Opinion No.

The Honorable Roy Cordes, Jr. Fort Bend County Attorney 301 Jackson Street, Suite 728 Richmond, Texas 77469-3108

Re: Release and redaction of social security numbers under the Public Information Act, section 552.147 of the Government Code, (RQ-0418-GA).

Dear Mr. Cordes:

Your predecessor asked a number of questions about a county clerk's duties under section 552.147 of the Public Information Act (the "PIA").1 See Tex. Gov't Code Ann. § 552.147 (Vernon Supp. 2006);see generally id. §§ 552.001-.353 (Vernon 2004 Supp. 2006). In general, the questions focus on how a governmental body must treat social security numbers ("SSNs") contained in documents subject to the PIA. Specifically, we are asked:

1. Whether Section 552.147 . . . is permissive or mandatory in relation to Section 552.007 of the Government Code that prohibits selective disclosure?

2. Whether Section 552.147 . . . applies to all county clerk records (i.e.[,] real property, birth records, death records and marriage records)[?]

3. Whether Section 552.147 . . . authorizes the county clerk to permanently redact a [SSN] from the original, filed document?

4. If Section 552.147 . . . authorizes a county clerk to redact [SSNs] from either an original, filed document or a copy requested under the [PIA], can the county clerk certify the document as "certified copy"[?]

5. If the county clerk may certify a document that contains a redacted [SSN] as a "certified copy" of the original document, must the certification stamp include a disclaimer that the document has been altered (i.e.[,] that a [SSN] has been redacted)?

6. If county clerk documents are available to the public via the [I]nternet, does Section 552.147 . . . or any other law require the redaction of all [SSNs] prior to their availability on the [I]nternet?

7. Section 552.147 . . . addresses the [SSNs] of "living persons." How is a governmental body to determine whether a document contains a [SSN] of a living person?

Request Letter, supra note 1, at 1-2. We address each of the questions in turn.

I. Whether Section 552.147 Is "Permissive or Mandatory"

In general, the PIA requires a governmental body to make its information available to a member of the public upon request.See Tex. Gov't Code Ann. §§ 552.021, .221 (Vernon 2004). The PIA also provides a number of exceptions, which are specific to particular types of information, to this general rule of required disclosure. Seegenerally id. §§ 552.101-.147 (Vernon 2004 Supp. 2006). The Seventy-ninth Legislature added such an exception for the SSN of a living person. See Act of May 20, 2005, 79th Leg., R.S., ch. 397, § 1, 2005 Tex. Gen. Laws 1090, 1091 (Senate Bill 1485). This exception provides:

§ 552.147. Exception: Social Security Number of Living Person.

(a) The [SSN] of a living person is excepted from the requirements of Section 552.021 [i.e., the general disclosure requirement].

(b) A governmental body may redact the [SSN] of a living person from any information the governmental body discloses under Section 552.021 without the necessity of requesting a decision from the attorney general under Subchapter G.

Tex. Gov't Code Ann. § 552.147 (Vernon Supp. 2006).

The first question is whether section 552.147 "is permissive or mandatory in relation to Section 552.007." Request Letter,supra note 1, at 1, 2-3. Section 552.007 of the PIA provides that a governmental body may "voluntarily mak[e] part or all of its information available to the public, unless the disclosure is expressly prohibitedby law or the information is confidential under law." Tex. Gov't Code Ann. § 552.007(a) (Vernon 2004) (emphasis added). Thus, a governmental body is prohibited from disclosing information that is confidential by law. See id. §§ 552.007, .101. Moreover, disclosing confidential information under the PIA is a criminal offense. See id. § 552.352. Therefore, to answer this question we will analyze whether 552.147 makes the SSNs of living persons confidential.

Section 552.147(a) provides that SSNs of living persons are excepted from required public disclosure. We will first analyze whether section 552.147(a) makes SSNs confidential under law, such that governmental bodies are prohibited from disclosing SSNs. Then we will discuss the impact of section 552.147(b) on our analysis.

A. Construction of Section 552.147(a)

In construing a statute we may consider, among other things, (1) legislative history, (2) common law or former statutory provisions, including laws on the same or similar subjects, (3) the circumstances surrounding the statute's enactment, (4) the consequences of a particular construction, and (5) the administrative construction of the statute. See Helena Chem. Co. v. Wilkins, 47 S.W.3d 486, 493 (Tex. 2001) (citing section 311.023, Government Code). To determine whether SSNs are made confidential under section 552.147(a), we will consider each of these in turn.

1. Legislative History

In the Bill Analysis for section 552.147, the "Author's/Sponsor's Statement of Intent" refers to an attorney general ruling which recognizes that SSNs are "confidential" under the PIA in some circumstances, but not all. See Senate Comm. on State Affairs, Bill Analysis, Tex. S.B. 1485, 79th Leg., R.S. (2005) (quoting Tex. Att'y Gen. OR2004-1475, at 2). The Statement of Intent then points out that knowing disclosure of "confidential information" is a criminal offense under the PIA. See id. Then, rather than explicitly stating whether the bill makes SSNs confidential in all circumstances, the Statement of Intent provides simply that the bill will deal with SSNs by "exempting them from the Public Information Act." Id.

Although the Statement of Intent does not give a definitive answer regarding confidentiality, it seems unlikely that the Statement of Intent would focus on information that is confidential under the PIA if section 552.147 was not intended to make SSNs confidential in the first place. Thus, the Bill Analysis lends some weight to the conclusion that section 552.147(a) makes SSNs confidential.

2. Statutes Providing for Confidentiality of SSNs

To construe section 552.147(a), we also examine the statutory framework existing at the time of its enactment. We find that although the confidentiality of SSNs is reflected throughout statutory law, and although both Congress and the Texas Legislature recognize the serious privacy concerns raised by the public disclosure of an individual's SSN, prior to section 552.147's enactment there was no comprehensive prohibition against governmental entities' public disclosure of SSNs.

As early as 1974 with the enactment of the Privacy Act, Congress acknowledged a privacy right in SSNs and sought to "curtail the expanding use of [SSNs] by federal and local agencies" and, consequently, "eliminate the threat to individual privacy and confidentiality of information posed by [the use of SSNs as] common numerical identifiers." Doyle v. Wilson, 529 F. Supp. 1343, 1348 (D.C. Del. 1982); see 5 U.S.C.A. § 552a (West 1996 Supp. 2006). The Senate Report on the adoption of the Privacy Act described the universal use of SSNs as identifiers as "one of the most serious manifestations of privacy concerns in the Nation." S. Rep. No. 93-1183 (1974),reprinted in 1974 U.S.C.C.A.N. 6916, 6943.

The Social Security Act makes confidential a SSN obtained or maintained pursuant to a provision of law enacted on or after October 1, 1990 (this provision of the Social Security Act was enacted in 1990).See Pub.L. No. 101-624, 104 Stat. 3359 (codified as amended at42 U.S.C.A. § 405(c)(2)(C)(viii)(I) (West Supp. 2006)); Tex. Att'y Gen. ORD-622 (1994) at 3. Thus, when a Texas governmental body obtains or maintains a SSN pursuant to a provision of law and the provision of law was enacted on or after October 1, 1990,2 the SSN is confidential under the Social Security Act and excepted from public disclosure under section 552.101 of the PIA. See Tex. Att'y Gen. ORD-622 (1994) at 3, 6. And, under the Social Security Act, the disclosure of a SSN in violation of federal law is a felony. See 42 U.S.C.A. § 408(a)(8) (West. Supp. 2006).

The Texas Legislature, recognizing the need for SSNs to be kept confidential, has repeatedly acted to prohibit disclosure of SSNs maintained by entities in both the private and public sector. For SSNs maintained by private entities, for example, Texas law broadly prohibits a person from intentionally communicating or making available to the public a person's SSN. See Tex. Bus. Com. Code Ann. § 35.58(a) (Vernon Supp. 2006). In addition, subject to several exceptions, a person may not require an individual to disclose his or her SSN to obtain goods or services or enter a business transaction with the person unless the person adopts a privacy policy and maintains the confidentiality and security of a SSN disclosed to the person. See id. § 35.581.

For government records, Texas law outside of the PIA explicitly protects SSNs in countless ways. When people have children or pay child support, the law prohibits public disclosure of the SSNs in the relevant records. See Tex. Health Safety Code Ann. § 192.002(c) (Vernon Supp. 2006); Tex. Fam. Code Ann. § 231.302(e) (Vernon 2002). SSNs are confidential when people provide them as voters, see Tex. Elec. Code Ann. §§ 13.004(b), 18.066(b), 65.060 (Vernon Supp. 2006), as utility customers, see Tex. Util. Code Ann. § 182.052 (Vernon Supp. 2006), and as property taxpayers, see Tex. Tax Code Ann. § 11.48 (Vernon Supp. 2006). When people buy or sell real property, they may remove their SSNs from property instruments before the instruments are filed. See Tex. Prop. Code Ann. § 11.008(b)-(c) (Vernon Supp. 2006). When someone applies for a license to practice an occupation or a license to drive a car, the SSN provided on those applications is protected from public disclosure. See Tex. Occ. Code Ann. § 59.001 (Vernon Supp. 2006); Tex. Transp. Code Ann. § 521.044(a) (Vernon Supp. 2006). The Transportation Code prohibits disclosure of SSNs when individuals apply for a certificate of title for their cars and even when a person subscribes to the Department of Transportation's "Texas Highways" magazine.See Tex. Transp. Code Ann. §§ 204.011(a) (Vernon Supp. 2006), 501.0235(b) (Vernon 1999). When persons serve as jurors and grand jurors, their SSNs are confidential in the hands of both the court and the prosecuting attorney. See Tex. Code Crim. Proc. Ann. arts. 19.42(a) (Vernon 2005), 35.29 (Vernon 2006). The Comptroller must keep confidential the SSNs of owners of abandoned property. See Tex. Prop. Code Ann. § 74.104(b) (Vernon 2007). The Department of Health must protect the confidentiality of SSNs of medical assistance recipients. See Tex. Hum. Res. Code Ann. § 32.042(g) (Vernon Supp. 2006). The Workers Compensation Division of the Department of Insurance is specifically required by statute not to disclose workers compensation claimants' SSNs. See Tex. Ins. Code Ann. art. 5.58(d) (Vernon Supp. 2006). The SSN of a sexual predator victim is privileged from disclosure in court proceedings. See Tex. Health Safety Code Ann. § 841.1462 (Vernon Supp. 2006). Disclosure of blood donors' SSNs is prohibited under two provisions in Texas law. Seeid. §§ 81.103(g), 162.007(c) (Vernon 2001). Three laws except the SSNs of sex offenders from public disclosure. See Tex. Code Crim. Proc. Ann. arts. 62.005(b)(1), .053(f)(1), .055(g)(1) (Vernon 2006).

Furthermore, the PIA itself contains several exceptions to required disclosure of SSNs (in addition to section 552.147) in certain government records. These exceptions cover the SSNs of public employees and officials, see Tex. Gov't Code Ann. § 552.117(a)(1) (Vernon 2004); peace officers, see id. §§ 552.117(a)(2) (Vernon 2004), 552.1175 (Vernon Supp. 2006); Texas Department of Criminal Justice employees and other law enforcement personnel, see id. §§ 552.117(a)(3)-(5) (Vernon 2004), 552.1175 (Vernon Supp. 2006); crime victims who seek compensation from the state, see id. § 552.132(b)(1) (Vernon 2004); employees, volunteers, and clients of a family violence shelter center or sexual assault program, see id. § 552.138; and individuals who apply for a marriage license, see id. § 552.141 (Vernon Supp. 2006).

As these examples demonstrate, where a Texas governmental body or other entity obtains an individual's SSN, the Legislature has repeatedly acted to prohibit disclosure of the SSN to the public. Because of this pervasive federal and state legislative scheme that safeguards SSNs' confidentiality and use, Texans have a legitimate expectation that their SSNs will be kept confidential.

However, despite the public's legitimate expectation that their SSNs will be kept confidential, at the time of section 552.147's enactment there were still circumstances in which SSNs maintained by a governmental body were not made confidential by statute. See Tex. Att'y Gen. Op. No. GA-0203 (2004) at 2-3. Within those gaps in confidentiality, where no specific federal or state statute prohibited the disclosure of SSNs, a government body would be required to release SSNs under the PIA. See Tex. Att'y Gen. ORD-622 (1994) at 2-4.3

In sum, statutes protecting SSNs at the time of section 552.147(a)'s enactment were pervasive, yet not all-encompassing. We therefore conclude that a review of the existing statutory provisions addressing the disclosure of SSNs indicates that the purpose of section 552.147(a) was to make all SSNs confidential under the PIA, closing the gaps in SSN confidentiality under the PIA.

3. Circumstances Surrounding Section 552.147(a)'s Enactment

A survey of the privacy landscape of SSNs in Texas today can also shed light on whether section 552.147(a) makes SSNs confidential. People today need and expect their SSNs to be safeguarded by the government and other entities that maintain this information. See In re Crawford,194 F.3d 954, 957-58 (9th Cir. 1999). An individual's SSN — particularly when combined with other identifying information such as a birth date — is a key that can unlock the door to an entire world of otherwise confidential information. "[A]rmed with one's SSN, an unscrupulous individual could obtain a person's welfare benefits or Social Security benefits, order new checks at a new address on that person's checking account, obtain credit cards, or even obtain the person's paycheck."Greidinger v. Davis, 988 F.2d 1344, 1353 (4th Cir. 1993) (citing Elizabeth Neuffer, Victims Urge Crackdown on Identity Theft, Boston Globe, July 9, 1991, at 13, 20). Indeed, it is universally agreed that SSNs are at the heart of identity theft and fraud, and in today's Internet world where information — including public government information — can be instantly and anonymously obtained by anyone with access to the worldwide web, the danger is even greater.4

Identity theft, without question, is becoming one of the fastest growing criminal offenses in the twenty-first century. The Federal Trade Commission estimates that in a five-year period prior to early 2003 in the United States alone, there were 27.3 million reported cases of identity theft. (Thomas Fedorek, Computers + Connectivity = New Opportunities for Criminals and Dilemmas for Investigators, 76-Feb. N.Y. St. B.J. 10, 15 [February, 2004]). The ensuing fraud caused damages in the billions. . . .

Daly v. Metro. Life Ins. Co., 782 N.Y.S.2d 530, 535 (N.Y.Sup.Ct. 2004) (denying defendant's motion for summary judgment in negligence action against insurer who disclosed consumers' names, SSNs, and date of birth information). Several courts have recognized the potential for identity theft and financial harm from the uncontrolled release of SSNs. See,e.g., Sherman v. United States Dep't of the Army, 244 F.3d 357, 364-66 (5th Cir. 2001); In re Crawford, 194 F.3d at 958; Greidinger,988 F. 2d at 1353-54; Arakawa v. Sakata, 133 F. Supp. 2d 1223, 1228-29 (D. Haw. 2001); State ex rel. Beacon Journal Publ'g Co. v. City of Akron,640 N.E.2d 164, 168-69 (Ohio 1994). "[T]he harm that can be inflicted from the disclosure of a SSN to an unscrupulous individual is alarming and potentially financially ruinous." Greidinger, 988 F.2d at 1354. The disclosure of a person's SSN can undoubtedly lead to identity theft. In short, there is a high potential for harm from the uncontrolled release of SSNs to a member of the public.

Furthermore, the degree of need for public access to SSNs under the PIA is not significant. In many cases, a SSN only incidentally appears in requested information and in virtually all cases is of no legitimate interest to a requestor. Although government records are replete with SSNs, they actually reveal little about an individual other than serving as one of various ways to verify an individual's identity. When a requestor needs to distinguish among persons who share the same name, other information such as an address or birth date can fulfill that need without the attendant possibility of serious harm that could result from the disclosure of the SSN. Furthermore, the common and accepted practice for an entity with a legitimate need for an individual's SSN for identification purposes, such as a government agency providing benefits or a financial or credit institution providing services, is to obtain the SSN directly from its holder and not from a government record. In other words, those with a legitimate need for an individual's SSN generally have an alternative source for obtaining it.

It is also noteworthy that, on balance, the PIA's public policy and statutory mandate of open government is not advanced in any significant way when a living person's SSN is released to the public. The PIA's primary purpose is to make available to the public "complete information about the affairs of [Texas] government and the official acts of public officials and employees." Tex. Gov't Code Ann. § 552.001(a) (Vernon 2004). The reason stated in the PIA for the public's right to government information is "so that [the people] may retain control over the instruments they have created" because "[u]nder the fundamental philosophy of the American constitutional form of representative government . . . government is the servant and not the master of the people." Id. Redacting SSNs from responsive records requested under the PIA will not detract from the PIA's purpose of making publicly available information about the affairs of government and the official acts of public officials and employees because the release of SSNs does not serve the purpose of openness in government in any foreseeably significant way. While SSNs reveal nothing about the processes of government and little of significance, if anything, about the individual who holds it, a SSN would allow an unscrupulous requestor to discover an individual's personal and financial information, which is irrelevant to the operations of government, and increase the possibility of financial harm to the individual through the fraudulent use of the SSN. See BeaconJournal Publ'g Co., 640 N.E.2d at 168-69.

Given the presence at the time of section 552.147(a)'s enactment of these privacy considerations — the high potential for harm from the uncontrolled release of a SSN associated with a living person's name, the irrelevance of such a release to the principle of open government, and the limited public interest, if any, in disclosure of an individual's SSN under the PIA — we find that the proper construction of section 552.147(a) is that SSNs are made confidential under the PIA.

4. Consequences of Our Construction of Section 552.147(a)

We also consider the consequences of particular constructions of section 552.147(a). Construing SSNs to be confidential under the PIA affords them significant protection under the PIA. The distribution of confidential information under the PIA constitutes official misconduct and a criminal misdemeanor punishable by a fine of up to $1,000, confinement in the county jail for up to six months, or both.See Tex. Gov't Code Ann. § 552.352 (Vernon 2004). Any alternative construction of section 552.147(a) could allow a governmental body to disclose SSNs without penalty. In addition, construing SSNs to be confidential under the PIA results in equal treatment for all individuals' SSNs maintained by a governmental body. If section 552.147(a) does not make SSNs confidential, then some individuals' SSNs are protected while other individuals' SSNs are not. If the Texas Legislature has seen fit to protect SSNs of convicted sex offenders,see, e.g., Tex. Code Crim. Proc. Ann. art. 62.005(b)(1) (Vernon 2006), surely the Legislature intended for regular law-abiding citizens to be entitled to the same protection.

5. Administrative Construction of Section 552.147(a)

The Office of the Attorney General, through its Open Records Division, is the administrative agency charged with interpreting the PIA.See Tex. Gov't Code Ann. § 552.306 (Vernon 2004). Since section 552.147's effective date of June 17, 2005, the Open Records Division has issued more than 4,000 informal open records rulings that treat SSNs as confidential under section 552.147 of the PIA. See, e.g., Tex. Att'y Gen. OR2006-5291.5 Thus, the administrative construction of section 552.147(a) supports a finding that section 552.147(a) makes SSNs of living persons confidential.

After considering section 552.147(a)'s legislative history, existing common law and statutory framework, surrounding circumstances, potential consequences, and administrative construction, we find that 552.147(a) makes confidential under the PIA the SSN of a living person. Therefore, the PIA makes mandatory that a governmental body not release the SSN of a living person to a member of the public under the PIA, unless the requestor is the holder of the SSN or the holder's authorized representative.6 B. Construction of Section 552.147(b)

Section 552.147(b) does not affect our determination that section 552.147(a) makes SSNs confidential. Subsection (b) deals with the process for redacting SSNs of living persons, stating that the redaction of SSNs under subsection (a) may be performed "without the necessity of requesting a decision from the attorney general." See Tex. Gov't Code Ann. § 552.147(b) (Vernon Supp. 2006).

Generally, under the PIA, a governmental body may not withhold public information on the grounds that it is excepted from disclosure without first seeking a decision from the attorney general. See id. § 552.301(a). When information submitted to the attorney general contains both excepted and non-excepted information, this office generally directs the governmental body to provide copies of the public information to the requestor with the excepted information redacted from the copies. See Tex. Att'y Gen. ORD-606 (1992) at 2-3 (determining that a governmental body must redact from a photocopy rather than retype the document). But generally a governmental body may not respond to a request for public information under the PIA with redacted copies without first seeking an attorney general decision, unless the requestor assents to the redaction. See Tex. Att'y Gen. ORD-682 (2005) at 5 n. 5. A governmental body that seeks an attorney general decision under the PIA must raise and explain the applicability of a claimed exception and submit to this office within the statutory deadline certain information necessary for this office to render a decision. See Tex. Gov't Code Ann. § 552.301(e) (Vernon Supp. 2006).

Subsection (b) provides that governmental bodies are not required to comply with these procedures for requested SSNs. The subsection pertains solely to the administrative procedure for processing requests for records that contain SSNs of living persons. Thus, when the SSN of a living person appears with information to be made public under the PIA, section 552.147(a) requires that the governmental body redact the SSN, and section 552.147(b) permits the governmental body to do so without following the standard administrative procedure of first requesting an attorney general decision. And as a result, governmental bodies can produce public information more promptly.

II. Application of Section 552.147 to All County Clerk Records

We are next asked whether section 552.147's provision for redaction of SSNs applies to all county clerk records. Request Letter, supra note 1, at 1, 3.

The general statutory rule for county clerk records is that "[a]ll records belonging to the office of the county clerk to which access isnot otherwise restricted by law or by court order shall be open to the public at all reasonable times." Tex. Loc. Gov't Code Ann. § 191.006 (Vernon 1999) (emphasis added). Section 552.147 restricts access to the SSNs in the clerk's records that are subject to the PIA. See Tex. Gov't Code Ann. § 552.147(a) (Vernon Supp. 2006). Thus, as a general rule, SSNs of living persons in all county clerk records subject to the PIA are confidential and protected from disclosure under section 552.147.

There are also specific county clerk records expressly made public by statute. See, e.g., Tex. Prop. Code Ann. § 13.002 (Vernon 2004) (real property records). Regarding laws that are specific to a record and that make the record public, this office has determined that, "[a]s a general rule, exceptions to required public disclosure provided in the [PIA] are inapplicable to information that statutes other than the [PIA] expressly make public." Tex. Att'y Gen. ORD-623 (1994) at 3. This determination is based on the rule of statutory construction that, where statutes conflict, the specific statutory provision prevails as an exception to the general provision. See Tex. Gov't Code Ann. § 311.026(b) (Vernon 2005). In the case of SSNs within a record expressly made public, the same rule of statutory construction leads to the opposite result. While the statutes making county clerk records public refer to entire documents, section 552.147 refers only to one piece of information within those documents. And thus section 552.147 prevails as the more specific statute. As a result, to comply with both laws, the county clerk must redact SSNs from the copies of records made available to the public. We also note that this conclusion does not conflict with the presumption in construing a statute that public interest is favored over any private interest. See id. § 311.021(5). While openness of records is in the public interest, the same public has a legitimate interest in the privacy of their SSNs.7

One possible exception to this interpretation is section 11.008 of the Texas Property Code, which not only makes deeds and deeds of trust available to the public but also claims to be the exclusive state law governing the confidentiality of such documents. See Tex. Prop. Code Ann. § 11.008(f)-(g) (Vernon Supp. 2006). We do not need to address the conflict between this statute and section 552.147, however, because we conclude that SSNs in these documents are confidential under the federal Social Security Act. The Social Security Act makes SSNs confidential if they are "obtained or maintained by authorized persons pursuant to any provision of law enacted on or after October 1, 1990."42 U.S.C.A. § 405(c)(2)(C)(viii)(I). Section 11.008, which was enacted in 2003, authorizes the obtaining of SSNs in a deed or deed of trust.See Act of May 27, 2003, 78th Leg., R.S., ch. 715, § 1, 2003 Tex. Gen. Laws 2141, 2142, and Act of May 28, 2003, 78th Leg., R.S., ch. 960, § 1, 2003 Tex. Gen. Laws 2836, 2836 (codified at Tex. Prop. Code Ann. § 11.008(b) (Vernon Supp. 2006)). Therefore, SSNs obtained or maintained pursuant to section 11.008 are confidential under the Social Security Act. See Mills v. WarnerLambert Co., 157 S.W.3d 424, 426-27 (Tex. 2005) (state law preempted to the extent it actually conflicts with federal law).

We thus conclude that SSNs of living persons in all county clerk records subject to the PIA are confidential and protected from disclosure under section 552.147(a).

III. SSNs in Original Documents in the County Clerk's Office

We are also asked whether section 552.147 authorizes a county clerk to permanently redact a SSN from the original filed document. Request Letter, supra note 1, at 1, 3. It has been suggested that it would be more efficient for the county clerk's office to redact SSNs from original documents as they are filed rather than prior to each public disclosure. Id. at 3. However, section 552.147 authorizes redaction of a SSN only from "information the governmental body discloses under [the PIA]." Tex. Gov't Code Ann. § 552.147(b) (Vernon Supp. 2006). The plain language of the statute does not authorize a county clerk to redact a SSN from an original record. See id. Furthermore, redacting a SSN from an original record would contradict a person's special right of access to his own SSN under the PIA. See id. § 552.023(a) (Vernon 2004). Finally, a clerk's alteration of an original document offered for filing would likely violate the clerk's statutory duties outside of the PIA.See, e.g., Tex. Loc. Gov't Code Ann. § 191.001(c) (Vernon 1999) (requiring a county clerk to "record, exactly . . . the contents of each instrument that is filed for recording and that the clerk is authorized to record"); Tex. Prop. Code Ann. § 11.004(a)(1) (Vernon 2004) (stating clerk's duty to "correctly record" deed and deed of trust instruments). Therefore, the county clerk may not permanently redact a SSN from an original, filed document.

IV. Redaction of SSNs in Certified Copies

We answer the next two questions together. It is asked whether a clerk may issue a certified copy of a document when the SSNs have been redacted from the copy and, if so, whether the "certification stamp" must "include a disclaimer that the document has been altered (i.e., that a [SSN] has been redacted)." Request Letter, supra note 1, at 1, 3-4. A county clerk has a general duty to give an "attested copy of any instrument that is recorded in the clerk's office." Tex. Loc. Gov't Code Ann. § 191.004(a) (Vernon Supp. 2006). Neither "attested copy" nor "certified copy" is defined in the statutes. A certified copy is commonly understood to be "a copy of a document or record, signed and certified as a true copy by the officer to whose custody the original is intrusted." See Tex. Attorney Gen. v. Litten, 999 S.W.2d 74, 78 n. 7 (Tex.App.-Houston [14th Dist.] 1999, no pet.) (quoting Black's Law Dictionary 287 (4th ed. 1968)). We find no law that prevents the clerk from providing a copy that accurately certifies the document's content as well as the fact that SSNs have been redacted according to law.Cf. Irving v. State, 436 S.W.2d 537, 539 (Tex.Crim.App. 1969) (holding that it was not error to admit into evidence certified copy of judgment containing typewritten entry reflecting that the original had been signed by the presiding judge). Therefore, a county clerk may issue a certified copy of a document when the SSNs have been redacted from the copy. Because a certified copy attests that the copy is an exact reproduction of the original document, we further find that the certification must disclose the fact that SSNs have been redacted.

V. Redaction of SSNs from County Clerk Records on the Internet

We are also asked whether section 552.147 "or any other law" requires the redaction of all SSNs from the county clerk's records prior to making them available on the Internet. Request Letter, supra note 1, at 1, 4. The question essentially asks about the redaction of SSNs from records prior to their voluntary disclosure. As we have noted earlier, Section 552.007(a) of the PIA specifically addresses — and limits — the voluntary disclosure of information to the public. See Tex. Gov't Code Ann. § 552.007(a) (Vernon 2004). It provides that a governmental body may voluntarily make public its information "unless the disclosure is expressly prohibited by law or the information is confidential under law." Id. By its plain language, the statute prohibits a governmental body from voluntarily disclosing confidential information. Therefore, a governmental body must redact SSNs of living persons from records prior to making those records available on the Internet.

VI. Determining Whether a SSN is of a Living Person

Section 552.147 only applies to the SSN of "a living person."Id § 552.147 (Vernon Supp. 2006). We are asked how a governmental body may determine whether a SSN belongs to a living person. See Request Letter, supra note 1, at 2. Section 552.147 does not specify how a governmental body is to make that determination. See Tex. Gov't Code Ann. § 552.147 (Vernon Supp. 2006). This office imposes no burden on a governmental body to affirmatively demonstrate that a person whose SSN is requested under the PIA is living. In fact, this office will raise section 552.147 for a governmental body when a record contains a person's SSN. See Tex. Att'y Gen. ORD-481 (1987). This office presumes the person whose SSN is at issue is living unless the facts before us show otherwise. While following our approach to privacy questions in applying section 552.147 does not ensure that a SSN at issue belongs to a living person, we believe it would be unduly burdensome on this office and on governmental bodies to require an affirmative showing of the fact that a person is living when the exception is silent on the subject. Thus for purposes of section 552.147, we find that a governmental body may presume the person whose SSN is at issue is living unless the facts before the governmental body show otherwise.

SUMMARY

The social security number ("SSN") of a living person is confidential and subject to mandatory exception from required disclosure under section 552.147(a) of the Public Information Act ("PIA"). Distributing confidential information under the PIA is a criminal offense. Section 552.147(b) of the PIA provides an administrative procedure by which a governmental body may redact confidential SSNs from public information without first obtaining an attorney general decision.

The confidentiality of SSNs of living persons under 552.147 of the PIA applies to all county clerk records subject to the PIA.

Section 552.147 of the PIA does not authorize a county clerk to redact SSNs from original documents maintained in the clerk's records.

When a county clerk redacts a SSN from a copy of a document maintained by the clerk's office, the clerk may label the copy as a "certified copy," but such certification must reflect that SSNs have been redacted.

Prior to posting a record on the Internet, the clerk must redact the SSNs of living persons from any record subject to the PIA.

For purposes of section 552.147 of the PIA, a governmental body may presume that a requested SSN belongs to a living person unless the facts before the governmental body show otherwise.

Very truly yours,

GREG ABBOTT Attorney General of Texas

KENT C. SULLIVAN First Assistant Attorney General

ELLEN L. WITT Deputy Attorney General for Legal Counsel

NANCY S. FULLER Chair, Opinion Committee

RYAN D. V. GREENE Assistant Attorney General, Opinion Committee

1 See Letter from Honorable Ben W. "Bud" Childers, Fort Bend County Attorney, to Honorable Greg Abbott, Attorney General of Texas, at 1 (Nov. 18, 2005) (on file with the Opinion Committee, also availableat http://www.oag.state.tx.us) [hereinafter Request Letter].

2 See, e.g., Tex. Elec. Code Ann. § 13.004 (Vernon Supp. 2006) (SSNs obtained by voter registrar); Tex. Fam. Code Ann. § 154.185 (Vernon 2002) (SSNs obtained by Title IV-D agency from parent providing health insurance to child); id. § 234.001 (SSNs in state case registry of child support orders); Tex. Gov't Code Ann. § 62.001(c)(2) (Vernon 2005) (SSNs furnished to Secretary of State for jury wheel); id. § 411.042(b)(6) (SSNs collected by Department of Public Safety); Tex. Health Safety Code Ann. § 193.001(b) (Vernon 2001) (SSNs on death certificates); Tex. Occ. Code Ann. § 1702.110 (Vernon 2004) (SSNs in application for license to conduct business as investigative company or security service contractor); Tex. Tax Code Ann. § 162.016 (Vernon Supp. 2006) (SSNs obtained by Comptroller in copy of shipping document relating to importation and exportation of motor fuel); Tex. Transp. Code Ann. § 501.0235 (Vernon 1999) (SSNs obtained by Department of Transportation in application for certificate of title).

3 This is because the Texas Supreme Court in 1976 found no common-law right to privacy in SSNs. See Indus. Found. v. Tex. Indus.Accident Bd., 540 S.W.2d 668, 686 (Tex. 1976). It appears that the Texas Supreme Court in Industrial Foundation relied on the factual conclusion that a SSN is among information "which does not itself reveal private facts." Id. at 686. Due to the modern-day heightened risk of identity theft and fraud, which we discuss immediately following, we believe that, given the opportunity to consider confidentiality of SSNs anew, the Texas Supreme Court would now overrule Industrial Foundation to the extent it holds that there is no constitutional or common-law right to privacy in SSNs.

4 See Social Security Administration, Identity Theft and Your Social Security Number (Jan. 2006) (last visited Feb. 13, 2007) (Publication No. 05-10064) (Social Security Administration website discussing identity theft and SSNs, available at http://www.ssa.gov/pubs/10064.html); Federal Trade Commission, Minimizing Your Risk (last visited Feb. 13, 2007) (Federal Trade Commission website concerning minimizing risk of identity theft,available at http://www.consumer.gov/idtheft/con_minimize.htm); United States Department of Justice, Identity Theft and Fraud (last visited Feb. 13, 2007) (United States Department of Justice website concerning identity theft and identity fraud, available at http://www.usdoj.gov/criminal/fraud/idtheft.html).

5 The handful of open records rulings that have permitted disclosure of SSNs did not conclude that SSNs are not confidential under section 552.147 but rather concluded that another statute both made the information public and prevailed over section 552.147. See, e.g., Tex. Att'y Gen. OR2005-9250, at 4. In Section II, infra, we reconsider the reasoning of these open records rulings.

6 We note that, under section 552.023 of the PIA, a governmental body cannot deny a person or a person's authorized representative access to the person's own SSN. See Tex. Gov't Code Ann. § 552.023 (Vernon 2004).

7 Previously, this office has determined that the confidentiality of section 552.147(a) does not apply in three situations in which other law specific to the record at issue makes it public: county property records, see, e.g., Tex. Loc. Gov't Code Ann. § 118.024(a) (Vernon 1999); peace officer accident reports, see Tex. Transp. Code Ann. §550.065(c)(4) (Vernon Supp. 2006); and arrest warrants and affidavits,see Tex. Code Crim. Proc. Ann. art. 15.26 (Vernon 2005). Future open records opinions will reflect the analysis contained here.