« How Long to Retain Public Records? | Main | Computer Forensics Experts: State Law Regulation »

December 19, 2008


Feed You can follow this conversation by subscribing to the comment feed for this post.

Jim Ash

When making a public information records request in Texas, are there any ways of checking the completeness of the information provided by the government agency? In Toussie v. County of Suffolk, 2007 WL 4565160 (E.D.N.Y. Dec. 21, 2007) the county withheld documents do you know how the absence was discovered?

Benjamin Wright

Toussie was a lawsuit, not a freedom of information request. In the e-discovery phase of the lawsuit, the county turned over only two e-mails -- which seemed suspcious. In this modern age, virtually any knid of transaction in government is likely to cause the creation of numerous e-mails. I speculate that the plaintiff in the lawsuit then complained to the court ("your honor, it strains credulity to believe that there were only two e-mails in this matter"), and then the county sorta acknowledged to the court that it had not conducted a really thorough search. This acknowledgement caused the court to act.

With respect to Mr. Ash's FOIA question, I'll offer a speculative answer, which is not specific to Texas or any particular situation: Let's say a citizen has requested information under a FOIA and government has responded by turning over some records. I'll bet that if the citizen can show it is likely some records are missing, then the citizen can force government to conduct a further search. Ways to show records are missing might include: 1. admissions by government employees; 2. logical gaps in the records that are disclosed (e.g., the records refer to, imply the existence of or hint about other records that were not turned over; or maybe gaps in dates on documents suggest that something must have been happening during the gaps, but records were not divulged with respect the the activity during the gaps); 3. statements by other government agencies (such as other counties) that in situations like the matter in question the agencies normally possess additional records.

I speculate that if a citizen sues government under FOIA and shows the court (through logic or evidence) that government is not being thorough in responding under FOIA, then government can be forced to explain itself under the rules of civil procedure governing the lawsuit. An example of forcing government to explain itself might be a deposition of government employees to get them on the record, under oath, about how well (or poorly) the search for FOIA records was conducted. --Ben

The comments to this entry are closed.

Wright's Online SANS Education

Jackson County Case Study

IT Administrators


  • Follow benjaminwright on Twitter

Custom Professional Training

Local ARMA Quote

  • "The presentation by Mr. Wright, sponsored by Messaging Architects, was engaging and provocative. He delivered insights that challenged some of our views on retaining e-mail, and definitely shattered others." - Terry Mergele, CRM, Program Chair, San Antonio ARMA.
My Photo


  • Attorney Benjamin Wright is the author of technology law books, including The Law of Electronic Commerce (Aspen Publishers) and Business Law and Computer Security (SANS). A featured speaker at industry conferences and professional meetings, Wright teaches e-discovery, data security and cyber investigations law at the SANS Institute. Mr. Wright advises clients on digital law and forensic investigations. He helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, blockchain analysts, penetration testers and forensic investigators. His telephone is 1.214.403.6642. Wright's e-mail is ben_wright at compuserve dot com (put "BLOG" in subject line to distinguish yourself from spam). Mr. Wright graduated from Georgetown University Law Center 1984.

SANS Quote

  • "The best professional trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training


  • No public statement by Mr. Wright (blog, comment, book, article, video, speech, tweet) is legal advice for any particular situation. If you need legal advice, you should consult your lawyer.

    The purpose of this blog -- and the purpose of all of Mr. Wright's public statements -- are public education and discussion, and not the delivery of legal, technical or other professional advice. If you need advice or complete information, this blog is not the place to get it. Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

    Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

    Mr. Wright's contributions to blogs, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer Law.

    The only person responsible for Mr. Wright's words is Mr. Wright.

    Mr. Wright has received money from some organizations he mentions online, such as Netmail/Messaging Architects, SANS Institute and LabMD.

    Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to notify him at 1.214.403.6642, Dallas, TX. Also, please state publicly on Mr. Wright's blogs or pages that he is wrong. Promptness helps mitigate damage.

    Any person accessing this blog agrees not to use data from it (or from any other public activity or statement by Mr. Wright) in a way that is adverse to Mr. Wright's interests.

    Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchanging private messages with Mr. Wright does not, by itself, form an attorney-client relationship.

    Privacy/Security Vision: Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

Search Wright's Blogs

Find More on This Blog


Become a Fan

Find More on This Blog