The complaint in this matter was related to a request for records made pursuant to the Government Records Access and Management Act (GRAMA). The original request was submitted through the governmental entity’s online records request portal. In order to submit a request through this system, an individual must submit the information required by GRAMA in Subsection 63G-2-204(1)(a). This includes the requester’s name, mailing address, email address, daytime telephone number, and a description of the requested record that identifies the record with reasonable specificity. However the system also requires a requester to upload a photocopy of the requester’s identification which is not required by GRAMA.
The records requested by the complainant in this matter were classified as public records thus the governmental entity did not need a copy of the complainant’s identification. The governmental entity was not required to verify the complainant’s identity to determine whether the Complainant was eligible to access the records. After contacting the governmental entity and discussing this matter, the governmental entity provided the complainant with a copy of the records requested without requiring the complainant to provide any identification.
The matter was concluded with a reminder that the Government Data Privacy Act (GDPA) at Subsection 63A-19-401(2)(a)(ii) requires governmental entities to “obtain and process only the minimum amount of personal data reasonably necessary to efficiently achieve a specified purpose” and that requesting identification every time an individual requests a public record is not consistent with this requirement. It was also recommended that the governmental entity consider providing an individual with a privacy notice whenever the governmental entity requests or collects personal data from the individual making a request for records as required by Subsections 63A-19-402 and 63G-2-601.