Mum’s the Word: How to protect clients’ confidential information in agency investigations and contested case proceedings

The Minnesota Government Data Practices Act creates a presumption that the public will have access to the data that government collects and maintains.¹ This presumption advances the public interest in transparency but presents challenges for a private party that is the subject of an agency investigation or involved in a contested case proceeding at the Office of Administrative Hearings. In both scenarios, the private party may be required to provide information to a state agency that it considers to be confidential. Public disclosure may create concerns about competitive harm or other adverse consequences. Understanding how the law limits the information a state agency may properly withhold from the public and how state agencies handle purportedly confidential information will help counsel to maximize the protection of such information from public disclosure.

The Minnesota Government Data Practices Act

Effectively managing confidentiality issues in the context of administrative proceedings requires a working understanding of the Minnesota Government Data Practices Act, which controls access to information in the hands of state agencies.² The purpose of the Data Practices Act is “to reconcile the rights of data subjects to protect personal information from indiscriminate disclosure with the right of the public to know what the government is doing. The Act also attempts to balance these competing rights within a context of effective government operation.”³ The Data Practices Act’s scope is broad, governing the disclosure of and access to “all data collected, created, received, maintained or disseminated by any state agency, political subdivision, or statewide system regardless of its physical form, storage media or conditions of use.”⁴ The Act provides that all government data will be accessible to the public unless otherwise provided by law.

The Data Practices Act categorizes all government data as either “data on individuals” or “data not on individuals.” “Data on individuals” includes all government data in which an individual is or can be identified as the subject, unless the appearance of the name or other identifying data can be clearly demonstrated to be only incidental to the data and the data are not accessed by the name or other identifying data of any individual. (An “individual” is a natural person.) The Act categorizes all other data as “data not on individuals.”

The Act puts “data on individuals” into one of three categories: public data on individuals, private data on individuals, and confidential data on individuals. All data on individuals are “public data” unless otherwise categorized as nonpublic by state or federal law or temporary classification. Private data on individuals are data that under state statute or federal law are: 1) not public; and 2) accessible to the individual subject of the data. Confidential data on individuals are data that under state or federal law are: 1) not public; and 2) not accessible to the individual subject of the data.

As it does for data on individuals, the Act defines three categories of data not on individuals: public data not on individuals; nonpublic data, and protected nonpublic data. Like public data on individuals, public data not on individuals are accessible to the public on request. Nonpublic data are data not on individuals that are made by statute or federal law: 1) not accessible to the public, and 2) accessible to the subject of the data. Protected nonpublic data are data not on individuals that under state or federal law are: 1) not accessible to the public, and 2) not accessible to the subject of the data. 

The Act provides for a number of exceptions that categorize specific types of data as either private or nonpublic. Examples of these exceptions include but are not limited to: 

• Social Security numbers; 
• security information; 
• health care data on individuals; 
• data regarding internal audits of governmental entities; 
• certain licensing data; and 
• certain data obtained or produced by granting agencies in response to requests for proposal. 

Each exception has its own set of conditions and specified scope.

The most commonly invoked exception in agency investigations of commercial entities is the exception providing that data containing “trade secret information” are either private or nonpublic. That exception defines “trade secret information” to mean “government data, including a formula, pattern, compilation, program, device, method, technique or process (1) that was supplied by the affected individual or organization, (2) that is the subject of efforts by the individual or organization that are reasonable under the circumstances to maintain its secrecy, and (3) that derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use.”⁵ 

A party seeking the protection of the trade secrets exception bears the burden of establishing each of its elements. Consistent with the presumption that government data will be available to the public, the trade secrets exception—like all of the Act’s exceptions—is applied narrowly. To establish the foundation for the exception, the party must provide facts and concrete detail; conclusory statements may not be sufficient. In most cases, the source of the data and the reasonableness of efforts to maintain the data’s secrecy are usually easy to determine. Disputes regarding the applicability of the exception typically focus on the third element—the independent economic value of the data in question—and it is on that element that trade secrets claims often fail. 

But even if no exception applies, that does not end the analysis. The Data Practices Act does not require the disclosure of data that state or federal law makes not public or private. Depending on the nature of the data at issue, there are any number of state and federal laws that might apply to provide a basis to prohibit public disclosure of data obtained by the government as part of an agency investigation. Thus, for example, Minnesota law provides that certain information relating to reports of abuse of a minor or vulnerable adult is confidential; tax return information is private under Minnesota law and confidential under federal law; the U.S. Constitution provides a right to privacy that may provide a basis for preventing the public disclosure of certain information.⁶ Suffice it to say that this is a very small sampling of the types of state and federal laws that may be available to protect the confidentiality of information gathered by the government. 

The Act requires that each agency adopt and annually update written data access policies and policies regarding the rights of subjects of data. The Act authorizes the commissioner of the Department of Administration, upon request, to issue written opinions regarding the categorization and access to data. A searchable library of the department’s data practices opinions is available on the internet.⁷

Confidentiality in agency investigations

Minnesota law endows state agencies with broad investigative authority in a wide variety of contexts. Most prominently, the Minnesota attorney general is authorized to investigate whenever he or she has a reasonable ground to believe that any person or entity has violated or is about to violate any state law relating to “unfair, discriminatory, and other unlawful practices in business, commerce, or trade.”⁸ Numerous other state agencies, such as the Department of Commerce, the Public Utilities Commission, the Pollution Control Agency, the Department of Health, and the Department of Human Rights have similar investigative powers.

The Data Practices Act provides an exception from disclosure for “data collected by a government entity as part of an active investigation undertaken for the purpose of the commencement or defense of a pending civil legal action, or which are retained in anticipation of a pending civil legal action,” categorizing such data as confidential (in the case of data on individuals) and protected nonpublic (in the case of data not on individuals).⁹ This exception is subject to a number of limitations. First, notwithstanding this exception, a governmental entity may make investigative data public if it determines that “access will aid the law enforcement process, promote public health or safety or dispel widespread rumor or unrest.”¹⁰ Second, civil investigative data that are presented as evidence in court or made part of the court record are public unless the court takes action to prevent public disclosure. Finally, an investigation becomes inactive and the exception, therefore, no longer applies, when: 1) the agency decides not to pursue a court action; 2) the time to file a complaint has expired; or 3) any appellate rights are expired or exhausted. At that point, the investigative data are subject to public disclosure unless another exception, such as the trade secret exception, applies.

The leading case interpreting the exception for civil investigative data is In re Glaxosmithkline PLC.¹¹ In that case, the attorney general served Glaxosmithkline (GSK) with a civil investigative demand that GSK produce documents in connection with the attorney general’s investigation based on the belief that GSK was violating state antitrust laws. Before GSK produced any of the requested documents, GSK and the Attorney General’s Office entered into a confidentiality agreement, which later became the basis for a protective order. That agreement allowed GSK to designate as confidential any documents for which there was a legal basis to do so and also provided that the attorney general would only use confidential documents for investigation or litigation purposes and could not disclose the documents. The confidentiality agreement permitted the attorney general to challenge the confidentiality designation of documents in a court action.

The Attorney General’s Office subsequently filed a motion in district court seeking a determination that certain documents GSK had designated as confidential did not meet the legal test, under either the Data Practices Act or Minn. R. Civ. P. 26.03, for such protection. Before the court ruled on that the motion, the attorney general filed under seal a complaint against GSK alleging violation of antitrust laws and attached to the complaint a number of documents that GSK had produced on a confidential basis. 

The district court ruled in favor of GSK, denying the state’s motion, and, following some procedural wrangling concerning the appealability of the district court’s decision, the issue of the confidentiality of GSK’s documents finally came before the Supreme Court. The Supreme Court found that, while the case between the Attorney General’s Office and GSK was still pending, the investigative data exception applied. Although acknowledging that the investigative data exception permitted an agency to make investigative data public where the agency finds that doing so will aid the law enforcement process, promote public health or safety, or dispel widespread rumor or unrest, the parties’ confidentiality agreement/protective order limited the attorney general’s discretion to make such a finding. Because the confidentiality agreement/protective order vested the district with the power to decide disputes regarding confidentiality of documents, it was up to the district court, not the attorney general, to determine whether the conditions for disclosure of civil investigative data had been met. 

As to the confidential documents attached to the attorney general’s complaint, the Court found that those documents had been made part of the court record and, accordingly, no longer qualified for confidential treatment under the civil investigative data exception. The Data Practices Act provides that it does not apply to the judiciary; rather, the Minnesota Rules of Public Access to Records of the Judicial Branch controlled whether a document filed with the court may be protected from public disclosure. 

Confidentiality in contested case proceedings 

An agency investigation may result in a contested case proceeding presided over by an administrative law judge (ALJ) at the Office of Administrative Hearings. A contested case enables parties interested in a particular agency action to be heard on the issues. Such a proceeding also assists the agency by developing a factual record that forms that basis of an agency action and by providing the agency with the ALJ’s recommendations regarding disputed issues. Contested case proceedings are adversarial proceedings that are very similar in many respects to cases tried to the court in a judicial forum. Confidentiality issues may arise in contested case proceedings both in the context of discovery and with respect to the evidence that is ultimately admitted into the record that forms the basis for the ALJ’s recommended decision.

The OAH rules require that, upon request, a party must disclose to the requesting party: 1) the name and address of each witness that the party intends to call to testify at the hearing, together with a summary of the witness’s anticipated testimony; 2) any written or recorded statements made by the party or the party’s witnesses; 3) all written exhibits that the party intends to introduce at the hearing. The OAH rules also permit any means of discovery available under the Rules of Civil Procedure. As a practical matter, however, discovery in contested case proceedings is typically more limited, except in large complex cases such as utility cases, where parties file written testimony and discovery is often extensive.

ALJs have authority—similar to that given judges under Rule 26.03 of the Rules of Civil Procedure—to enter protective orders when needed “to protect a party or person from annoyance, embarrassment, oppression, or undue burden or expense due to a discovery request,” or “[w]hen a party is asked to reveal material considered to be proprietary information or trade secrets, or not public data.”¹² As in cases in a judicial forum, an ALJ will typically allow the parties broad latitude in fashioning a protective order that they believe meets their needs. In most cases, the ALJ will enter a protective order that reflects the parties’ agreement. 

However, the fact that the parties have agreed that information exchanged in discovery should be treated as confidential does not mean that the same information will be protected from public disclosure once it is admitted as part of the case record. The OAH is, itself, a state agency subject to the Data Practices Act. Thus, there is a general presumption that all information contained in the record of a contested case proceeding will be accessible to the public and the parties’ agreement otherwise is not, by itself, sufficient to overcome that presumption. 

An evidentiary hearing in a contested case proceeding, like a trial in a judicial forum, is open to the public. The ALJ may be reluctant to close a hearing in order to protect against the disclosure of confidential information because doing so causes delay and disruption. In that event, it will be the parties’ responsibility to structure the presentation of their case in a manner that avoids eliciting testimony that discloses confidential information. For example, counsel may avoid disclosing confidential information on the public record by asking a witness to reference confidential information contained in an exhibit without disclosing the information. 

With respect to exhibits containing confidential information, the parties must establish a basis for sealing the exhibits—thus making them inaccessible to the public—that is consistent with the Data Practices Act. The ALJ may require that, for any exhibit that is sealed, the parties provide a public version of the exhibit from which they have redacted all nonpublic information.¹³

Practice pointers

1  Before producing confidential documents or other confidential information in response to an agency’s request, attempt to negotiate a confidentiality agreement that specifies how the agency will handle confidential information. Issues to be addressed in such an agreement would include: a description of the kinds of information that will be maintained as confidential; how the agency will use confidential information; procedures for challenging a confidentiality designation; and what the agency will do with the information once the investigation is concluded. If unable to come to an agreement, consider going to court to get a protective order. 

2  A party claiming protection under an exception from public disclosure needs to provide foundation establishing that the requirements of the exception are satisfied. Exceptions to the general policy that the public will have access to government data are narrowly construed. Particularly with respect to the trade secret exception, a party seeking the protection of the exception must provide concrete evidence showing that the information meets the definition of a trade secret, paying special attention to establishing the independent economic value of the data in question and how the party providing the information will suffer harm if the data are disclosed.

3   When the client’s interest in maintaining the confidentiality of information is substantial, counsel must be creative and far-reaching in searching for a legal basis for protecting the information from public disclosure. Even if none of the Data Practices Act’s exceptions applies, there may be a state or federal law that does.

4   The parties’ agreement regarding how they will handle confidential information in discovery in a contested case proceeding will not be sufficient to protect prevent public disclosure of evidence admitted into the record. In order for exhibits or portions of the hearing transcript to be protected from public disclosure after the hearing record is closed, the party seeking to maintain the confidentiality of the information must move to seal that portion of the record and persuade the ALJ that doing so does not violate the Data Practices Act. Where only part of a document qualifies for protection, the ALJ will only partially seal the document, by redacting any nonpublic information from the public version of the document. 

GREGORY MERZ is a partner in Lathrop GPM’s litigation & dispute resolution practice group. He has represented individuals and companies in state and federal courts and before administrative agencies in a wide variety of substantive areas, including health law, antitrust and unfair competition, contract disputes, telecommunications, agribusiness,  employment, and professional licensing matters.

¹ This article will use the terms “data” and “information” interchangeably. The term “confidential,” when used to describe information, refers to information that the source of the information wishes to protect from disclosure.

² Minn. Stat. §13.01, et. seq. 

³ KSTP–TV v. Ramsey Cnty., 806 N.W.2d 785, 788 (Minn. 2011); Montgomery Ward & Co. v. Cnty. of Hennepin, 450 N.W.2d 299, 307 (Minn.1990).

⁴ Minn. Stat §13.02, subd. 7 (defining “governmental data”).

⁵ Minn. Stat. §13.37, subd. 1(b).

⁶ In re Glaxosmithkline PLC, 732 N.W.2d 257, 273 (Minn. 2007) (remanding for further consideration whether the associational rights privilege under the First Amendment to the United States Constitution applied to prevent public disclosure of data obtained as part of a government investigation).

⁷ https://mn.gov/admin/data-practices/opinions/library/ 

⁸ Minn. Stat. §8.31, subds. 1, 2.

⁹ Minn. Stat. §13.39, subd. 2.

¹⁰ Minn. Stat. §13.39, subd. 2.

¹¹ 732 N.W.2d 257 (Minn. 2007).

¹² Minn. R. part 1400.6700, subp. 4.

¹³ Northwest Publications, Inc. v. City of Bloomington, 499 N.W.2d 509 (Minn. Ct. App. 1993).