The Pennsylvania Supreme Court has issued its first decision interpreting the new Right-to-Know Law, requiring a municipal stadium authority to produce bids in possession of its private management company, but setting forth a new, more restrictive test for requests directed to documents in the possession of state information technology vendors and all other government contractors.
On May 29, 2012, the Pennsylvania Supreme Court, in SWB Yankees, LLC v. Wintermantel and the Scranton Times Tribune, issued its first decision interpreting the new Right-To-Know Law ("RTKL"). The case addressed whether a municipal stadium authority was required to release concessionaire bids needed for the operation of a minor league baseball stadium, where the documents were in the possession of and created by a private contractor, the authority's management agent. While the Court ultimately held that the authority was required to produce the bids in possession of its private management company, it did so by applying a new test for requests directed to documents in the possession of private "third parties." In this alert, we will address the concerns this case presents in connection with records held by a state information technology vendor ("IT vendor") and to discuss other considerations related to confidentiality of trade secrets and proprietary information.1
Currently, Section 506(d)(1) of the RTKL expressly requires disclosure of "[a] public record that is not in the possession of an agency but is in the possession of a party whom the agency has contracted to perform a governmental function on behalf of the agency, and which directly relates to the government function and is not exempt…" The law, however, does not define the term "governmental function," which has resulted in prior decisions that have broadly construed all government contracts with third parties to involve a "governmental function." Most state IT vendors have assumed that all records related to their contracts with the state were producible under the RTKL.
The Supreme Court, in SWB Yankees, has narrowed that approach by adopting a test that requires disclosure of third-party contractor/vendor ("contractor/vendor") records under 506(d)(1) only where the third party has been delegated a "non-ancillary undertaking of government." The Court explained that "contract[ing] to perform a governmental function" connotes "an act of delegation of some substantial facet of the agency's role and responsibilities, as opposed to entry into routine service agreements with independent contractors." In other words, the RTKL is not meant to reach records of IT vendors just because that entity has contracted with the government to provide services. Therefore, records in possession of IT vendors performing ancillary or routine functions should not be subject to disclosure under the RTKL. Counsel can help contest a request for disclosure submitted to an IT vendor for records that may relate to mere ancillary services.
Of course, determining what constitutes a "non-ancillary" function in the future will be a very fact-intensive analysis. As the Court stated, "[w]e observe that this is the type of conception that is most amenable to further development over time in the decisional law." To illustrate the kind of facts upon which the release of an IT vendor's records will depend, suppose that the Department of Labor and Industry contracts with an IT vendor to design and install a new data management and control system to collect and organize prevailing wage data. We believe that the function would likely be deemed "ancillary." On the other hand, if the Department contracts with an IT vendor to evaluate or make recommendations with respect to prevailing wage compliance, those activities would likely be held as "non-ancillary" and related records, producible under the RTKL. Ascertaining compliance is a core function of the Department. Implementing a system to collect and process data is not.
Notwithstanding the new "non-ancillary function" test articulated in SWB Yankees, agencies and IT vendors should continue to rely on appropriate exemptions to protect third-party records and information that are instead in the possession of the agency and that could potentially be released. For example, if an IT vendor's proposal or contract contains trade secret and confidential proprietary information, requests for that document should either be denied entirely by the agency or, denied in part by the agency's redaction of the exempt information. The following protective measures should be considered:
Documents Submitted in the Future Containing Trade Secret and Confidential Proprietary Information
When submitting a proposal or contract containing trade secret or confidential proprietary information, an IT vendor should inform the agency in writing that the document contains trade secret or confidential proprietary information. A mere statement indicating that a record is confidential inserted in the original when sent does not automatically mean the record will be protected after a request is made. If and when notified by an agency that a request for a document with trade secret or confidential information has been received, the IT vendor should respond with substantial facts and argument regarding the significant harm that would result from disclosure, and the relationship between the protected information and the alleged harm. Conclusory statements as a basis for justifying nondisclosure will be insufficient. Counsel can assist in preparing this submittal.
Protecting Previously Submitted Documents Containing Trade Secret and Confidential Proprietary Information
Unfortunately, some of the documents that contain trade secret or confidential proprietary information will be documents furnished in the past. The RTKL appears to apply not merely to documents furnished after its effective date of January 1, 2009, but also to documents provided previously and retained by an agency. Notably, an IT vendor may not have been properly informed about the vulnerability of trade secret or confidential proprietary information provided previously and therefore may never have designated all sensitive documents as being confidential. An IT vendor should therefore review documents that were previously submitted to an agency to identify those documents which have trade secret or confidential proprietary information. The IT vendor should then advise the agency as to which documents may contain trade secret or confidential proprietary information, and are therefore subject to protections against the release of protected information. The law is, however, unclear as to whether this will be effective and counsel should be consulted so that confirmation of the protected information can be confirmed definitively.
Protecting Against Government Contract Provisions Related to Third-Party Document Release
Many state government agencies have added broad and arguably over-reaching RTKL provisions in their standard contract terms and conditions, outlining procedures for third-party record disclosure in supposed compliance with the RTKL. These provisions, however, sometimes expand or inadequately describe the documents subject to disclosure and the procedural requirements and safeguards to protect trade secret and confidential proprietary information contained in IT vendor documents. Therefore, IT vendors should closely review any RTKL provisions in government contracts to ensure they are consistent with law. As per the SWB Yankees case, the only documents required to be disclosed by an IT vendor are those related to non-ancillary functions of the agency. The RTKL procedural requirements are as follows:
The agency must notify an IT vendor within five business days of the receipt of a request for a third-party document if the IT vendor provided the record and included a written statement signed by a representative that the record contained trade secret or confidential proprietary information.
The IT vendor then has five business days from receipt of that notification to provide input on the document's release.
Within 10 days after giving notice, the agency must decide whether to release the document.
Provisions that deviate from or impose requirements beyond the procedures described above are not required and therefore do not have to be agreed to by IT vendors. Given that the SWB Yankees case is new, it is virtually certain that IT vendors are being asked to sign contracts that potentially expand RTK obligations beyond those required by the statute.
For additional information on third-party contractor/vendor disclosures and how to protect your company's trade secret or confidential proprietary information under the Right-To-Know Law, please feel free to contact the authors for assistance.
1. Although directed to the attention of IT vendors, the substance of this alert applies to all outside state and local contractors and vendors.