, our case law has recognized that there are certain
types of infonnation whose disclosure, by their very nature,
would operate to the prejudice or impairment of a person's
privacy, reputation, or personal security, and thus intrinsically
possess a palpable weight that can be balanced by a court
against those competing factors that favor disclosure.*"
The court looked to previous rulings involving similar
information and found that, historically, the court has stated
19. that
the very nature of such information may result "in a threat to [a
person's] privacy, reputation, or personal security" if
disclosed.^'
The lower court emphasized the fact that the bills were for
cellular telephones rather than traditional telephones.^^ While
at
Publ'g Co. V. Westmoreland County Hous. Auth., 833 A.2d 112,
115 (Pa.
2003)).
" Id. (citing Uniontown Newspapers, Inc., 839 A.2d at 189 n . l
;
Westmoreland County Hous. Auth., 833 A.2d at 115).
^' Id. The appellants claimed that the appellees did not show
that any
person whose number appeared on the bills would suffer harm
by the disclosure
of the bills except for one person who called Bodack to
complain about potential
drug trafficking. Id.
^' Id. (citing 65 PA. STAT. ANN. § 66.1 (West 2000), repealed
by Right-to-
Know Law, 65 PA. STAT. ANN. § 67.102 (West Supp. 2009)).
''" Id. at 115-16 (emphasis omitted).
^'W. at 117.
^' Tribune-Review Publ'g Co., 961 A.2d at 113 (quoting
Tribune-Review
Publ'g Co. V. Bodack, 875 A.2d 402, 407 (Pa. Commw. Ct.
20. 2005)).
2010] PENNSYLVANIA ADMINISTRATIVE LAW 587
first this distinction might seem minimal, the lower court noted
that on traditional telephone bills only the telephone numbers of
the people called appear on the caller's bill because the person
being called is not charged for receiving the phone call.̂ ^
However, because of the nature of cellular telephones, people
pay
for airtime when they call someone and when someone calls
them;
therefore, both incoming and outgoing telephone numbers
appear
on the bill.̂ '* An unknowing public citizen may not realize that
he
or she has placed a call to a cellular phone and, therefore,
unwittingly disclosed his or her private telephone number in a
public record.^^
The court also examined the lower court's reasoning that a
person's reputation could be harmed by disclosure of these
records.^^ A public official could easily misdial, reaching a
person
whose reputation would be harmed by any connection to that
official.^^ The lower court reasoned that it was not enough to
just
weigh the benefit of the information being disclosed, but that
the
rights of innocent private citizens needed to be considered as
well.^^ Additionally, there are security interests to be
considered
for those vigilant private citizens who call public officials to
report
21. various concerns, including concerns about possible drug
trafficking (as was the case for one of the phone numbers on the
bills in question).^^
" Tribune-Review Publ'g Co., 961 A.2d at 113 (quoting Bodack,
875 A.2d
at 407).
*" Id. (quoting Bodack, 875 A.2d at 407).
" Id. (quoting Bodack, 875 A.2d at 407). The court stated that
the
reasoning of Times Publishing Co. v. Michel applied in this
case as well, and
explained that " 'private citizens have a legitimate and
reasonable expectation
that their phone numbers will remain private and that disclosure
of these
numbers would constitute an unwarranted invasion of personal
privacy
outweighing any public benefit.' " Id. (quoting Bodack, 875
A.2d at 407) (citing
Times Publ'g Co. v. Michel, 633 A.2d 1233 (Pa. Commw. Ct.
1993)).
^̂ Id (citing Bodack, 875 A.2d at 407).
^̂ Id. The court reasoned, "[s]uch damage can be measured only
by the
interpretation placed on the release of that information and its
perceived
connection to the political, business, marital, competitive or
other interests of the
person receiving the call." Id. (quoting Bodack, 875 A.2d at
407).
22. ^' Id at 113-14 (quoting Bodack, 875 A.2d at 407-08).
*' See Tribune-Review Publ'g Co., 961 A.2d at 114-15 (citing
Bodack, 875
A.2d at 408).
588 WiDENER LAW JOURNAL [Vol. 19
Following previous rulings, the court found that the lower
court properly balanced the test of personal security interests
and
the public's right to the information.^^ The court found that, in
order to satisfy both interests, the cellular telephone bills
should be
released, but only after the telephone numbers have been
redacted.^' The court stated that "the telephone numbers must
be
redacted" prior to being released to the public under the Right-
to-
Know Act because there is a "patently strong . . . interest" in
not
disclosing the phone numbers on the cellular telephone bills and
a
"weak, perhaps non-existent public interest."
IV. EVALUATION
The Tribune-Review Publishing Co. case falls in line with
Pennsylvania law. It properly follows precedent while further
refining what information actually falls within the exception.^''
Additionally, the case appropriately deals with how to handle
disclosure of records containing information that falls within
the
public records exception. '̂* Penn State and Sapp Roofing Co.
23. established the test: there must be a balancing of the public
interest
in the disclosure of information and the individual right to
privacy
in one's personal identification and security information.^^ This
test
is applied in order to establish whether the information sought
falls
within the public records exception.^ The court in Tribune-
Review
Publishing Co. followed that test exactly by weighing the strong
™ Tribune-Review Publ'g Co., 961 A.2d at 114-15. See
generally Pa. State
Univ. V. State Employees' Ret. Bd. {Penn State), 935 A.2d 530
(Pa. 2007)
(holding that while the public had a right to know the salaries of
state
employees, that right did not extend to personal information
such as addresses,
telephone numbers, and social security numbers); Sapp Roofing
Co. v. Sheet
Metal Workers' Int'l Ass'n, Local Union No. 12, 713 A.2d 627
(Pa. 1998)
(dealing with the disclosure of payroll information, including
telephone
numbers).
'" Tribune-Review Publ'g Co., 961 A.2d at 117.
^Vi/. at 117-18.
" See generally Penn State, 935 A.2d at 541; Sapp Rooftng Co.,
713 A.2d
at 630.
'•* See Tribune-Review Publ'g Co., 961 A.2d at 113-18.
" Penn State, 935 A.2d at 541 ; Sapp Rooftng Co., 713 A.2d at
24. 630.
'^ Penn State, 935 A.2d at 541 ; Sapp Rooftng Co., 713 A.2d at
630.
2010] PENNSYLVANIA ADMINISTRATIVE LAW 589
public interest in the disclosure of information related to how a
public agency spends its funds and the strong private interest in
maintaining the privacy of telephone numbers. ^ The court also
refined the scope of the test by applying it specifically to the
public
interest in the disclosure of telephone numbers on cellular
telephone bills and by acknowledging the possible prejudice or
harm to the private interest in protecting the information.^
The court reached the proper conclusion by basically applying
the test to the records as a whole and then again to the personal
identification and security information.^^ The cellular
telephone
bills are public records and, as such, should be released;
however,
since the public interest in the actual numbers is weaker than
the
privacy interest in the numbers, the numbers must first be
redacted.̂ *' The court's decision strikes the proper balance
between
transparency and privacy.
The court in Tribune-Review Publishing Co. did seem to put
more weight in the idea that some information can be
"intrinsically
harmful" than it seems the court did in Penn State}^ In Penn
State,
the court concluded that an intrinsically harmfiil analysis alone
25. can
not determine if the information meets the public records
exception. However, in Tribune-Review Publishing Co., the
court
determined that there are certain types of infonnation which—if
disclosed—could lead to potential prejudice and harm to
personal
identification and security information because of its very
nature.^^
While not overruling the holding in Penn State, the court in
Tribune-Review Publishing Co. seemed to definitely give more
credence to the idea that some information, no matter what,
possesses the potential to be harmful to the private citizen if
released. '̂*
" Tribune-Review Publ'g Co., 961 A.2d at 117-18.
''Id
"See id
*Vi/. at 118.
^'See/i^. at 117-18.
" Penn State, 935 A.2d at 541 ("Intrinsic harmfulness . . . may
not be
regarded as the sole determining factor in the privacy
analysis.") (citing Moak v.
Phila. Newspapers, Inc., 336 A.2d 920, abrogated by Penn State,
935 A.2d 530).
^̂ Tribune-Review Publ'g Co., 961 A.2d at 117.
''See id
590 WiDENER LAW JOURNAL [Vol.19
In Penn State, the court made a point of the fact that
26. University employees' information became property of that
agency
because they received a benefit from SERS and, therefore, their
information became part of the public record. The argument
could be made, in the case of Tribune-Review Publishing Co.,
that
those who called their city council member received a benefit as
well and therefore their information should become part of the
public record. However, this is not a strong claim. The benefit
received by the University employees is far greater and longer-
lasting than the benefit of being able to contact a city council
member. Additionally, in Penn State, the information released
did
• ÍÍÍÍ
not contain personal identification or security information. The
University employees also chose to avail themselves of SERS
services,^^ whereas some of the numbers appearing on the
cellular
telephone records could belong to people who dialed a wrong
number or could be a wrong number dialed by a city council
member.^^ This means that citizens who had made no
purposeful
availment of their city council members' assistance would have
be
at risk of having personal identification and security
information
released.
The Pennsylvania General Assembly passed a major overhaul
of the Right-to-Know Act, which took full effect on January 1,
^̂ However, the Act is only applicable to informationapp
requests made after December 31, 2008.^ Therefore, the
precedent
27. established by Tribune-Review Publishing Co., and other cases
relating to the former version of the Right-to-Know Act, are
applicable to all cases pending based on requests made prior to
December 31, 2008. The General Assembly recognized the fact
that some information should not be released to the public
despite
being contained in public records and has established twenty-
nine
different categories of information that are exceptions to the
*' Penn State, 935 A.2d at 535.
*̂ M at 539.
^ ' M a t 533.
^̂ See Tribune-Review Publ'g Co., 961 A.2d at 113 (quoting
Tribune-
Review Publ'g Co. V. Bodack, 875 A.2d 402, 407 (Pa. Commw.
Ct. 2005)).
^' 65 PA. STAT. ANN. § 67.3104 (West Supp. 2009).
^'id §67.3101.
2010] PENNSYLVANIA ADMINISTRATIVE LAW 591
disclosure requirement.^' Included in those categories are things
like social security numbers, telephone numbers, addresses,
driver's license numbers, and e-mail addresses.^^
V. CONCLUSION
Overall, Pennsylvania courts have shown an interest in
preserving a proper balance between the public interest in a
transparent govemment and the private interest in the right to
individual privacy of one's personal identification and security
28. infonnation. The Tribune-Review Publishing Co. holding shows
that it is possible to serve both interests equally without forcing
one to compromise. In the next few years, this will continue to
be
an issue until all requests for information prior to December 31,
2008, are satisfied. It will be important that the courts continue
to
strive for the proper balance between public and private
interests.
The Pennsylvania General Assembly clearly recognized the need
for that balance by establishing a more detailed list of what
infonnation is excludable from disclosure. That list, Tribune-
Review Publishing Co., and prior case law will prove to be key
guidance to courts in the near ñiture.
Lindsay M. Schoeneberger
§ 67.708(b).
Id § 67.708(b)(6)(i)(A).
Copyright of Widener Law Journal is the property of Widener
Law Journal and its content may not be copied or
emailed to multiple sites or posted to a listserv without the
copyright holder's express written permission.
However, users may print, download, or email articles for
individual use.
Title
ABC/123 Version X
29. 1
Week One Information Security Key Terms
SEC/440 Version 5
1
University of Phoenix Material
Week One Information Security Key Terms
This document is a comprehensive collection of important terms
that will be discussed throughout the class. You can refer to it
as you read the textbooks or complete any of the weekly
assignments.
Access controls – Controls that restrict unauthorized individuals
from using information resources and are concerned with user
identification
Accountability – A term that means a determination of who is
responsible for actions that were taken
Authentication – A process that determines the identity of the
person requiring access
Authorization – A process that determines which actions, rights,
or privileges the person has based on verified identity
Availability – The property of an information system being
accessible and usable on demand by an authorized user
Client – Host computer that receives network services from a
network server
Confidentiality – The condition when designated information is
collected for approved purposes and is not disseminated beyond
a community of authorized users
Configuration management – The management of changes made
to an information system’s hardware, software, firmware, and
documentation throughout the IS lifecycle
Contingency plan – The documented organized process for
30. implementing emergency response, back-up operations, and
post-disaster recovery of an information system
Data – An elementary description of things, events, activities,
and transactions that are recorded, classified, and stored but are
not organized to convey any specific meaning
Database – A group of logically related files that stores data and
the associations among them
E-commerce – The buying and selling of goods and services
over the Internet
E-business – A broader definition of electronic commerce,
including buying and selling of goods and services, as well as
servicing customers, collaborating with business partners,
conducting e-learning, and conducting electronic transactions
within an organization
E-government – The use of electronic commerce to deliver
information and public services to citizens, business partners,
suppliers of government entities, and those working in the
public sector
Information – Data that has been processed that is meaningful
and useful to human beings
Knowledge – Data or information that has been organized and
processed to convey understanding, experience, accumulated
learning, and expertise as applied to a current problem or
activity
Extranet – Private network that extends to authorized users
outside of the organization
Encryption – The conversion of plaintext information or data
into an unintelligible form by means of a reversible translation
based on a table or algorithm
Firewall – Allows or blocks traffic into and out of a private
network or a user's computer
Hacker – Common nickname for an unauthorized person who
breaks into or attempts to break into an information system by
circumventing software security safeguards
31. Internet – The global network that uses universal standards to
connect millions of different networks
Intranet – Internal network not accessible to the public and
protected by a firewall
Information system – Set of interrelated components that
collect, process, store, and distribute information to support
decision making and control within an organization
Information technology architecture – A high-level map or plan
of the information assets in an organization
Information technology infrastructure – The physical facilities,
IT components, IT services, and IT personnel that support an
entire organization
Identification – The process that enables recognition of an
entity by a system, generally by the use of unique machine
readable usernames
Integrity – A subgoal of computer security which ensures that
data is a proper representation of information and has not been
exposed to accidental or malicious alteration or destruction
Malicious code or virus – Programs that carry malicious
executable, virus, or worm code that intentionally cause harm
by modifying or destroying computer systems often without the
user’s knowledge
Network – A connecting system (wireline or wireless) that
permits different computers to share information or resources
Protocol – A formal set of rules governing the communication
between two network devices
Risk formula – Risk = Impact x (Threat x Vulnerability)
Risk – The probability that a particular threat will exploit a
particular vulnerability of a system
33. 2. The security concept that states every user should be
responsible for his or her own actions is called
_______.
3. The individual who is responsible for deciding on the access
rights to the information for various personnel is called an
_______.
4. Physical, technical, and administrative controls used to
protect information systems are called
_______.
5. The probability that a particular threat will exploit a
particular vulnerability of an information system is called
_______.
6. An event, process, activity, or substance that has an adverse
effect on organizational assets is called a _______.
Federal Information Security Management Act (FISMA) of 2002
Terminology Matching
Match the terminology with the correct definition by inserting
the corresponding letter in the answer column.
Terminology
Answer
Definitions
7.
Authorize
A. Information systems and internal information are grouped
based on impact.
8.
Supplement
34. B. The step where an initial set of security controls for the
information system are chosen and tailored to obtain a starting
point for required controls
9.
Monitor
C. Assess the risk and local conditions, including the security
requirements, specific threat information, and cost–benefit
analysis to increase or decrease security controls.
10.
Categorize
D. Step where the original and supplement controls are put in
writing
11.
Document
E. Original and supplement controls are applied to the system.
12.
Select
F. Security controls are evaluated to see if they are implemented
correctly and are operating as intended.
13.
Assess
G. Evaluation of risk to organizational operations,
organizational assets, or individuals that leads to this action
14.
Implement
H. Requires checking and assessing the selected security
controls in the information system on a continuous basis
15.
In 300- to 400-words, explain why security professionals must