Back to blog

Transparency Without The Headache: How To Successfully Handle Public Records Act Requests In California

Reveal Team
May 25, 2023

4 min read

Check how Reveal can help your business.

Schedule demo

If there's one thing that consumers and taxpayers are demanding more of, it's transparency. Trust in both institutions and companies has decreased significantly in recent years. To alleviate some of these trust issues, citizens can now submit a Public Records Act request.

Thanks to California's Public Records Act (CPRA), anyone can ask for information from government agencies or closely-related businesses. If an organization fails to properly respond to these requests, it could face administrative complaints and even legal remedies such as injunctions, mandamus, or lengthy litigation.

This post will prepare you to receive CPRA requests and offer a step-by-step strategy for responding to them. After all, if the public is going to be suspicious of your organization, you at least deserve the option to make Public Records Act requests simpler while improving trust.

Exploring the Basics of the California Public Records Act

After its enactment in 1968, the California Public Records Act granted citizens the right to obtain public records. Under the law, these records are any sources of recorded information. This can include written documents, emails, databases, pictures, and more. When an organization receives a CPRA, they typically have 10 calendar days to respond with access to any non-exempt records. 

Organizations must identify and explain any exceptions they claim. The law also requires agency CPRA compliance officers and proper retention of records. Yes, this is just as burdensome as it sounds. Fortunately, the California Public Records Act summary also shows that organizations have rights. For instance, they can review and redact records, charge fees for duplication costs, and even request additional time to respond to requests.

Now, you might be thinking something along the lines of “Why should I care about the California Public Records Act time to respond? I don't even work at a government agency.” While it's true that the CPRA doesn't apply to private businesses, citizens can seek company records that are maintained by the state government (e.g., tax returns, corporate info, etc.). Companies that are contracted or work closely with the government could also fall under CPRA rules.

A records act request could also reveal information that leads to subpoenas on your company. In such a situation, the proper retention and management of records is just as important for businesses as government agencies.

Locked and Loaded: Preparing Your Business for PRA Requests

If your organization falls under CPRA rules, it's important that you're up to date with the law. For instance, the California Public Records Act 2023 updates moved the statute to another section of the Government Code. This means the forms you use may now be outdated. And in 2020, the California Supreme Court ruled that agencies couldn't charge for the redaction of police body camera footage. 

Clearly, staying up to date on CPRA changes is essential. However, it's also important to utilize proactive compliance measures. Doing so increases public trust, maintains consistent record-keeping, and helps your agency avoid California Public Records Act penalties. After all, no one wants to be "that person" — who screwed up a PRA request and landed their organization in hot water. 

So, what proactive compliance measures should you take to avoid a California Public Records Act citation? First, you need to establish internal policies and procedures for handling CPRA requests. And due to the massive troves of data kept by agencies, you should utilize appropriate software to manage this process. It's also essential that agencies educate their employees about the CPRA and their roles in compliance. 

Finally, maintaining organized records in order to facilitate quick and efficient responses is paramount. Failing in any of these tasks can leave an organization exposed to a variety of negative legal and reputational outcomes. 

Responding to PRA Requests: A Step By Step Guide

Okay, everything we've gone over thus far might sound a little terrifying. We've delved into the scary consequences of failing to comply with the CPRA, but we've yet to explain how your organization can excel at compliance. The following step-by-step guide walks you through all the necessary steps when responding to PRA requests in California: 

  • Acknowledge that the request has been received. 
  • Review the request.
  • Identify responsive records. 
  • Evaluate exemptions under the CPRA.
  • Prepare your written response. This should include instructions on how to access information and the legal reasoning for declining access. 
  • Calculate any applicable fees. 
  • Send a response to the requestor. 
  • Grant access where appropriate. 
  • Maintain documentation of any public records requests.

When responding to a California Public Records Act request, it's important to remember that you're on a timeline. A response to a request must typically be provided within 10 days. Any requested extensions must also be reasonable and not unduly delay record access. The law additionally states that providing access to documentation must be done in a timely manner — although the statute isn't specific about what constitutes "timely."

So, how can you make sure everything is done quickly? First, focus on improving the process of identifying and gathering responsive records. Utilizing record management systems, reviewing file repositories, proper preservation of records, and understanding exemptions and redactions are all paramount. And when making redactions, ensure you're being consistent with redacting techniques, use clear markings, and maintain records of these decisions.

This may sound like a lot. However, PRA software like Reveal can automate all these tasks — and many others — for your agency. So, there's really no need to panic just yet. 

Conclusion

There's nothing simple about the rules and requirements for CPRA requests. Understanding the law is crucial to deal with these requests, but there's simply no replacement for proactive compliance measures. The Public Records Act is a reality for your organization, and mere high hopes that things go smoothly are not sufficient. This is why you need powerful resources on your side. 

With a tool like Reveal, agencies can find, collect and/or preserve relevant information across multiple data sources (e.g., Google, Slack, Microsoft, and more), end their reliance on third-party vendors, instantly conceal personally identifiable information (PII), and immediately uncover relevant documentation regardless of the size of their collection. We've also made tagging information, collaboration, and storage easy and inexpensive. 

This is why the cities of Chicago, Boston, and Las Vegas — along with many educational institutions like the University of California — already use Reveal to handle all types of records requests.

--

Want to see how Reveal can assist with PRA requests? Schedule a demo today.

Get exclusive AI & eDiscovery
insights in your inbox

I confirm that I have read Reveal’s Privacy Policy and agree with it.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.