Recently the North Carolina Court of Appeals (NCCOA) filed a decision in the matter of Lexis Nexis Risk Data Management Inc. v. North Carolina Administrative Office of the Courts ruling that an entire database maintained by the Administrative Office of the Courts (AOC) is a public record as defined in G.S. 132. For a very brief background on the case, see Elon’s E-Net article. The full text of the decision is a fairly quick read, but I wanted to distill the gist of the decision here and ruminate on the nature of a record under North Carolina’s public records law.
DISCLAIMER: I am a Records Management Analyst NOT an attorney. For a legal analysis of the decision see Freyda Bluestein’s recent examination over at the School of Government’s blog.
On page nine of the decision the NCCOA summarized the relevant issues at hand, “whether ACIS [Automated Criminal Infractions System], the database compiling information from [county criminal records], is a public record and, if so, whether the AOC is its custodian.” (LexisNexis v. AOC, COA13-547, 9) At the State Records Center, the answer to this question is highly relevant. Why? Because, our job is to identify records and assess their value. In the past two decades as agencies move towards streamlining their operations by consolidating information generating activities into centralized databases that provided enhanced services to divisions and units, the nature of a record and who owns it has changed.
In the pre-database era of records, a record, and its owner, could be identified quite easily. Records were generally discreet products with definite inputs and definite outputs originating from a specific location in an organizational chart (or entering the org chart from outside). Unless ownership was transferred in a legally prescribed manner through the published Records Retention and Disposition Schedule, the office that generated a record series was the owner of the record series and its custodian under the law, for the purposes of disposition and public records requests.
Today, modern relational database systems blur the lines. Rather than discreet records generated from predefined sets of data generated or compiled within one business entity, a relational database allows unique records to be generated based on run time queries using data from multiple information creators. Often, as in the case of the ACIS database, legally distinct organizational entities contribute information to a central database, but only have “ownership” over a small subset of the entire database.
It is easy to think of a database as an electronic filing cabinet where records are stored waiting to be pulled out when the user “searches” through it looking for indexing information. In some cases this is an appropriate way of thinking about databases, but often the reality of the underlying data is much more complex. Relational databases are not simple tables of cells like you see in an excel spreadsheet. Instead rows and fields are linked through foreign keys, primary keys, triggers and procedures across tables. Fields, rows, tables and even other databases may be related to each other through queries using Structured Query Language (SQL). The result is that, what often looks like a coherent set of data on an input form or a report may be scattered across multiple tables in a database, all subject to different levels of access based on rules enforced at either the application layer or data layer.
In its decision, the Court of Appeals found that the information entered by clerks from the 100 counties combined to form a “new public record” that exists “distinctly and separately from the individual … records” produced by the counties. The court also found that ACIS was in fact an “electronic data-processing record” based on the definition of a database found in Webster’s dictionary. The court wrote:
“a database is a ‘[c]ollection of data or information organized for rapid search and retrieval, especially by a computer. Databases are structured to facilitate storage, retrieval, modification, and deletion of data in conjunction with various data-processing operations…’ Thus, we conclude that the ACIS database falls squarely within the definition of an electronic data-processing record. ” (LexisNexis v. AOC, COA13-547, 10)
In my opinion, equating “data-processing operations” with “electronic data-processing record” misses the nature of a database. Operations are what databases do to information to create records. Operations are the mechanisms through which the database transforms queries into coherent records, and they are intrinsic to the database software and structure. Thus the operation is not the record, the query is the record. To illustrate this point, take a very simple example that asks a database to return a felony rap sheet for a unique person from a database:
Select PERSON.first_name, PERSON.last_name, PERSON.birthdate, PERSON.cid, CRIMINAL_RECORD.felony_convictions From PERSON Inner Join CRIMINAL_RECORD On PERSON.cid=CRIMINAL_RECORD.cid Where CRIMINAL_RECORD.date < 2014-03-01;
Notice that the constituent elements of this record are spread across two different informational tables linked by an index. Keep in mind that this is an extremely simple example and it is quite possible to query many more tables linked by multiple indexes using stored procedures, triggers, and other operations intrinsic to the database. In the case of ACIS, these queries could span multiple counties of origin.
Let’s look at another query from the same tables that would produce a different record.
Select PERSON.ssn, PERSON.county, PERSON.cid, CRIMINAL_RECORD.arrest_date, CRIMINAL_RECORD.arrest_county, CRIMINAL_RECORD.fingerprint_card From PERSON Inner Join CRIMINAL_RECORD on PERSON.cid=CRIMINAL_RECORD.cid Where CRIMINAL_RECORD.fingerprint_card=TRUE;
Using the same informational source, the result of this query returns a completely different record than the first.
To further illustrate, let’s move this example from the arcana of SQL to an analogy. Imagine a boss, in the pre-database era, asking an employee to create the first report above. The boss would say, “Smithers, give me a report that lists every person with a felony conviction before March 01, 2014.” Note that the query defines the structure of the eventual record. Also, note that within the universe of potential records the resulting record is limited by its definition.
How would Smithers go about creating this record? Let’s imagine that Smithers has been compiling all of the criminal records from all of the counties in his office prior to the request from his boss, let’s call him…, Mr. Burns. Smithers, luckily, is very organized and since the original records that he got from the counties didn’t fit into his filing system, he has been methodically taking each report apart and putting its parts in different logical locations in the filing cabinet. Because Smithers is very organized, he ensures that each piece is carefully indexed inside of the filing cabinet. So, in response to Mr. Burns’ request, Smithers goes to his office, consults his index, quickly pulls the relevant pieces out of the cabinet, compiles them into the requested report, and before the hounds are released, presents a new record to Mr. Burns. Now, if a third party at random reached in to pull out a file from Smithers’ filing cabinet, most likely they would end up with a nonsensical piece of out of context data. Is that a record? Without the index or a question the information is just disconnected bits of information.
What I hope these examples illustrate is the fact that there is a very distinct difference between information and a record. As the court noted “many public records contain information that is derived from and/or contained in other public records,” (LexisNexis v. AOC, COA13-547, 11). That is true, but it is unlikely that the information in a database still resembles or is even ordered as it was in its original form.
Despite my belief that the court missed the real nature of a database, a nature that is not as easily argued into a record as the decision might hope, I agree that custodianship of the information has transferred to the AOC. The counties are certainly the custodians of the original paper or electronic records used as the source of ACIS’s information, but once the clerks key the information into ACIS, the information is manipulated into a distinctly different form than what is available at the county. But does that make the new form a record? Can the public just ask for Smithers’ filing cabinet? These are difficult questions that the courts, and perhaps even the legislature, will need to examine as public records transform more and more into public information. What was once perhaps a one page paper record or electronic form may now span multiple tables linked by structural columns that serve to link the data together. Without a query all of this information organized and managed by the database’s internal structure and processes remains just that – points of information. The data is, in a very real sense, a potential record just waiting to be asked a question.