The Pennsylvania Supreme Court's First Interpretation of the 2008 Right-To-Know Law: Release of Third-Party Contractor/Vendor Documents

by Saul Ewing Arnstein & Lehr LLP

The Pennsylvania Supreme Court has issued its first decision interpreting the new Right-to-Know Law, requiring a municipal stadium authority to produce bids in possession of its private management company, but setting forth a new, more restrictive test for requests directed to documents in the possession of state information technology vendors and all other government contractors.

On May 29, 2012, the Pennsylvania Supreme Court, in SWB Yankees, LLC v. Wintermantel and the Scranton Times Tribune, issued its first decision interpreting the new Right-To-Know Law ("RTKL"). The case addressed whether a municipal stadium authority was required to release concessionaire bids needed for the operation of a minor league baseball stadium, where the documents were in the possession of and created by a private contractor, the authority's management agent. While the Court ultimately held that the authority was required to produce the bids in possession of its private management company, it did so by applying a new test for requests directed to documents in the possession of private "third parties." In this alert, we will address the concerns this case presents in connection with records held by a state information technology vendor ("IT vendor") and to discuss other considerations related to confidentiality of trade secrets and proprietary information.1

Currently, Section 506(d)(1) of the RTKL expressly requires disclosure of "[a] public record that is not in the possession of an agency but is in the possession of a party whom the agency has contracted to perform a governmental function on behalf of the agency, and which directly relates to the government function and is not exempt…" The law, however, does not define the term "governmental function," which has resulted in prior decisions that have broadly construed all government contracts with third parties to involve a "governmental function." Most state IT vendors have assumed that all records related to their contracts with the state were producible under the RTKL.

The Supreme Court, in SWB Yankees, has narrowed that approach by adopting a test that requires disclosure of third-party contractor/vendor ("contractor/vendor") records under 506(d)(1) only where the third party has been delegated a "non-ancillary undertaking of government." The Court explained that "contract[ing] to perform a governmental function" connotes "an act of delegation of some substantial facet of the agency's role and responsibilities, as opposed to entry into routine service agreements with independent contractors." In other words, the RTKL is not meant to reach records of IT vendors just because that entity has contracted with the government to provide services. Therefore, records in possession of IT vendors performing ancillary or routine functions should not be subject to disclosure under the RTKL. Counsel can help contest a request for disclosure submitted to an IT vendor for records that may relate to mere ancillary services.

Of course, determining what constitutes a "non-ancillary" function in the future will be a very fact-intensive analysis. As the Court stated, "[w]e observe that this is the type of conception that is most amenable to further development over time in the decisional law." To illustrate the kind of facts upon which the release of an IT vendor's records will depend, suppose that the Department of Labor and Industry contracts with an IT vendor to design and install a new data management and control system to collect and organize prevailing wage data. We believe that the function would likely be deemed "ancillary." On the other hand, if the Department contracts with an IT vendor to evaluate or make recommendations with respect to prevailing wage compliance, those activities would likely be held as "non-ancillary" and related records, producible under the RTKL. Ascertaining compliance is a core function of the Department. Implementing a system to collect and process data is not.

Other Considerations:

Notwithstanding the new "non-ancillary function" test articulated in SWB Yankees, agencies and IT vendors should continue to rely on appropriate exemptions to protect third-party records and information that are instead in the possession of the agency and that could potentially be released. For example, if an IT vendor's proposal or contract contains trade secret and confidential proprietary information, requests for that document should either be denied entirely by the agency or, denied in part by the agency's redaction of the exempt information. The following protective measures should be considered:

Documents Submitted in the Future Containing Trade Secret and Confidential Proprietary Information
When submitting a proposal or contract containing trade secret or confidential proprietary information, an IT vendor should inform the agency in writing that the document contains trade secret or confidential proprietary information. A mere statement indicating that a record is confidential inserted in the original when sent does not automatically mean the record will be protected after a request is made. If and when notified by an agency that a request for a document with trade secret or confidential information has been received, the IT vendor should respond with substantial facts and argument regarding the significant harm that would result from disclosure, and the relationship between the protected information and the alleged harm. Conclusory statements as a basis for justifying nondisclosure will be insufficient. Counsel can assist in preparing this submittal.

Protecting Previously Submitted Documents Containing Trade Secret and Confidential Proprietary Information
Unfortunately, some of the documents that contain trade secret or confidential proprietary information will be documents furnished in the past. The RTKL appears to apply not merely to documents furnished after its effective date of January 1, 2009, but also to documents provided previously and retained by an agency. Notably, an IT vendor may not have been properly informed about the vulnerability of trade secret or confidential proprietary information provided previously and therefore may never have designated all sensitive documents as being confidential. An IT vendor should therefore review documents that were previously submitted to an agency to identify those documents which have trade secret or confidential proprietary information. The IT vendor should then advise the agency as to which documents may contain trade secret or confidential proprietary information, and are therefore subject to protections against the release of protected information. The law is, however, unclear as to whether this will be effective and counsel should be consulted so that confirmation of the protected information can be confirmed definitively.

Protecting Against Government Contract Provisions Related to Third-Party Document Release
Many state government agencies have added broad and arguably over-reaching RTKL provisions in their standard contract terms and conditions, outlining procedures for third-party record disclosure in supposed compliance with the RTKL. These provisions, however, sometimes expand or inadequately describe the documents subject to disclosure and the procedural requirements and safeguards to protect trade secret and confidential proprietary information contained in IT vendor documents. Therefore, IT vendors should closely review any RTKL provisions in government contracts to ensure they are consistent with law. As per the SWB Yankees case, the only documents required to be disclosed by an IT vendor are those related to non-ancillary functions of the agency. The RTKL procedural requirements are as follows:

  • The agency must notify an IT vendor within five business days of the receipt of a request for a third-party document if the IT vendor provided the record and included a written statement signed by a representative that the record contained trade secret or confidential proprietary information.
  • The IT vendor then has five business days from receipt of that notification to provide input on the document's release.
  • Within 10 days after giving notice, the agency must decide whether to release the document.

Provisions that deviate from or impose requirements beyond the procedures described above are not required and therefore do not have to be agreed to by IT vendors. Given that the SWB Yankees case is new, it is virtually certain that IT vendors are being asked to sign contracts that potentially expand RTK obligations beyond those required by the statute.

For additional information on third-party contractor/vendor disclosures and how to protect your company's trade secret or confidential proprietary information under the Right-To-Know Law, please feel free to contact the authors for assistance.

1. Although directed to the attention of IT vendors, the substance of this alert applies to all outside state and local contractors and vendors.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Saul Ewing Arnstein & Lehr LLP | Attorney Advertising

Written by:

Saul Ewing Arnstein & Lehr LLP

Saul Ewing Arnstein & Lehr LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.