RTK request for computer logins partially approved and denied by OOR

/in


SOMERSET ― The Pennsylvania Office of Open Records filed its determination Sept. 27 concerning a right-to-know request filed by Lester Younkin and denied by Somerset County Commissioners, giving each party a victory.

Younkin said this week he will appeal the determination.

His request, seeking certain computer log information for specified county employees, was determined as granted in part and denied in part. Granted was the county’s point that disclosure of the active directory logs is likely to pose a risk to the county’s computer security, but that access to employees’ names and login and logout times can be released under the state’s Right-to-Know Law.

However, the OOR determined the county doesn’t have those records that Younkin is asking for because the server log showing the login and logout information doesn’t exist within the county’s possession, custody or control.

“The county NEVER disputed the existence of the log. In fact, the IT director submitted an unredacted Active Directory log in their appeal in an attempt to justify why they can’t release the information,” Younkin said in an email. “The county has the information. They simply do not want to release it. The county claim that they would need to purchase software to extract the data is blatantly false.”

More: Somerset commissioners say they have no evidence employees abusing time-off policies

County solicitor Christopher Furman, on behalf of the county commissioners, issued this statement:

“On Sept. 27, 2023, the Office of Open Records issued its Final Determination in OOR Appeal No. 2023-1983, granting the appeal in part, denying it part. The request was for daily computer and Exchange server login and logout times for certain personnel. Because the county does not use an Exchange server, that part of the appeal was denied. Regarding the computer login information, the county’s software is not currently capable of producing the requested information without producing certain other information embedded with it that, if disclosed, would pose a risk to the county’s computer security. Put simply, to provide the requested data, the county will need different software. Because Section 1307(g) of the RTKL provides…

Source…