Lawsuit to Protect Citizens’ Private Information Resolved

The Auditor’s Lawsuit and Settlement Protects Private and Confidential Information of County Citizens from Unlawful Disclosure In March 2019, the Madison County Board passed a resolution granting the County Chairman, his unnamed “designee,” the County Administrator, and the County Treasurer the power to access the Madison County Auditor’s software. The resolution would have forced the… Continue reading

computer screen with code

The Auditor’s Lawsuit and Settlement Protects Private and Confidential Information of County Citizens from Unlawful Disclosure

In March 2019, the Madison County Board passed a resolution granting the County Chairman, his unnamed “designee,” the County Administrator, and the County Treasurer the power to access the Madison County Auditor’s software. The resolution would have forced the elected Auditor, Rick Faccin, to unlawfully disclose the confidential information of county citizens, such as the identities of grand jurors and other non-financial information contained in the Auditor’s files. State and federal law prohibits the disclosure of this confidential information.

In fact, before the Board passed the resolution, the County’s State’s Attorney advised the Board during its meeting that the resolution “would create a massive violation of privacy rights for the citizens whose records are contained in it” and stated: “My legal opinion is that this Board does not have the authority to enforce the resolution.” Despite this advice, the Board passed the resolution on a party-line vote of 13-12.

To prevent the unlawful disclosure of private information required by the resolution, the Auditor sought relief from the court. Because the State’s Attorney already represented the Board, the Chief Judge of Madison County appointed Goldenberg Heller attorneys Tom Rosenfeld and Kevin Green as a Special State’s Attorney to represent the Auditor. The Auditor filed a lawsuit and quickly obtained a Temporary Restraining Order prohibiting the Board from enforcing the resolution.

At the insistence of the Chairman and Administrator, the case was expedited, causing the parties to quickly engage in discovery and motion practice, culminating in the filing of cross-motions for summary judgment two months after the case was filed (most cases take several years to get to that point). While these motions were pending, the Auditor proposed a settlement that would allow Board members and other officials access to a portion of the auditor’s software where they could view financial data that they already received in daily, monthly, and quarterly reports—but without the unlawful disclosure of confidential information that the resolution would have required.

“We wish it had not taken a lawsuit to protect the confidential information of citizens, but we had no other choice once the Board approved the resolution that would have required our office to unlawfully disclose the private information,” said Faccin. “Our office has always been transparent and thorough in providing all the financial information to County officials and citizens, both periodically, and upon request. The settlement gives the Board the same financial information they have always received, but without the disclosure of the non-financial, private data that their resolution would have required.”

Background

In Illinois a county auditor is a separate constitutional officer elected by the people. Illinois law vests the elected Auditor of a county with several powers and duties, including: (1) acting both as the accountant and auditor of the county’s other elected officers, departments, and agents; (2) maintaining a continuous internal audit of the elected officers, agents, and divisions; and (3) having access to all records, documents, and resources necessary to discharge these responsibilities, including confidential information contained in the records of county officers and departments, which is prohibited from disclosure under federal and state law. 55 ILCS 5/3-1005, 1006. To perform these functions, the Auditor is vested with statutory authority to control the internal operations of his office, subject only to the board’s budgetary limitations. 55 ILCS 5/3-1004. Further, “[n]o county board may alter the duties, powers and functions of county officers that are specifically imposed by law.” 55 ILCS 5/5-1087.

To perform his statutory auditing duties, including auditing the claims of the county, auditing the receipts of the elected officers and county departments, and maintaining a continuous internal audit of the operations and financial records of the officers, agents, and divisions of the county, the Auditor utilizes certain computer software in his office. The Auditor utilizes this software to prepare and provide public financial reports and data, though the software contains more than simply financial data. For example, some of the information received by the Auditor and placed in the auditing software includes information of citizens and county employees that is protected from disclosure under the Illinois Code of Criminal Procedure and other state and federal laws including:

  • names, addresses, and dates of payment for citizens who have served on grand juries in the county;
  • references to names and medical procedures for inmates paid by the Sheriff’s Office; and
  • names, addresses, and case number related to individuals, including minors, who have served as witnesses for the State’s Attorney.

Since the Auditor began using the auditing software in 2001, no prior county administration, chairman, board member, or treasurer has had, or requested access to, the software.

The Resolution

On March 20, 2019, the Madison County Board adopted a resolution that purported to give the County Chairman, his unnamed “designee,” the County Administrator, and the County Treasurer access to the auditing software. The resolution also required the installation of the software on these individuals’ computers outside of the Auditor’s office. Although the Board contended that the purpose of the resolution was only to see financial information, because the auditing software contained more than financial information, the resolution would have resulted in the unauthorized disclosure of confidential information of county citizens and employees in violation of Illinois law. During the Board’s debate on the resolution, the State’s Attorney advised the Board that the resolution “would create a massive violation of privacy rights for the citizens whose records are contained in it” and gave his legal opinion “that this Board does not have the authority to enforce the resolution.”  Nonetheless, the Board passed the resolution on a party-line vote.

The Lawsuit and Injunction

To prevent the unlawful disclosure of private information, the Auditor requested the appointment of a special state’s attorney to represent his office because the State’s Attorney was already representing the Board. The Court appointed attorneys Thomas Rosenfeld and Kevin Green as Special State’s Attorney to represent the Auditor.

On March 29, 2019, the Auditor filed a lawsuit asking the court to declare the resolution invalid and enjoin its enforcement. The Auditor maintained that the Board, Chairman, and Administrator were improperly equating the right to obtain financial information (which the Auditor already provided), with the right to access all of the data—including confidential non-financial data—contained in the Auditor’s software.   For example, to audit the Chief Judge’s grand jury service payments, data about grand jurors is uploaded into the software directly from a file provided to the Auditor by the Chief Judge’s Jury Commission. This information is not provided to the Board or anyone else outside the Jury Commission because the Illinois Code of Criminal Procedure prohibits the disclosure of information that reveals grand juror identities. See 725 ILCS 5/112-6(b); Better Gov’t Ass’n v. Office of the Special Prosecutor, 2019 IL 122949, ¶ 36 (quoting Lopez v. Department of Justice, 393 F.3d 1345, 1349 (D.C. Cir. 2005)). See also Sherman v. Ryan, 392 Ill. App. 3d 712, 737-38 (1st Dist. 2009) (finding confidentiality and privileges are preserved when disclosure of such information are made to auditors). See also 5 ILCS 140/7(m) (prohibiting disclosure of “materials prepared or compiled with respect to internal audits of public bodies”).

On April 1, 2019, after an extensive hearing, the Court issued a Temporary Restraining Order that prohibited the Board, Chairman, Administrator, Treasurer, and their agents from implementing the resolution or otherwise accessing the Auditor’s software. The Court found that there was a likelihood that the Auditor would succeed on the merits and that the Auditor would suffer irreparable harm without the injunction, namely, the invasion of his constitutional office and the unauthorized disclosure of the private and protected information contained the auditing software, “which could expose the Auditor and the County to significant liability under federal and state law.”

The Counterclaim

On April 22, 2019, the County Chairman and County Administrator, who had also requested the appointment of a Special State’s Attorney to represent them, filed a Counterclaim against the Auditor. They argued they had the unfettered right to access the Auditor’s software and view all the data contained therein.

As the case progressed, the defendants’ arguments supporting their need for the information and the resolution changed.

Argument 1: Access to Financial Data

The defendants initially argued that they needed access to the auditing software because the Auditor was purportedly keeping the financial books of the County a secret. After the lawsuit was filed, the parties proceeded with discovery, seeking documents and taking depositions to test this assertion. On May 28, 2019, the Auditor filed a motion for summary judgment, accompanied by deposition transcripts, affidavits, and 580 pages of exhibits showing that the Auditor routinely provided any and all financial information of the County to the Board, Chairman, Administrator, Treasurer, (both periodically and upon request), and to anyone else who requested it.

For example, the Auditor provided, among other things, daily financial reports to the Treasurer, monthly budget variance reports and budget expenditure reports to the Board’s Finance Committee, monthly comparative financial statements showing revenues and expenditures to the County Administrator, quarterly financial statements to the Board showing actual and projected revenues, expenditures, and conditions of all funds and appropriations, numerous other reports, documents and information upon request, and a Microsoft Excel file containing requested portions of the general ledger that could easily be searched, filtered, or otherwise manipulated using the countless accounting functions provided by Excel. In fact, the former Republican Chair of the Board’s Finance Committee for the current administration stated under oath that the Auditor’s office is “extremely cooperative” in providing information and documents requested, and never withheld from the Chair or Finance Committee financial information necessary to: (a) track the financial performance of the various Offices and Departments; and (b) establish their budgets.

Consistent with Ms. Ciampoli’s testimony, the Board’s sworn discovery responses showed that the Board could not identify a single document “evidencing a denial by the Auditor within the past 24 months for information or records requested by” the Board, Chairman, Administrator, or Treasurer.

None of these facts were disputed by the Board, Chairman, Administrator, or Treasurer. In fact, the Board explained to the Court that the information it purportedly needed from the Auditor “has already been provided.” These facts supported the Auditor’s view that the resolution was not about accessing financial information—it was about access to the auditing software and the confidential, non-financial information it contained.

Argument 2: Board Entitled to Any Private Information Held by Any County Official

Acknowledging that the Board already had the financial data, the Board next argued that it had a right to access all confidential information held by any county office, and, therefore, a county officer could not restrict information to other county government units.

This argument presented a slippery slope. Following this argument to its logical conclusion meant that any Board Member or County Administrator (or any government official?) could, with or without a resolution, obtain access to the software of other constitutional officers, such as the State’s Attorney, Sheriff’s Department, Circuit Court, or Chief Judge’s offices, and view private information that was prohibited from disclosure. Per the Board’s argument, if the Board Members or other county officials came across confidential information in these software programs, they “would be under the same obligation to protect the CI and PII as the [officer].” Essentially, no harm, no foul.

The Board’s position ignored the protections afforded to the privacy rights of county citizens. For instance, if the Board wants information about criminal investigations or proceedings, it has to ask for it from the State’s Attorney or Sherriff, and it may not be entitled to get what it wants. The Board cannot simply grant itself the power to access their software systems. This is because, like the Auditor’s system, there is certain information protected from disclosure within the software used by these separate constitutional officers. The Board acknowledged this reality, explaining: “[T]here is some information within those Departments that is so important and/or confidential” that is not “subject to invasion and scrutiny” and that is protected “from ever being disseminated.”

The Board’s own reasoning for why it could not freely access the software of the State’s Attorney and Sheriff’s Department, however, applied equally to the Auditor and the confidential non-financial information contained in the Auditor’s software. Just as state law prohibits the disclosure of certain information held by the State’s Attorney and Sheriff’s Department, so too does it prohibit the disclosure of certain information contained in the auditing software, including the identities of grand jurors and materials prepared or compiled during internal audits. See 725 ILCS 5/112-6(b); 5 ILCS 140/7(m).

Argument 3: Format of Financial Data

As the case progressed, the Board and other defendants shifted to a third argument. Although the defendants now acknowledged the Auditor was providing all the financial information requested and needed, they began arguing that the format of the information was unworkable. Again, the Auditor was providing daily, weekly, and monthly reports, along with Excel spreadsheets of the financial data that could be searched, filtered, or manipulated.

The Settlement

With the complaint about the format in mind, the Auditor began working toward a solution that would allow the defendants to see all the same financial information the Auditor had been providing, but within the auditing software. To resolve the lawsuit, the Auditor offered to work with the software vendor to create a program that would allow for financial information in the software to be exported to a separate database within the software, with the confidential non-financial information redacted. The Auditor offered to provide a separate computer terminal in his office at which the Board members, Chairman, Administrator, and other designated county officials could view the redacted general ledger within the auditing software. The Auditor also offered to post Excel sheets from the redacted general ledger (similar to what it had previously been providing) on its website on a monthly basis.

After back-and-forth with the defendants, the Auditor, Chairman, and Administrator reached a tentative agreement. But the Board still needed to approve the deal. In the Auditor’s view, this solution gave the defendants what they said they wanted—access to the financial data within the specific software, but without the overbroad scope of the resolution that would have compromised the privacy rights of county citizens and employees and exposed the county to significant liability.

At the first Board meeting to vote on the proposed settlement, the Board postpone the vote, which meant the lawsuit continued for another month. At the Board meeting the following month, the Board resolution to approve the settlement passed by a narrow 2-vote margin. Pursuant to the Settlement, the court dismissed the lawsuit and counterclaims on September 27, 2019.