Potential university FOIA compliance issue discovered, reviewed

The University of Illinois became aware in late April that certain members of the Urbana-Champaign campus administration and other campus employees might have used personal email accounts for university-related communications, and that those emails may not have been made available to those at the university responsible for responding to Freedom of Information Act (FOIA) requests.

The Illinois FOIA statute does not specify whether emails in personal email accounts are necessarily subject to FOIA, and Illinois case law is likewise not settled on this issue. Nonetheless, the university has consistently treated emails relating to university business as subject to FOIA regardless of whether they are in university or personal email accounts, or on university-owned or personal devices.

Upon learning of this issue, the university immediately launched an official ethics inquiry. The inquiry was conducted by the Office of University Counsel and the Office of University Ethics and Compliance, with assistance from independent external legal counsel Jones Day. The inquiry covered 2014 and 2015.

The main objectives of the inquiry were to determine:

• Whether the personal email accounts of the employees at issue contained emails responsive to previously submitted FOIA requests; and

• If so, why these emails were not made available to the university’s FOIA response team for review and potential production.

The inquiry has determined the following:

• The university receives, on average, about 90 FOIA requests each month.

• For many years, the university has treated emails relating to the transaction of university business as subject to FOIA, regardless of whether they are in university or personal email accounts or on personal devices. This was articulated on a university-wide basis by the Ethics Office in May 2012: “If you are conducting university business (including teaching) through a personal email account (e.g., gmail, hotmail, yahoo), then the university-related communications are subject to FOIA, regardless of whether they are generated on private equipment or in personal accounts.”

• Certain administrative personnel at the Urbana-Champaign campus and other campus employees used personal email accounts to communicate about university-related matters in the time period that the investigation covered (2014 and 2015).

• Emails from certain personal email accounts that were responsive to 10 FOIAs from eight requestors previously submitted to the university were not produced to the university’s FOIA team for review and potential production. These FOIA requests sought information related to James Kilgore, Steven Salaita, and the proposed Carle Illinois College of Medicine.

• A desire to maintain confidentiality on certain sensitive university-related topics was one reason personal email accounts were used to communicate about these topics.

• Some emails suggested that individuals were encouraged to use personal email accounts for communicating on such topics.

In addition, during this inquiry, university officials contacted a representative of the Office of the Public Access Counselor within the Illinois Attorney General’s office, which has authority to interpret and enforce FOIA, and advised her of the issue and the university’s intended response.

Today the university is publicly releasing emails from personal email accounts related to James Kilgore, Steven Salaita, and the proposed Carle Illinois College of Medicine, whether they were subject to FOIA or not. This should fulfill the specific incomplete FOIA requests, and the additional emails around those three subjects are being released in the interest of transparency and disclosure. The emails that the university is now producing have been sorted by date and topic and are publicly available.

Enhancing university protocols

The university takes FOIA seriously and is committed to full compliance and transparency. Based on what it has learned through this inquiry, the university has taken, or will take, the following remedial actions:

• The university’s FOIA officer immediately revised the instructions provided to employees for responding to FOIA requests, including specific language requiring that emails and other documents sent or received from personal email accounts that relate to university-related matters be reviewed in response to FOIA requests to the university.

• The executive director of University Ethics and Compliance conducted in-person training for approximately 30 senior university officials attending the May 7 Board of Trustees meeting.

• Senior administrative officials of the university will be required to confirm their compliance with FOIA on an annual basis, and will be expected to communicate to faculty and staff the expectation of compliance with FOIA.

• On a regular basis, the university will re-issue guidance/reminders on FOIA and records retention in official publications (e.g., Ethics Matters, which is distributed to every university employee via email).

• The FOIA office will continue to be available for group training sessions upon request; the university’s FOIA website has been updated to include a link to an FAQ posted on the attorney general’s website.

• University officials will review and consider “best practices” in regard to records retention and revise the university’s records retention policy as necessary.

• University officials will continue to monitor the evolving legal standards and update guidance where appropriate.

University President Timothy Killeen, who took office in May, said: “The University of Illinois takes its commitment to FOIA compliance and integrity seriously. Today we have released documents to fulfill any incomplete FOIA requests. I am fully committed to a strong culture of transparency and trust, and I expect all U of I employees will be as well.”

Additional remedial actions will be considered and implemented based on further analysis of the information obtained through this inquiry and other relevant information.