Supreme Court of Texas.
TEXAS COMPTROLLER OF PUBLIC ACCOUNTS, Petitioner,
ATTORNEY GENERAL OF TEXAS and the Dallas Morning News, Ltd., Respondents.
Argued Sept. 10, 2009.
Decided Dec. 3, 2010.
Rehearing Denied Jan. 14, 2011.
Attorneys & Firms
*337 Maureen Powers, Office of the Attorney General of Texas, Austin, TX, for Texas Comptroller of Public Accounts.
Brenda Loudermilk, Office of the Attorney General of Texas, Clarence Andrew Weber, Kelly Hart & Hallman LLP, Kent C. Sullivan, for Respondent.
Andrew D. Graham, Jackson Walker, L.L.P., Dallas, TX, for The Dallas Morning News, Ltd.
S. Anthony Safi, Mounce Green Myers Safi Paxson & Galatzan, El Paso, TX, for Amicus Curiae Texas Association of School Boards Legal Assistance Fund.
Joseph R. Larsen, Sedgwick, Detert, Moran & Arnold, LLP, Houston, TX, for Amicus Curiae Freedom of Information of Tx. and Reporters Comm. for Freedom of the Press.
Chief Justice LEHRMANN.
Invoking the Texas Public Information Act (PIA), the Dallas Morning News sought a copy of the Comptroller’s payroll database for state employees. See TEX. GOV’T CODE ch. 552. The Comptroller responded with the full name, age, race, sex, salary, agency, job description, work address, date of initial employment, pay rate, and work hours for each employee. But the Comptroller withheld dates of birth as protected under section 552.102’s personnel file exemption, which protects the privacy rights of government employees.
In addition to [Dept. of the Air Force v. Rose, 425 U.S. 352, 378 n. 16, 96 S.Ct. 1592).
Tex. Att’y Gen. OR2006–01938, at 2.2
In the same opinion, the Attorney General discussed the growing problem of identity theft and described how birth dates, particularly when utilized with other data, facilitate that crime. He noted that “a majority of the fifty states protect date of birth information in government employee personnel files.” Id. at 3. Ultimately, however, the Attorney General concluded that there was no proof “that harmful financial consequences will result from the release of the date of birth information in response to this request.” Id. at 4. He left open the possibility that “based on a presentation of new facts and additional arguments, ... it is possible that Texas could join the growing number of states that protect from disclosure broad-based requests for date of birth information.” Id.
The trial court and the court of appeals sided with the Attorney General. 244 S.W.3d 629. The Comptroller has petitioned this Court, and we must now decide if the PIA requires redaction of birth dates. In the course of answering that question, we must also decide whether, to protect 144,000 state employees whose privacy interests would otherwise be compromised,3 we may consider an argument that the Comptroller presented expressly in the trial court and the court of appeals, but only tangentially here. For reasons expressed by the Attorney General in an earlier phase of this litigation, we conclude that the Comptroller properly withheld birth dates. We hold that, under the unique circumstances presented here, the questions the Comptroller has presented fairly include an argument that the privacy interest of the state’s employees must be protected under the personnel-file exception. We reverse in part and affirm in part the court of appeals’ judgment.
I. Procedural history
After the Attorney General issued his letter, the Comptroller, represented by the Attorney General, sued the Attorney General and sought a declaration that birth dates were excepted from disclosure. The Comptroller asserted that the Attorney General failed to apply the appropriate standards for employee privacy rights under both 244 S.W.3d 629.
In the trial court and the court of appeals, the Comptroller argued that 52 Tex.Sup.Ct.J. 377 (Feb. 27, 2009).4
II. The third party privacy interests persuade us to consider the section 552.102 exception that the Comptroller abridged from her argument in this Court.
Although his opinion letter cited a balancing test for determining whether birth date information falls within Hubert decision”).
In this Court, the Comptroller no longer presses the section 552.102 exemption.
Given the unique circumstances of this case and the third party interests at stake, we conclude that the Comptroller’s petition “fairly include[s]” an argument that 552.131.”5 Id. § 552.305.
Cases interpreting the federal Act support a similar construction. The Supreme Court has made it clear that FOIA Exemption 6 protects the privacy interest belonging to the individual. See Id. at 81.
III. Determining whether the information sought is a “clearly unwarranted invasion of personal privacy” requires us to balance the individual’s right to privacy against the public’s right to government information.
The Texas Legislature modeled the PIA after the FOIA. See U.S. Dep’t of State v. Wash. Post Co., 456 U.S. 595, 600, 102 S.Ct. 1957, 72 L.Ed.2d 358 (1982) (noting that “ ‘limitation of a “clearly unwarranted invasion of personal privacy” provides a proper balance between the protection of an individual’s right of privacy and the preservation of the public’s right to Government information by excluding those kinds of files the disclosure of which might harm the individual ’ ” (quoting H.R.Rep. No. 1497, 89th Cong., 2nd Sess., at 11 (1966), U.S.Code Cong. & Admin.News 1966, at 2418, 2428)).
Although we have held that a balancing test is not required under Id. (emphasis added).
In section 552.102, a divided court of appeals held that it did not:
Nothing in the language [of the PIA] indicates that ... the federal balancing test or the section 552.102].
The dissenting justice disagreed, arguing that “[t]he plain meaning of the term ‘clearly unwarranted’ implies in the strongest possible terms that the decision to disclose the information depends upon a balancing test.” section 552.102:
With respect to the [PIA], however, the Supreme Court of Texas observed that the same construction, if applied to [section 552.102], but not applicable outside that subsection.
Id. at 557–58 (Powers, J., dissenting).
We agree with Justice Powers. Because the PIA is modeled on the FOIA, federal precedent is persuasive, particularly where the statutory provisions mirror one another. See Farmers Group, 222 S.W.3d at 425 (noting that Texas statute incorporating language from Federal Rule of Civil Procedure indicated that statute was intended to have similar application).
The Attorney General recognized the applicability of this balancing test in his initial response to the Comptroller’s open letter request, noting that “[t]he limitation of a ‘clearly unwarranted invasion of personal privacy’ requires a balance between the protection of an individual’s right of privacy and the preservation of the public’s right to government information.” section 552.102. Accordingly, we next weigh the third party privacy interest against the public’s right to government information.
IV. Both the Attorney General and the Comptroller have identified significant privacy interests at stake, and the public interest in employee birth dates in this case is minimal.
The privacy interests protected by the PIA exemption involve the right of individuals “to determine for themselves when, how, and to what extent information about them is communicated to others.” ALAN F. WESTIN, PRIVACY AND FREEDOM 7 (1967), quoted in Nat’l Archives & Records Admin. v. Favish, 541 U.S. 157, 174, 124 S.Ct. 1570, 158 L.Ed.2d 319 (2004).
Nor is it relevant that birth dates may be readily available from other sources. “An individual’s interest in controlling the dissemination of information regarding personal matters does not dissolve simply because that information may be available to the public in some form.” Id. (holding that such addresses were exempt from disclosure under FOIA Exemption 6).
Instead, we must examine whether state employees have a privacy interest in their birth dates. The Attorney General, in his initial response to the Comptroller, highlighted many of the issues implicated by the News’ request:
Identity theft, without question, is becoming one of the fastest growing criminal and consumer offenses in the twenty-first century. See Scottsdale Unified Sch. Dist. v. KPNX Broad. Co., 191 Ariz. 297, 955 P.2d 534, 539 (1998).
Tex. Att’y Gen. OR2006–01938, at 3.
Nor can we ignore the reality of technology. As one court has noted:
*344 “There is a difference between electronic compilation in searchable form and records that can only be found by a diligent search through scattered files. The former presents a far greater threat to privacy” (Kurtz, The Invisible Becomes Manifest: Information Privacy in a Digital Age, 38 WASHBURN LJ 151, 155–56  ). Moreover, on-line data brokers often collect information taken from public records and allow access in a searchable form, which potentially leads to abuse by identity thieves.
Reporters Comm., 489 U.S. at 764, 109 S.Ct. 1468 (“[T]here is a vast difference between the public records that might be found after a diligent search of courthouse files, county archives, and local police stations throughout the country and a computerized summary located in a single clearinghouse of information.”). For this reason, almost every major consumer protection entity, whether governmental or non-governmental (including the Federal Trade Commission, the President’s Task Force on Identity Theft, and the Texas Attorney General’s website), advises citizens against publicizing their dates of birth or using their dates of birth as pin numbers and passwords.8
Moreover, there is little question that one “can take personal information that’s not sensitive, like birth date, and combine it with other publicly available data to come up with something very sensitive and confidential.”9 Hadley Legget, Social Security Numbers Deduced From Public Data, WIRED SCI. (July 6, 2009, 5:05 PM) http://www.wired.com/wired science/2009/ *345 07/predictingssn/. As the Arizona Supreme Court has observed:
With both a name and birth date, one can obtain information about an individual’s criminal record, arrest record ... driving record, state of origin, political party affiliation, social security number, current and past addresses, civil litigation record, liens, property owned, credit history, financial accounts, and, quite possibly, information concerning an individual’s complete medical and military histories, and insurance and investment portfolio.
Freedom of Information Laws in the Digital Age: The Death Knell of Informational Privacy, 12 RICH. J.L. & TECH.. 9, at * 19 (2006).
Additionally, the Legislature has provided that state employees’ social security numbers, home addresses, and personal family information are excepted from disclosure. Scottsdale, 955 P.2d at 536 (noting that “birth dates are in fact private” and “may be used to gather great amounts of private information about individuals”).
These concerns have led courts to conclude that birth dates implicate substantial privacy interests. See, e.g., Schiller v. INS, 205 F.Supp.2d 648, 663 (W.D.Tex.2002) (holding that, under FOIA Exemption 7(c) “the privacy interest of these individuals in their names and identifying information, i.e. birth date, outweighs the public interest in disclosure”); Creel v. U.S. Dep’t of State, 1993 U.S. Dist. LEXIS 21187, at *19–*20 (E.D.Tex.1997) (noting that, under FOIA Exemption 7(c), private citizen had a “significant personal privacy interest in her home address, birth date, social security number, and telephone number”).
*346 We conclude that the state employees have a “nontrivial privacy interest” in their dates of birth. Dep’t of Defense, 510 U.S. at 501, 114 S.Ct. 1006. And while we may not inquire into the requesting party’s intended use of the information,10 we must nevertheless examine “the only relevant public interest in the ... balancing analysis—the extent to which disclosure of the information sought would ‘shed light on an agency’s performance of its statutory duties’ or otherwise let citizens know ‘what their government is up to.’ ”11
Like the FOIA, the PIA is based on the notion that citizens are entitled “to complete information about the affairs of government and the official acts of public officials and employees.” Reporters Committee, the U.S. Supreme Court clarified FOIA’s statutory purpose as a means for citizens to know “what their government is up to”:
Official information that sheds light on an agency’s performance of its statutory duties falls squarely within that statutory purpose. That purpose, however, is not fostered by disclosure of information about private citizens that is accumulated in various governmental files but that reveals little or nothing about an agency’s own conduct.
Reporters Committee, 489 U.S. at 773, 109 S.Ct. 1468.
Employee birth dates shed little light on government actions. The News points out that the public has an interest in monitoring the government, and birth dates could be used to determine whether governmental entities like school districts and hospitals have hired convicted felons or sex offenders. But when a protected privacy interest is at stake, the requestor must identify a sufficient reason for the disclosure; mere allegations of the possibility of wrongdoing are not enough. See Indus. Found., 540 S.W.2d at 685.
But “[i]f a totally unsupported suggestion that the interest in finding out whether Government agents have been telling the truth justified disclosure of private materials, Government agencies would have no defense against requests for production of private information.” Dep’t of Defense, 510 U.S. at 498, 114 S.Ct. 1006 (noting that providing employees’ home address would reveal little or nothing about employing agencies or their activities).
Moreover, the Comptroller has relinquished the full name, age, race, sex, salary, agency, job description, work address, date of initial employment, pay rate, and work hours of every agency employee. The Comptroller also showed that, using only the information produced, each employee was distinguishable without resort to date of birth. See Horowitz v. Peace Corps, 428 F.3d 271, 278 (D.C.Cir.2005) (“The availability of information through other sources lessens the public interest in its release through FOIA.”).
We hold that the state employees’ privacy interest substantially outweighs the *348 negligible public interest in disclosure here. Consistent with the federal courts and those in other states, we conclude that disclosing employee birth dates constitutes a clearly unwarranted invasion of personal privacy, making them exempt from disclosure under section 552.102.
V. Attorney’s fees
The trial court denied the News’ request for attorney’s fees, and the court of appeals affirmed. TEX. CIV. PRAC. & REM.CODE § 37.009.
A. Government Code § 552.323(b)
TEX. GOV’T CODE § 552.323(b). Before a trial court may award fees, the statute also requires that a number of other conditions be met: that the action be brought under section 552.324; that the trial court consider whether the public information officer who withheld that information had a reasonable basis in law for doing so; and that the trial court examine whether the litigation was brought in bad faith. See id. The parties dispute whether these requirements were satisfied here. We need not reach those issues, however, because the Comptroller has prevailed.
B. Declaratory Judgment Act
Under the Declaratory Judgment Act, a trial court may award reasonable and necessary attorney’s fees “as are equitable and just.” Bocquet v. Herring, 972 S.W.2d 19, 21 (Tex.1998).
Identity theft cost Americans almost $50 billion in 2007 alone. RACHEL KIM, JAVELIN STRATEGY & RESEARCH, 2007 IDENTITY FRAUD SURVEY REPORT 1 (2007), available at http://graphics8.nytimes. com/images/blogs/freakonomics/pdf/Javelin%20Report%202007.pdf. In 2004, Texas ranked fourth among states for the number of identity-theft complaints reported to the Federal Trade Commission. OFFICE OF CONSUMER CREDIT, LEGISLATIVE REPORT REVIEWING IDENTITY THEFT AND SENATE BILL 473 (2004), available at http://www. occc.state.tx.us/pages/publications/IdentityTheft.pdf. The State of Texas employs over a quarter of a million people, 144,000 of whom represent the true parties involved in this controversy. When the privacy rights of a substantial class of innocent third parties are affected by one of our decisions, we have a duty to pay them heed. And because the state employees’ privacy interest substantially outweighs the minimal public interest in the information, we hold that disclosure of state employee birth dates would constitute a clearly unwarranted invasion of personal privacy, and such dates are excepted from disclosure under section 552.102. See TEX.R.APP. P. 60.2(a), (c).
*349 Justice JOHNSON.
Justice WILLETT did not participate in the decision.
Justice JOHNSON, dissenting in part and concurring in part.
The dates of birth of state government employees that the Dallas Morning News requested from the Comptroller in this case are defined as public information—information legitimately collected and maintained by the State of Texas. There is no dispute of that fact. Unlike social security numbers, the Legislature has not expressly excepted birth dates from disclosure.1 And no one disagrees with the proposition that public information should be handled in ways that provide protections against identity theft. But we should not forget that the more public information is protected from disclosure to the people, the less information the public gets from the government that serves it. It is a fundamental policy of the State of Texas that its citizens are entitled “at all times to complete information about the affairs of government and the official acts of public officials and employees.” TEX. GOV’T CODE § 552.001).
The public information at issue has proven quite useful not only to inform citizens of the actions of the government and to arm citizens to hold the public sector accountable but also to highlight problems in the public sector that should be addressed. For example, the information sought in this case, which had been released to the News in prior years, was used to determine that a number of Texas Youth Commission employees had some criminal background and that some employees of a local school district had criminal records.2 Dates of birth were used to confirm the identities of public employees with criminal records and avoid confusing them with the wrong persons with similar or the same names. These are legitimate uses of public employees’ birth dates, which the Court precludes by its opinion.
Obviously, whether to disclose or keep secret public information involves a balancing of policy objectives, including the public’s right to transparency in governmental affairs and privacy concerns of public employees. In promulgating the Texas Public Information Act (PIA), the Legislature balanced disclosure and protection of different types of public information about public employees. The Legislature decided that dates of birth are public information, as the Court and the Comptroller concede. And the State of Texas for years has sold birth date information of Texas public employees to businesses, and the parties point to no problems with identity *350 theft arising from those prior disclosures.3 To address illicit use of personal information, the Legislature promulgated the Identity Theft Enforcement and Protection Act with criminal penalties for those parties who engage in identity theft.4 Before today, no Texas court had held that dates of birth of public employees are confidential or otherwise precluded their disclosure.
This case is fundamentally about which institution decides that balance—the Legislature or the judiciary. Our task in this case is not to decide if we think these birth dates should be confidential. We are charged with deciding whether the Legislature excepted dates of birth of public employees from disclosure under section 552.102, an issue the Comptroller did not raise in this Court and expressly disclaims as a basis for its position that the information should be protected. I respectfully dissent.
I. Factual and Procedural History
On November 18, 2005, an editor with the Dallas Morning News (News) submitted a PIA request to the Comptroller for an electronic copy of the Texas state employee payroll database. The News requested the full name, birth date, job description, agency, salary, race, sex, work address, date of initial employment, pay rate, and work hours of every state employee in the database. Contending that birth dates, certain salary deductions, and an employee’s designation as a peace officer are protected from disclosure under Tex. Att’y Gen. OR2006–01938.
Arguing that the release of the birth dates could lead to identity theft, the Comptroller filed suit seeking declaratory relief from compliance with the Attorney General’s letter ruling as provided by Subchapter H of the PIA. TEX. GOV’T CODE §§ 552.321–.327. The News intervened in the lawsuit and moved for partial summary judgment on the ground that birth dates are not protected from disclosure by the PIA. The Comptroller responded with a cross-motion for summary judgment, contending that the information is protected as a matter of law or, alternatively, that the issue is fact-intensive and not appropriate for summary judgment. The trial court granted the News’s motion for partial summary judgment and denied the Comptroller’s cross-motion for summary judgment. The Comptroller appealed arguing *351 to withhold the information under 552.101 and 552.102.
The Comptroller argued that the trial court erred in granting the News’s partial summary judgment because the release of a public employee’s birth date, in conjunction with his name, is a violation of the employee’s right of privacy. The court of appeals held that the disclosure of state employees’ birth date information would not violate any privacy interests, and thus was not protected under 489 S.W.2d 858, 859–60 (Tex.1973).
II. Preservation and Waiver: The Court Decides This Case on an Issue the Comptroller Expressly Disclaimed.
The Comptroller was asked at oral argument specifically if her position included arguments under PIA section 552.102 and employing a balancing test to determine whether to protect the birth dates from disclosure. Her counsel responded:
Answer: I would say that we are going solely under 552.101.... We are not advocating a balancing test ... we don’t believe a balancing test is applicable under this particular state regulatory system.
* * *
Question: There’s an argument that 552.102 is a stronger argument, but you’re not making that argument. I want to be clear about that.
Answer: We are not making that argument.
* * *
Answer: [A] balancing test ... is simply not found in the PIA.
The Comptroller’s position on this issue could not be clearer. She unequivocally limited her argument for nondisclosure of birth dates of public employees “solely” to section 552.102 or a balancing test.
On occasion, a case may present a court with a fine line between adjudication and advocacy. However, we should remain on the side of adjudicating only the issues presented, absent rare and extraordinary situations not presented here. See In re B.L.D., 113 S.W.3d 340, 351–55 (Tex.2003) (recognizing that courts may review fundamental error not assigned). The Legislature and the Attorney General have both decided as a matter of policy not to protect *352 dates of birth from disclosure, yet the Court shuns its substantial precedents on waiver to reach the contrary policy. Moreover, the information the Court protects has already in large part been disclosed. In the summary judgment evidence, the News submitted an affidavit stating that it has received the state employees database, including the dates of birth of the employees, from the Comptroller’s office in response to previous requests for the information.
Our rules of procedure require that a party present the issues to be decided by this Court in the party’s petition and brief on the merits. See TEX.R.APP. P. 33.1, 53.2(f), 53.4, 55.2(f). “[I]ssues not presented in the petition for review and brief on the merits are waived.” Id. The Comptroller does not allege fundamental error.
Waiver rules exist for good reasons. “[A]dhering to our preservation rules isn’t a mere technical nicety; the interests at stake are too important to relax rules that serve a critical purpose.” article II, section 1 of the Texas Constitution bars this Court from issuing advisory opinions). I dare say that the News will be surprised by the Court’s deciding this case on a ground it was not given an opportunity to address.
This is not a typical waiver case in which a party argues that it did raise the issue or that it is fairly included in its petition and briefs. Not only did the Comptroller choose not to raise or analyze the exception from disclosure under section 552.102 in her petition or brief, her counsel affirmatively disclaimed the argument at least four times at oral argument. See supra at 351 (“[W]e are going solely under 552.101.... We are not making that argument.... We are not advocating a balancing test.... [A] balancing test ... is simply not found in the PIA.”).
The Court holds that the Comptroller properly withheld birth dates under section 552.102 argument, and it will consider arguments the Comptroller did not make.
The Court indicates it acts on behalf of public employees who do not have a voice in this dispute. But, the PIA provides a mechanism for the public employees affected to submit their arguments to the Attorney General when considering a governmental body’s decision not to disclose public information. The governmental entity shall make a good faith attempt to notify such persons in writing of the request for the attorney general decision and may then submit a brief with reasons why the information should be withheld. TEX. GOV’T CODE § 552.305. Although the record indicates that the mechanism was not utilized, the Court’s holding makes the provision irrelevant in this case.
I disagree that the Court should disregard our rules on waiver to decide an issue specifically and repeatedly disclaimed by the Comptroller, without any allegation of fundamental error. Because the Court decides this case under section 552.101 excepts state employees’ dates of birth from disclosure.
III. Risk of Identity Theft
Applying Department of the Air Force v. Rose, 425 U.S. 352, 372, 96 S.Ct. 1592, 48 L.Ed.2d 11 (1976), the Court holds that the state employees’ privacy interests substantially outweigh the public interest in disclosure. 354 S.W.3d 336.
A. The Sky Is Not Falling: The Court’s Characterization of the Privacy Interest at Stake Is Overstated.
Wash. Post Co. v. U.S. Dep’t of Health & Hum. Servs., 690 F.2d 252, 275 (D.C.Cir.1982). The Court jumps on the bandwagon of a number of other states, or federal trial courts, that have held that birth date information may constitute a clearly unwarranted invasion of personal privacy. While I am sensitive to the privacy rights of public employees and understand the concern of the Court, I believe the Court’s reasoning is misguided for three fundamental reasons.
First, the Legislature has not protected dates of birth of public employees from disclosure. Birth dates by themselves are not private or damaging.5 The Court and *354 the parties have recognized as much. And the Restatement of Torts recognizes as much. Rose, 425 U.S. at 372, 96 S.Ct. 1592).
The Court points to no evidence that disclosure of birth dates would be offensive to a reasonable person, would cause harm, or would lead to personal harm. Instead, the Court holds, much more tenuously, that disclosure is harmful because birth date information, “taken together” with other information, may “be used to facilitate identity theft,” or may be used to locate a Social Security number, which may be used to facilitate identity theft. 354 S.W.3d 336 (quoting Hearst Corp. v. State, 24 Misc.3d 611, 882 N.Y.S.2d 862, 875 (N.Y.Sup.Ct.2009)). In other words, the harm is not in the disclosure of the birth date, but in the possibility that some evildoer may use a birth date to gain other information (such as a social security number) which he or she then may use to commit identity theft. Never before has the Court held that information is not subject to disclosure under the PIA because the information may lead to other information that may be used to cause harm. By that logic, much information of a personal nature would be immune from disclosure—names of public employees, dates of employment, home addresses. This sort of information, taken together with other information, might lead to the employee’s social security number and possibly to identity theft. While the state has outlawed identity theft, and individuals may sue when others misappropriate their private data, the Court should not allow subversion of the open-government policies of the PIA under the risk that some of the public information may later be misused.
As written, FOIA Exemption 6 (substantially identical to section 552.102) likely only protects the information itself, not its derivative uses or problems down the line.
Perhaps FOIA would be a more sensible law if the Exemption applied whenever disclosure would “cause,” “produce,” or “lead to” a clearly unwarranted invasion of personal privacy—though the practical problems in implementing such a provision would be considerable. That is not, however, the statute Congress enacted. Since the question under United States Dept. of Justice v. Reporters Committee for Freedom of Press, 489 U.S. 749, 771, 109 S.Ct. 1468, 103 L.Ed.2d 774 (1989) that the particular purposes for which a request is made are irrelevant.
section 552.102 does not require consideration of derivative harm.
Interestingly, the Texas Identity Theft Enforcement and Protection Act requires businesses to take reasonable steps to protect “sensitive personal information” collected or maintained by the business in the regular course. TEX. BUS. & COM.CODE § 521.052. Sensitive personal information is generally an individual’s name combined with any one or more of the following: social security number, driver’s license number or government-issued identification number, or account, credit card or debit card number. Id. § 521.002(a)(2). The Legislature has not extended this obligation to dates of birth. Id.6 Notifications to others required by the Identity Theft Act for breaches of computer security apply only when sensitive personal information is reasonably believed to have been acquired by an unauthorized person. Id. § 521.053. Again, the Legislature did not include dates of birth in the same risk category with sensitive personal information.
Second, the support relied on by the Court is far from conclusive. The Court repeats general statements about birth date information but cites to and provides no real data supporting the proposition that birth date information truly leads to identity theft, or that the disclosure of someone’s birth date, in and of itself, has caused any person to be the victim of identity theft. The Court points to a study from Carnegie–Mellon University in which researchers were able, with 60% accuracy, to determine the first six digits of a person’s Social Security number when given the person’s date and location of birth, for persons born after 1989. 354 S.W.3d 336 (citing Alessandro Acquisti & Ralph Gross, Predicting Social Security Numbers From Public Data, 106 PROC. NAT’L ACAD. SCI. 10975 (2009)). Other scholarly and media reports and court cases cited by the Court repeat the findings of the Acquisti and Gross study, or make general statements that compilation of data can be more helpful to identity thieves than data spread out through multiple sources, or that simply assert that birth dates may lead to more private data. Neither the Court nor the Comptroller cite any study positively demonstrating that release of birth date information with a person’s name, without a social security number, makes it significantly more likely that the person will be the victim of identity theft. And neither cites any study evidencing an identity theft that began through birth date information being disclosed in a public database.
Credible studies indicate that dates of birth are not the sin qua non of identity theft. The most common form of identity theft arises from credit card theft or check fraud, and the least common form arises from stolen social security numbers or other personal information. Herb Weisbaum, Identity Theft Problem: The Facts Behind the Fear, MSNBC (Oct. 21, 2010, 7:42 AM) *356 http://www.msnbc.msn.com/id/39763386/ns/business-consumer_news/ (last visited Dec. 1, 2010) (recognizing a recent report that the “most common form of identity theft is ... ‘old-fashioned credit card theft or check fraud,’ ” with nearly all respondents to the survey recognizing that their identity theft was due to stolen or misused credit or debit cards, and that a hijacking of an identity using a “Social Security number and other basic information” is the “least common form of identity fraud”). A recent study published by the United States Federal Trade Commission reports that a thief’s use of a social security number with a new name and false date of birth currently accounts for 80–85 percent of all identity fraud. Lanny Britnell, Identity Theft America, The Changing Face of Identity Theft, at 1, available at http://www.ftc.gov/os/comments/creditreportfreezes/534030–00033.pdf; see also SYNOVATE, FEDERAL TRADE COMMISSION—2006 IDENTITY THEFT SURVEY REPORT 30 (Nov.2007), available at http://www.ftc.gov/os/2007/11/SynovateFinalReportID Theft2006.pdf (recognizing that 56 percent of victims did not know how their information was stolen, and of the 43 percent of victims who did, many knew the thief personally, had their identities stolen through a purchase or other transaction, from a wallet, from a company that had the information, from hacking, “phishing,” the mail, or some other way). The Attorney General’s office indicated its strong desire to eliminate identity theft, but candidly acknowledged at argument that there is “no firm evidence” that disclosure of birth dates facilitates identity theft and confirmed that the PIA is not intended to prohibit illegal use of data.
The information here is public information, and the connection between the information being disclosed and the actual harm sought to be prevented is too tenuous to support the judicial restrictions on disclosure of the public’s information proffered by the Court when that same public information has been shown to have positive benefits.
Finally, the privacy interest at stake here is lower than the Court makes it out to be because much if not most of the information at issue has been distributed by the state for years—in some instances for a fee. Texas sells personal information under the Motor Vehicle Records Disclosure Act, including names, addresses, dates of birth and driver’s license numbers, to businesses, insurance companies, private investigatory agencies and other third parties, for a number of specified purposes. See TEX. TRANSP. CODE § 730.013(b).7 It is ironic that the Court cuts off free access by the public under the PIA to the same public information that is being sold under the Transportation Code.
B. The News Has Established a “Sufficient Reason” for the Disclosure.
When personal privacy interests are at stake, the second part of the Id.
The Court holds that the News loses under the balancing test because it “has produced no evidence supporting government wrongdoing [and therefore] the public interest in disclosure is negligible.” 354 S.W.3d 336 (citation omitted). I disagree; the public interest in the information is demonstrated. The News argues that it wishes to use the date of birth information to determine whether particular governmental employees who work in or near children are convicted felons or sex offenders. The News asserts a two-fold need for birth dates: first, to determine whether governmental entities are employing sex offenders or felons in jobs that may put children or the public at large at risk, and second, to confirm the identity of a particular governmental employee who may have a criminal record. The News advises that some 2,000 employees of the State of Texas have the same first and last name. It is reasonable and desirable that the media check the identities of these employees before publishing unflattering facts about them. The News further advises that, through its research, it was able to disclose in an article that over 250 employees of the Texas Youth Commission were convicted felons. See McNeill, ID Theft v. Public Record, at A1. These are legitimate and productive uses of dates of birth.
No one doubts that citizens of this state have a right to know the names of those who work for them in government. Neither party, nor the Court, disputes that the News has the right to such names, and the names are easily available, in electronic form, on various governmental websites and other databases. See, e.g., Capitol Complex Telephone System (CCTS) Directory, http://www.dir.state. tx.us/ccts/directory/index.html (last visited Dec. 1, 2010) (listing the names, titles, and telephone numbers of employees working in or near the Capitol). On the other hand, no one argues that state employees give up all of their privacy rights simply by working as an unelected public servant. But the disclosure of the birth dates in this case may actually help preserve government workers’ privacy, by ensuring that any organization—media, political, watchdog, financial, governmental, or otherwise—does not falsely accuse those governmental employees of being persons they are not. This is different from the data that the *358 government collects about nongovernmental employees. Cf. U.S. Dep’t of Justice v. Reporters Comm. for Freedom of the Press, 489 U.S. 749, 773, 109 S.Ct. 1468, 103 L.Ed.2d 774 (1989) (concerning a FOIA request for criminal records of an individual investigated by the FBI). The information at issue may actually prevent mistaken identities and will help keep the government accountable for those they hire.
But fundamentally, under the summary judgment procedures, the Court errs by requiring evidence in the record that the News had no reason to provide in the first place. At the trial court in her summary judgment motion, the Comptroller argued that Boyles v. Kerr, 855 S.W.2d 593, 603 (Tex.1993) (“We have broad discretion to remand for a new trial in the interest of justice where it appears a party may have proceeded under the wrong legal theory. Remand is particularly appropriate where the losing party may have presented his or her case in reliance on controlling precedent that was subsequently overruled.” (citations omitted)). Here, the successful party at trial relied on a standard that the Court has now abandoned. Certainly the News should have an opportunity to make its case under the new formula.
For these reasons, I would not decide this case under section 552.101.
IV. Disclosure of Birth Date Information
The Comptroller argues that public employees’ dates of birth are “confidential” under section 552.101 of the PIA. It is useful to understand the PIA’s structure.
A. The Legislature’s Comprehensive Statutory Scheme for Government Transparency
The stated policy of the PIA is to promote open government. “[I]t is the policy of this state that each person is entitled, *359 unless otherwise expressly provided by law, at all times to complete information about the affairs of government and the official acts of public officials and employees.” City of Garland v. Dallas Morning News, 22 S.W.3d 351, 364 (Tex.2000) (“Unlike the FOIA, our Act contains a strong statement of public policy favoring public access to governmental information and a statutory mandate to construe the Act to implement that policy and to construe it in favor of granting a request for information.”).
While the PIA provides an ardent statutory edict for openness in state affairs, the Legislature has protected specified information from disclosure in Subchapter C of the PIA. TEX. GOV’T CODE §§ 552.101–.151. A governmental agency is not required to disclose information excepted under Subchapter C of the PIA, but it may disclose such information if it chooses, “unless the disclosure is expressly prohibited by law or the information is confidential under law.” Id. § 552.007. Some examples of information that the PIA excepts from disclosure include information that would give advantage to a competitor or bidder, information in a student record at an educational institution funded wholly or partly by state revenue, and the social security number of a living person. Id. §§ 552.104, .114(a), .147(a).
In addition to these exceptions, the Legislature created a special category of information in the PIA—“confidential” information. Information that is considered “confidential” is a subset of the information excepted from disclosure. See TEX. GOV’T CODE § 552.1175.
The text of the PIA indicates that the Legislature intended the word “confidential” to have a specific meaning in the PIA, separating highly sensitive information that is prohibited from disclosure (such as the home address of a peace officer) from sensitive information that is merely excepted from disclosure (such as information in a student record). The PIA thus creates three distinct categories of public information—information required to be disclosed, information excepted from mandatory (but not voluntary) disclosure, and confidential information that is prohibited from disclosure and subject to criminal penalties.10 It is within this statutory framework that I consider whether birth dates of public employees are considered to be part of this third category of “confidential information.”
As a policy matter, it is admittedly undesirable to release information about public employees that could lead to identity theft. States typically have overwhelmingly addressed this issue by legislation. The Attorney General noted that a number of other states have excepted birth date information in personnel files from open records request disclosures in statutes.11
*361 The Texas Legislature has balanced the competing interests of open government and individual privacy in deciding which types of public information are excepted from disclosure in the PIA. This Court previously acknowledged that this is the Legislature’s role. “Although we recognize that there is often much potential for abuse of information in government records, the task of balancing the public’s right of access to government records against potential abuses of the right has been made by the Legislature; the court’s task is to enforce the public’s right of access given by the Act.” McIntyre v. Ramirez, 109 S.W.3d 741, 748 (Tex.2003).
Nowhere in the PIA has the Legislature specifically excepted general birth date information, birth date information combined with other identifying information, or information the disclosure of which is feared may lead to identity theft. The Legislature has enacted specific statutes to protect against identity theft. See section 552.101.
B. Exception to Mandatory Disclosure of Public Information Under Section 552.101 of the PIA
This Court’s only interpretation of Indus. Found., 540 S.W.2d at 681. The Court rejected that argument:
We do not believe that a court is free to balance the public’s interest in disclosure against the harm resulting to an individual by reason of such disclosure. This policy determination was made by the Legislature when it enacted the statute. “All information collected, assembled, or maintained by governmental bodies” is subject to disclosure unless specifically excepted. We decline to adopt an interpretation which would allow the court in its discretion to deny disclosure even though there is no specific exception provided.
section 552.101 to deem confidential information that was held by judicial decision to be confidential at or before the time of the provision.
This approach would leave policy-making to the Legislature. It would also provide certainty in the definition of confidential information so that governmental entities and public officials may act accordingly. If courts decided which public information is considered to be confidential on an ad hoc basis, according to what individual jurists believe to be good policy, a court could decide to make birth date information confidential under the PIA in order to further the policy goal of preventing identity theft. An immediate consequence of this might be the attachment of criminal penalties for the disclosure, apparently even if unintended, of birth date information. See note 10. Government officials may be forced to redact all birth date information disclosed to the public or face criminal penalties, even in records that are decades old and currently made available to the public in, for example, all the state courthouses in the two hundred fifty-four counties around the state.12 By limiting these determinations to information that has already been considered confidential, such as information the disclosure of which would violate the public disclosure tort, legislators can enact policy in a careful, deliberate manner, often preventing the substantial practical problems that may accompany judicial overstepping.
A majority of the court in Id.
Reasonable minds may differ today as to the meaning of the phrase “information considered to be confidential ... by judicial decision.”13 But the Legislature has not amended this section of the PIA in the thirty-seven years since that decision, and Industrial Foundation, I would not extend it to create unintended exceptions under the PIA.
C. The Comptroller’s Argument for Analysis under the Intrusion upon Seclusion Tort
The Comptroller asks this Court to expand Wilhite v. H.E. Butt Co., 812 S.W.2d 1, 6 (Tex.App.-Corpus Christi 1991, no writ).
The elements of the torts of public disclosure of private facts (as applied in Valenzuela, 853 S.W.2d at 513.
The Comptroller attempts to expand Valsamis, 106 F.3d at 85.
A & T Consultants, Inc. v. Sharp, 904 S.W.2d 668, 676 (Tex.1995) (holding that courts may neither consider purpose of the request nor inquire into how the requestor intends to use the information).
The Comptroller’s argument for extending section 552.101 using the intrusion upon seclusion tort is not supported by the provisions of the PIA.
D. Application of the Industrial Foundation Test
The Indus. Found., 540 S.W.2d at 685. I first analyze whether birth date information is highly intimate or embarrassing information, the publication of which would be highly objectionable to a reasonable person.
The Court in Industrial Foundation analyzed information contained in workers’ compensation files to determine whether it satisfied this element of the tort. The Court reasoned that some information would satisfy the “highly intimate” standard, including:
a claim for injuries arising from a sexual assault of a female clerk following an armed robbery; a claim on behalf of illegitimate children for benefits following their father’s death; a teacher’s claim for expenses of a pregnancy resulting from the failure of a contraceptive device; claims for psychiatric treatment of mental disorders following work related injuries; claims for injuries to sexual organs, and for injuries stemming from an attempted suicide; and claims of disability caused by physical or mental abuse by co-employees or supervisors.
Id. at 683. This is the deeply personal, highly intimate type of information the tort is meant to protect from publicity.
The Second Restatement of Torts also gives examples of information that rises to the level of highly intimate or embarrassing. “Sexual relations, for example, are normally entirely private matters, as are family quarrels, many unpleasant or disgraceful or humiliating illnesses, most intimate personal letters, most details of a man’s life in his home, and some of his past history that he would rather forget.” RESTATEMENT (SECOND) OF TORTS § 652D cmt. b (1977). Contrasting this private information, the Restatement notes, “there is no liability for giving publicity to facts about the plaintiff’s life that are matters of public record, such as the date of his birth, the fact of his marriage, [or] his military record....” Id. (emphasis added). The U.S. Court of Appeals for the Fifth Circuit, interpreting Texas law, came to the same conclusion:
However, none of these items of information—middle initial, age, street address, job title—can be characterized under Texas law as “private” and “highly intimate or embarrassing facts about a person’s private affairs, such that its publication would be highly objectionable to a person of ordinary sensibilities.” Texas invasion of privacy law in this respect has been guided by Prosser, Law of Torts § 117 (4th ed.1971) and Restatement (Second) of Torts § 652D. Prosser, supra, states “ ‘[t]he plaintiff cannot complain when ... publicity is given to matters such as the date of his birth.’ ” Id. § 117 at 858.... The Restatement (Second) of Torts ... is to the same effect ... “[t]here is no liability for giving publicity to facts about the plaintiff’s life ... such as the date of his birth ....”
RESTATEMENT (SECOND) OF TORTS § 652D cmt. b (1977).
The Comptroller argues that the combination of birth date information and other identifying information, such as a name, rises to the level of “highly intimate” justifying exclusion from disclosure. She argues that because birth date information, in conjunction with this other information, can be used to access sensitive information, such as a social security number, birth date information itself is sensitive information. The argument casts too broad a net and misses the essence of the inquiry. How otherwise public information is used after disclosure does not guide the analysis of whether it is confidential and excepted from disclosure under section 552.101. Accordingly, public employees’ birth dates do not constitute highly intimate or embarrassing facts the publication of which would be highly objectionable to a reasonable person.
This information is also of legitimate public concern. The News contends that birth date information ensures accuracy in identifying subjects of newspaper articles, and the information has also been used to determine that criminal offenders have been employed by some public school systems. The Comptroller has offered no response to this contention. In any event, birth date information does not satisfy the first requirement of the public disclosure analysis, that the information contain highly intimate or embarrassing facts the publication of which would be highly objectionable to a reasonable person. I would conclude that the disclosure of birth date information does not violate the public disclosure tort, and birth date information is not confidential under section 552.101 of the PIA.
E. The Balancing Test
The Court applies a balancing test following the U.S. Supreme Court’s decision in Id. at 372, 96 S.Ct. 1592.
As noted above, the pivotal language in FOIA Exemption 6 is not contained in 652 S.W.2d 546, 550 (Tex.App.-Austin 1983, writ ref’d n.r.e.).
V. Fee Shifting
The News also challenges the trial court’s refusal to award attorney’s fees under the PIA and the Uniform Declaratory Judgment Act as an abuse of discretion, based upon language in two sections of the PIA that were in effect at the time of this suit but have subsequently been amended. TEX GOV’T CODE §§ 552.323(b), .324.14 The Court did not address the issue at length *368 because the Comptroller prevailed. 354 S.W.3d 336. In my view, the News should prevail, but I would hold that the trial court was correct in exercising its discretion in deciding whether to assess attorney’s fees against the Comptroller. Because the Comptroller had a legitimate concern over privacy issues relating to the disclosure of birth date information under the PIA, she had a reasonable basis in law to refuse disclosure of the information and the litigation was brought in good faith. Accordingly, I concur in the judgment of the Court on the attorney’s fees issue.
The Legislature’s comprehensive statutory scheme that guarantees public access to government information through the PIA, with selected exceptions, does not make birth dates confidential under section 552.101. Because the Court reaches a different result based on an issue the Comptroller waived, I respectfully dissent. I concur in the judgment on the attorney’s fees issue.
The Comptroller also asserted that the information was protected under section 552.108, which excepts from disclosure certain law enforcement, correction, and prosecutorial information. TEX. GOV’T CODE § 552.108. That exception is not at issue here.
Like all Open Records Letter Rulings, this one was signed by an assistant attorney general in the Open Records Division. See OPEN RECORDS LETTER RULINGS, ATTORNEY GENERAL OF TEXAS, https://www.oag.state.tx. us/open/index_orl.php.
According to the U.S. Census Bureau, as of March 2008, there were 257,830 full-time and 78,625 part-time employees of the State of Texas. 2008 ANNUAL SURVEY OF STATE AND LOCAL GOVERNMENT EMPLOYMENT AND PAYROLL, U.S. CENSUS BUREAU, available at http://www2.census. gov/govs/apes/08sttx.txt. (all Internet materials as visited December 1, 2010 and copy available in Clerk of Court’s file). According to the Comptroller, around 144,000 employees working for state agencies in Texas would be affected by the Public Information Act request.
The Texas Association of School Boards Legal Assistance Fund submitted an amicus curiae brief in support of the Comptroller; the Freedom of Information Foundation of Texas and the Reporters Committee for Freedom of the Press submitted an amici curiae brief in support of the Attorney General and the News.
Although the Comptroller asserted that dates of birth were exempt from disclosure under section 552.101, there is no indication that written notice was provided to the state employees whose data would be disclosed. The News states that no notice was given, and the Comptroller does not argue to the contrary.
See Dep’t of Air Force v. Rose, 425 U.S. 352, 361, 96 S.Ct. 1592, 48 L.Ed.2d 11 (1976) (noting that “disclosure, not secrecy, is the dominant objective of [FOIA]”).
See, e.g., TEX. GOV’T CODE § 552.102.
See, e.g., Fighting Back Against Identity Theft, FEDERAL TRADE COMMISSION, http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/deter-detect-defend.html; Graeeme R. Newman & Megan M. McNally, Identity Theft Literature Review, NATIONAL INST. J. 210459 (Jan. 27–28, 2005), available at http://www.ncjrs.gov/pdffiles1/nij/grants/210459.pdf; PRESIDENT’S TASK FORCE ON IDENTITY THEFT, COMBATING IDENTITY THEFT: A STRATEGIC PLAN (2007), available at http://www.idtheft. gov/reports/StrategicPlan.pdf; Preventing Identity Theft, ATTORNEY GENERAL OF TEXAS, available at https://www.oag.state.tx.us/consumer/identity_theft. shtml; Seven Main Points of Identification, GET ID SMART, available at http://www.getidsmart.com/; Working to Resolve Identity Theft, IDENTITY THEFT RESOURCE CENTER, available at http://www.idtheftcenter.org/artman 2/publish/c_tips/index.shtml.
This apparently stems from the Social Security Administration’s methods for assigning numbers, which is usually done shortly after a person’s birth, and based in part on geography. Hadley Legget, Social Security Numbers Deduced From Public Data, WIRED SCI. (July 6, 2009, 5:05 PM) http://www.wired.com/wiredscience/2009/07/predictingssn/.
See N.L.R.B. v. Sears, Roebuck & Co., 421 U.S. 132, 149, 95 S.Ct. 1504, 44 L.Ed.2d 29 (1975))).
Reporters Comm., 489 U.S. at 773, 109 S.Ct. 1468).
Although Checkbook v. U.S. Dep’t of Health and Human Servs., 554 F.3d 1046, 1055 n. 4 (D.C.Cir.2009).
Of course, should the News obtain such evidence, it would be free to make another PIA request for the relevant birth dates.
Bills submitted in the 2009 legislative session that would prevent disclosure of birth dates of public employees failed to pass. Tex. S.B.1912, 81st Leg., R.S. (2009); Tex. H.B. 4207, 81st Leg., R.S. (2009). So there is still no express preclusion on the requested disclosure of birth dates. There are protections of birth dates in specific circumstances that are not before the Court in this case. See, e.g., TEX ELEC.CODE § 13.004(d)(4).
Ryan McNeill, ID Theft v. Public Record: State May Hide Workers’ Birthdates, but It Sells Same Info on All Drivers, [hereinafter “McNeill, ID Theft v. Public Record ”] DALLAS MORNING NEWS, May 7, 2009, at A1, available at http://www.dallasnews.com/sharedcontent/dws/dn/yahoolatest news/stories/050709dnprodateofbirth.3fcf743.html (reporting that “private companies spent nearly $50 million during the last fiscal year” buying Texas drivers’ data, including birth dates).
See McNeill, ID Theft v. Public Record, at A1.
The Identity Theft Enforcement and Protection Act prohibits use of personal identifying information without the other person’s consent to obtain anything of value in the other person’s name. TEX. BUS. & COM.CODE § 521.051. Personal identifying information includes name, social security number, date of birth or government-issued identification number. Id. § 521.002(a)(1). The penalties for violation may be civil or, in certain types of credit card theft, criminal. Id. §§ 521.151, 522.002.
Unless, of course, one is sensitive about one’s age. But if that were the case, then the Comptroller’s release of employees’ ages would be just as offensive as birth dates.
“Personal identifying information,” different from “sensitive personal information,” includes date of birth. TEX. BUS. & COM.CODE § 521.002(a)(1).
Prior to 2001, the Transportation Code permitted agencies to distribute birth date information “for bulk distribution for surveys, marketing, or solicitations” provided that persons had the opportunity to opt-out and prohibit the uses. TEX. TRANSP. CODE § 730.007, repealed by Acts 2001, 77th Leg., R.S., ch. 1032.
Examples include the home address, home telephone number, or social security number of peace officers, county jailers, and current or former employees of the Texas Department of Criminal Justice, among others; any identifying information of a crime victim or claimant, including address and social security number; credit card, debit card, charge card, or access device number that is collected, assembled, or maintained by or for a governmental body; and the social security number of applicants for a marriage license. TEX. GOV’T CODE § 552.1175, .132, .136, .141.
An electronic search of Texas statutes returned 101 results in which certain information was “confidential” and “not subject to disclosure” under the PIA. Examples include certain records of teacher certification examinations (53.081(d)).
The PIA may not criminalize all distribution of information designated “confidential” in some manner in the statute. The penal provision of the PIA makes distribution of information “considered confidential under the terms of this chapter” a misdemeanor punishable by fine, confinement in county jail, or both. section 552.352(a).
Tex. Att’y Gen. OR2006–01938 (citing State Practices for Classification of Date of Birth in Public Records (on file with Open Records Division of the Office of the Attorney General)):
According to the survey, states with an “unwarranted invasion of personal privacy” exemption in their open records law protect date of birth information. See GA.CODE ANN. § 50–18–72(a) 11.3(A). Several states protect date of birth information by unofficial policy. Finally, the state of Washington protects date of birth information under a state plan to curtail identity theft.
An example of the scope of unintended consequences and potential harm of such a seemingly simple act of making birth date information confidential was shown recently when an attorney general opinion opined that social security numbers are confidential. TEX. GOV’T CODE 552.147(a).
See, e.g., id. at 691–92 (Reavley, J., dissenting) (“I doubt that we are entitled to read this intent into the Legislature’s use of ‘confidential.’ ... It was not the intention of the Legislature to turn over the administration of the Open Records Act to the judiciary. I would construe our question of legislative intent in favor of disclosure and then await legislative change if the result is objectionable. This area of confidentiality can best be mapped by statute.”).
Each of these sections has since been amended, clarifying the attorney’s fees issue. The Legislature moved the cause of action from section 552.324 now reads:
(a) The only suit a governmental body may file seeking to withhold information from a requestor is a suit that:
(1) is filed in a Travis County district court against the attorney general in accordance with Section 552.325; and
(2) seeks declaratory relief from compliance with a decision by the attorney general issued under Subchapter G.
(b) The governmental body must bring the suit not later than the 30th calendar day after the date the governmental body receives the decision of the attorney general determining that the requested information must be disclosed to the requestor. If the governmental body does not bring suit within that period, the governmental body shall comply with the decision of the attorney general. If a governmental body wishes to preserve an affirmative defense for its officer for public information as provided in Section 552.353(b)(3).
Section 552.353(b)(3) now reads:
(b) It is an affirmative defense to prosecution under Subsection (a) that the officer for public information reasonably believed that public access to the requested information was not required and that:
(3) not later than the 10th calendar day after the date of receipt of a decision by the attorney general that the information is public, the officer or the governmental body for whom the defendant is the officer for public information filed a petition for a declaratory judgment against the attorney general in a Travis County district court seeking relief from compliance with the decision of the attorney general, as provided by Section 552.324, and the cause is pending.
Id. section 552.324:
(b) In an action brought under Section 552.324, the court may assess costs of litigation and reasonable attorney’s fees incurred by a plaintiff or defendant who substantially prevails....
Id. § 552.323(b). This new statutory scheme should prevent the confusion found here from occurring in future cases.