State ex rel. Cincinnati Enquirer v. Wilson

[Until this opinion appears in the Ohio Official Reports advance sheets, it may be cited as State ex rel. Cincinnati Enquirer v. Wilson, Slip Opinion No. 2024-Ohio-182.] NOTICE This slip opinion is subject to formal revision before it is published in an advance sheet of the Ohio Official Reports. Readers are requested to promptly notify the Reporter of Decisions, Supreme Court of Ohio, 65 South Front Street, Columbus, Ohio 43215, of any typographical or other formal errors in the opinion, in order that corrections may be made before the opinion is published. SLIP OPINION NO. 2024-OHIO-182 THE STATE EX REL. CINCINNATI ENQUIRER v. WILSON,1 DIR. [Until this opinion appears in the Ohio Official Reports advance sheets, it may be cited as State ex rel. Cincinnati Enquirer v. Wilson, Slip Opinion No. 2024-Ohio-182.] Mandamus—Public-records requests—Requested records are security records exempt from disclosure when public office presents evidence showing that information in requested records is directly used for protecting and maintaining public office’s safety—Security records exempt from disclosure are not public records and therefore are not subject to redacted release— Writ denied. (No. 2022-0425—Submitted June 27, 2023—Decided January 23, 2024.) IN MANDAMUS. ____________________ 1. The Enquirer filed its complaint against the former director of the Ohio Department of Public Safety, Thomas Stickrath. Under S.Ct.Prac.R. 4.06(B), Andy Wilson, the current director, is automatically substituted as a party to this action. SUPREME COURT OF OHIO Per Curiam. {¶ 1} Relator, the Cincinnati Enquirer, seeks a writ of mandamus compelling respondent, Andy Wilson, the director of the Ohio Department of Public Safety (the “department”), to produce records regarding the travel and expenses for Ohio State Highway Patrol troopers and staff attending the 2022 Super Bowl in Los Angeles, California, with Governor Mike DeWine. The Enquirer also seeks statutory damages, court costs, and attorney fees. {¶ 2} The department withheld the requested records on the basis that they are “security records” under R.C. 149.433(A)(1). We find that the requested records fall within the statutory exemption. Therefore, we deny the Enquirer’s request for a writ of mandamus and its requests for statutory damages, court costs, and attorney fees. I. FACTS AND PROCEDURAL BACKGROUND {¶ 3} On February 14, 2022, Laura Bischoff, a reporter for the Enquirer, sent the department and the governor’s office a public-records request under Ohio’s Public Records Act, R.C. 149.43, for “electronic copies of the travel and expenses for troopers and/or staff attending the 2022 Super Bowl in Los Angeles, CA with Gov. DeWine.” Specifically, Bischoff requested “overtime pay expenses, airline ticket expenses, meal and hotel expenses, [and] vehicle rental expenses for the trip.” {¶ 4} The department responded by letter dated March 11, denying the Enquirer’s request on the grounds that the records were not public records under R.C. 149.433(B)(1) because they were protected from disclosure as “security records” under R.C. 149.433(A)(1). According to the department, releasing “records containing information about the Governor’s security detail would reveal patterns, techniques, or information relevant to the size, scope, or nature of the security and protection provided to the Governor * * * [and] could be used to attack, interfere, or sabotage the Governor or his security detail.” 2 January Term, 2024 {¶ 5} The Enquirer sent a follow-up letter to the department on March 21, disagreeing with the department’s assertion that disclosure of the requested records would reveal information that was directly used for tactically protecting or maintaining the security of a public office. The department responded by email on March 31, averring that disclosure of the records could reveal details such as the number and qualifications of [Ohio State Highway Patrol] Troopers assigned to the Governor’s security detail for various types of assignments, the number of cars used during travel, and other details pertinent to protecting the Governor and his family. While this information may seem inconsequential to [the Enquirer], it nevertheless can be used to reveal patterns, techniques, or information directly related to the security of the Governor. {¶ 6} The Enquirer filed this action in this court on April 20, seeking a writ of mandamus ordering the department to produce the requested records. We granted the parties’ joint motion to issue an alternative writ and set a schedule for filing evidence and merit briefs. We also sua sponte ordered the department to file under seal for in camera inspection unredacted copies of all withheld records. 168 Ohio St.3d 1411, 2022-Ohio-3636, 196 N.E.3d 836. The department complied with the order, and the parties timely submitted evidence and merit briefs. II. ANALYSIS A. Mandamus and the Public Records Act {¶ 7} Ohio’s Public Records Act requires a public office to make public records available upon request, within a reasonable period of time. R.C. 149.43(B)(1). Mandamus is an appropriate remedy to compel compliance with R.C. 149.43. State ex rel. Physicians Commt. for Responsible Medicine v. Ohio State Univ. Bd. of Trustees, 108 Ohio St.3d 288, 2006-Ohio-903, 843 N.E.2d 174, 3 SUPREME COURT OF OHIO ¶ 6. To be entitled to the writ, the Enquirer must demonstrate, by clear and convincing evidence, that it has a clear legal right to the requested relief and that the department has a clear legal duty to provide that relief. State ex rel. Cincinnati Enquirer v. Sage, 142 Ohio St.3d 392, 2015-Ohio-974, 31 N.E.3d 616, ¶ 10. We construe the Public Records Act “liberally in favor of broad access, and any doubt is resolved in favor of disclosure of public records.” State ex rel. Cincinnati Enquirer v. Hamilton Cty., 75 Ohio St.3d 374, 376, 662 N.E.2d 334 (1996). B. The Department’s Claimed Exemption—Security Records Under R.C. 149.433(A)(1) {¶ 8} “If a record does not meet the definition of a public record or falls within one of the exceptions to the law, the records custodian has no obligation to disclose the record.” State ex rel. Plunderbund Media v. Born, 141 Ohio St.3d 422, 2014-Ohio-3679, 25 N.E.3d 988, ¶ 18, citing R.C. 149.43(B) (“all public records responsive to the request shall be promptly prepared”). The department claims that the records requested by the Enquirer are not subject to disclosure under the Public Records Act, because they are “security records” as defined by R.C. 149.433(A)(1). {¶ 9} R.C. 149.433(A)(1) defines “security record” as “[a]ny record that contains information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage.” And R.C. 149.433(B)(1) provides that “a record kept by a public office that is a security record is not a public record under section 149.43 of the Revised Code and is not subject to mandatory release or disclosure under that section.” {¶ 10} Exemptions to the disclosure requirement under the act are strictly construed against the records custodian, who has the burden to establish the applicability of any claimed exemptions. State ex rel. Cincinnati Enquirer v. Jones- Kelley, 118 Ohio St.3d 81, 2008-Ohio-1770, 886 N.E.2d 206, ¶ 10. “Unless it is otherwise obvious from the content of the record, the proponent invoking the security-record exemption under R.C. 149.433(A)(1) must provide evidence 4 January Term, 2024 establishing that the record clearly contains information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage.” Welsh-Huggins v. Jefferson Cty. Prosecutor’s Office, 163 Ohio St.3d 337, 2020-Ohio-5371, 170 N.E.3d 768, ¶ 51. Conclusory statements in an affidavit that are not supported by evidence are not sufficient to establish the exemption’s applicability. Id. at ¶ 30. 1. The department’s argument and evidence in support of the statutory exemption {¶ 11} The department does not contend that the nature of the records is readily apparent based on a review of their content alone. Nor is the applicability of the security-records exemption readily apparent from the content of the requested records. Therefore, the burden falls on the department to prove facts establishing that the requested records fall squarely within R.C. 149.433(A)(1). Welsh-Huggins at ¶ 35. a. The department’s reliance on Plunderbund is well taken {¶ 12} The department argues that under Plunderbund, 141 Ohio St.3d 422, 2014-Ohio-3679, 25 N.E.3d 988, the past use of information contained in a record is sufficient to trigger the security-records exemption when the evidence confirms that the agency will continue to make use of that information in the future. We agree. {¶ 13} The relator in Plunderbund sought records related to closed investigations that the Highway Patrol had conducted of threats against the governor. Id. at ¶ 3, 5. The department refused to produce the records—even in redacted form—because, it argued, the records contained information directly used for protecting and maintaining the security of the governor’s office and thus were “security records” under R.C. 149.433(A). Id. at ¶ 1, 4-5, 7, 18. {¶ 14} We held that the department’s evidence in Plunderbund—which consisted solely of affidavits from several law-enforcement personnel—was 5 SUPREME COURT OF OHIO sufficient to show that the requested records fell within the security-records exemption. Id. at ¶ 11, 23-28. Specifically, the department’s director attested that disclosing the requested records “ ‘potentially reveals security and safety violations, * * * would expose security limitations and vulnerabilities, and * * * increases the risks to the safety’ of the governor and others.” Id. at ¶ 24. Similarly, the Highway Patrol superintendent stated that release of the threat information could “ ‘reveal patterns, techniques or information’ related to security.” Id. at ¶ 25. A member of the governor’s security team averred that public disclosure of the threats “may require law enforcement to change its tactics, * * * may lead to copy- cat offenses, * * * [and] diminishes the effectiveness of law enforcement.” Id. at ¶ 27. And the executive director of Ohio Homeland Security averred that “ ‘[s]ecurity planning, response plans, and techniques’ used by the department ‘detail security limitations and vulnerabilities’ and are therefore ‘deemed security records.’ ” Id. at ¶ 26. This affiant further stated “that documents disclosing ‘the content, number or treatment of prior or current threats’ contain security information that ‘if disclosed (even piecemeal), could be used to commit terrorism, intimidation, or violence.’ ” Id. {¶ 15} Based on that evidence, we held that the records of closed-threat investigations were exempt from disclosure as security records because they contained information that revealed (1) security limitations and vulnerabilities that would increase the risks of harm to the governor if disclosed, and (2) security planning, techniques, patterns, and response plans that if disclosed would require law-enforcement personnel to change tactics and would diminish their ability to protect the governor. Id., 141 Ohio St.3d 422, 2014-Ohio-3679, 25 N.E.3d 988, at ¶ 24-28, 30; see also Welsh-Huggins, 163 Ohio St.3d 337, 2020-Ohio-5371, 170 N.E.3d 768, at ¶ 52 (noting that the testimony in Plunderbund showed that the requested records contained information directly used for tactically protecting or maintaining the security of a public office against attack, interference, or sabotage). 6 January Term, 2024 {¶ 16} We reaffirmed our holding in Plunderbund in State ex rel. Ohio Republican Party v. FitzGerald, 145 Ohio St.3d 92, 2015-Ohio-5056, 47 N.E.3d 124, ¶ 23-24. In that case, we considered whether records of keycard-swipe data documenting when FitzGerald—a county executive at the time of the records request—entered and exited county buildings and parking facilities were subject to disclosure under the Public Records Act. We held that at the time of the public- records request, the keycard-swipe-data records were exempt from disclosure as security records. Id. at ¶ 2, 24. As in Plunderbund, we credited sworn statements from law-enforcement personnel as evidence that it was critical to protect the keycard-swipe data from release because it revealed information regarding FitzGerald’s manner and pattern of travel, ingress and egress, and timing, that if disclosed would diminish the effectiveness of the security detail charged with protecting him. See id. at ¶ 23-24, 27. b. The department’s evidence supports application of the security-records exemption in this case {¶ 17} Similar to the respondents in Plunderbund and FitzGerald, the department in this case submitted evidence from law-enforcement personnel that the requested records “contain[] information directly used for protecting and maintaining the security of a public office against attack, interference, or sabotage.” R.C. 149.433(A)(1). Specifically, the department’s witnesses testified that release of the requested records would pose a substantial risk to the governor’s safety by revealing the security detail’s planning, techniques, and patterns, and by exposing security limitations and vulnerabilities. {¶ 18} Highway Patrol Captain Craig Cvetan, who had supervisory oversight of payroll records for the governor’s security detail and approved the expenses that are at issue in this case, attested that the travel receipts contain information identifying the (1) names of each member assigned to the security detail and the size of the security contingent, (2) names of the vendors providing 7 SUPREME COURT OF OHIO transportation and lodging, (3) mode or manner of travel, (4) dates and times of travel for each member of the detail, (5) sequencing or staging of travel, and (6) number of vehicles used by the security detail and the duration of their use. Cvetan also testified that the fuel receipts reveal the (1) dates and times of refueling, (2) pattern of refueling, and (3) specific locations of refueling and distance proximity. And the compensation and meal-expense-reimbursement records contain information identifying (1) each member of the security detail, (2) the total number of members comprising the detail, (3) the dates of each member’s specific engagement, and (4) the location of the assignment. {¶ 19} Highway Patrol Staff Lieutenant James Thompson, who spent eight years assigned to the governor’s security detail, testified that he had reviewed the records at issue and determined that they are “directly related to the movements and operations of [the governor’s] security team.” According to Thompson, the records identify the number of plain-clothes troopers assigned to the security detail for the trip, the mode and manner of transportation of the detail, whether the detail sent an advance team to Los Angeles before Governor DeWine arrived, and the lodging of the security team in relation to the governor. Thompson also averred that disclosure of the fuel receipts would tend to establish a pattern on the location, duration, and times for refueling while the governor is traveling. And Thompson maintained that disclosure of this information would “create[] substantial risk” to the governor’s safety by providing “ ‘another piece of the puzzle’ ” for an attacker to strike at perceived weaknesses in the security detail. {¶ 20} In addition, Thompson testified that there are certain protocols that the security detail implements when the governor travels, such as (1) how many members of the security detail are needed, (2) the physical proximity of the detail to the governor, (3) whether an advance team is used, and (4) the number of vehicles used to provide protection. Thompson attested that “when planning for future trips with the Governor, including out-of-state travel, [s]ecurity [i]nformation from prior 8 January Term, 2024 trips will inform how the Governor’s security personnel allocate resources and personnel” for the governor’s safety and “may also inform whether, and in what manner, the Governor’s security personnel may modify its protocols for a particular trip or in response to a particular risk.” According to Thompson, although the department develops a unique plan every time the governor travels, many of the elements that were incorporated into the security plan for the Super Bowl trip, such as how the advance team is dispatched, would also be incorporated into future security plans. Thompson further attested that “[e]ven where travel is made to disparate locales, there is frequently regularity or a pattern to the security staffing, approach, and means given the limited size of the security detail and preferred vendors.” {¶ 21} The department also points to evidence from Kurt Douglass, whose 42-year law-enforcement career included service with the United States Secret Service and Indiana State Police. According to Douglass’s affidavit, adversaries planning to attack a government official necessarily focus on the defensive security measures deployed by a security detail, such as the number of law-enforcement agents assigned to the detail, how the detail travels, the number of vehicles required, the agents’ physical proximity to the official, the route followed, and the preferred places of lodging. Douglass explained that this type of information is considered “law enforcement sensitive” because it can be used to plan an attack. {¶ 22} Douglass also testified that governors are considered “soft” targets because they generally do not have large security contingents for protection—in contrast to the president, who is considered a “hard” target because he is protected by multiple layers of Secret Service agents. Douglass attested that disclosing security-detail costs for travel, lodging, and refueling poses a much greater risk to a soft target by “provid[ing] a would-be aggressor, both sophisticated and unsophisticated, insight of the size and magnitude of the security coverage, thus creating vulnerability for future trips.” Douglass averred that “[t]he risk that an 9 SUPREME COURT OF OHIO aggressor can, from reviewing data, identify trends and patterns of a particular security detail is more likely to occur where small protective units are operational, such as in the case of a * * * governor.” In Douglass’s opinion, it is more important to protect the financial information associated with the security staff assigned to a soft target than a hard target. {¶ 23} Douglass also echoed Thompson’s assessment that security information from prior trips does not become less sensitive once a trip is completed. Douglass stated that “[e]ven when a particular trip is completed, disclosure of [s]ecurity [i]nformation from a past trip would increase the security risk to the Governor. Security [i]nformation from previous travel is precisely the material that a potential aggressor would review in attempting to discern patterns followed by the Governor’s security detail, and exploit any perceived vulnerabilities.” {¶ 24} The above evidence supports the department’s claim that the requested records contain information about the movements and operations of the security detail that the department directly used for protecting and maintaining the safety of the governor’s office against attack, interference, or sabotage. As was the case in Plunderbund, 141 Ohio St.3d 422, 2014-Ohio-3679, 25 N.E.3d 988, and FitzGerald, 145 Ohio St.3d 92, 2015-Ohio-5056, 47 N.E.3d 124, the evidence here shows that disclosure of these defensive security measures would reveal vulnerabilities in the assigned security detail and would pose increased risk to the safety of the public office. And the evidence also reflects that the department will rely on information contained in the security detail records for the Super Bowl trip in formulating future security plans for the governor’s office. Accordingly, we hold that the department met its burden to show that the requested records are exempt from public disclosure as security records under R.C. 149.433(A)(1). 10 January Term, 2024 2. The Enquirer’s arguments supporting disclosure lack merit {¶ 25} The Enquirer makes three arguments to support its position that the department is required to disclose the requested records under the Public Records Act. None have merit. a. The Enquirer’s reliance on Welsh-Huggins is misplaced {¶ 26} The Enquirer first contends that under Welsh-Huggins, 163 Ohio St.3d 337, 2020-Ohio-5371, 170 N.E.3d 768, the travel and expense records at issue here are not security records. In Welsh-Huggins, we considered whether a county prosecutor had properly denied a public-records request for video footage from a courthouse-security camera that had captured the shooting of a local judge. After first rejecting the prosecutor’s argument that it was readily apparent that the video was a security record just by viewing it, we turned to whether the prosecutor’s evidence was sufficient to show that the security-records exemption applied. {¶ 27} We explained that under existing precedent, “it is not enough to say that a record is probably within a statutorily prescribed exemption: the public office or records custodian must show ‘that the requested record falls squarely within the exemption.’ ” (Emphasis sic.) Id. at ¶ 63, quoting Jones-Kelley, 118 Ohio St.3d 81, 2008-Ohio-1770, 886 N.E.2d 206, at paragraph two of the syllabus. We then held that the prosecutor had failed to prove that the requested video was a security record under R.C. 149.433(A)(1), because her evidence did not explain how the video—or the information contained within it—was directly used for protecting or maintaining the security of the public office against attack, interference, or sabotage. Welsh-Huggins at ¶ 55-65. We determined that absent a showing how the video footage was directly used to protect or maintain the security of a public office, the concerns expressed by the prosecutor—that release of the video would disclose courthouse-security plans and capabilities and would reveal potential weaknesses in security that could be used to plan a future attack—were insufficient to trigger the security-records exemption. Id. at ¶ 65; see also id. at ¶ 57. “Under 11 SUPREME COURT OF OHIO R.C. 149.433(A)(1), a record’s status as a security record is determined by the public office’s actual use of the information. It is not determined by a public requester’s potential use or misuse of the information.” Id. at ¶ 69. {¶ 28} Against this backdrop, the Enquirer claims that the department failed to show how the records requested by Bischoff fall squarely within the security- records exemption as required by Welsh-Huggins. According to the Enquirer, the department’s evidence shows that its sole basis for withholding the requested records is its concern that someone could misuse the records, rather than any showing how the department actually uses or will use the information for protecting or maintaining the security of the governor against attack, interference, or sabotage. {¶ 29} Contrary to the Enquirer’s assertion, the department has shown that it directly uses information contained in the requested records for protecting or maintaining the security of the governor. Upon in camera review, the requested records reveal that the travel and overtime-expense records contain (1) the identity of each member of the security detail, (2) dates, times, and sequences of travel of the security detail, (3) the name of the airline and names and number of troopers on each flight, (4) the name of the rental-car agency, and the number, model, and license plates of rental cars used by the security detail, (5) the place of lodging, number of guests, and dates of lodging, and (6) locations, dates, and times of refueling. As discussed above, Thompson, the department’s witness, testified that this information is “directly related to the movements and operations of [the governor’s] security team.” And as discussed, these records are exempt from disclosure as security records because the evidence shows that the department uses information in the records to plan for the governor’s security on a day-to-day and event-to-event basis. That is, the records contain information “directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage,” and, therefore, are “security records” under R.C. 149.433(A)(1). 12 January Term, 2024 {¶ 30} The Enquirer offers little more than a blanket assertion that the department’s evidence is defective. First, the Enquirer points to testimony from Thompson that he had no knowledge of whether the security detail was using the security information from the Super Bowl trip for ongoing training. Based on this single excerpt from Thompson’s deposition testimony, the Enquirer contends that he “offer[ed] no evidence that the [department] is using the requested records in any way.” Thompson’s lack of knowledge of any ongoing training sessions, however, does not prove that he offered “no evidence” to show that the security- records exemption applies. In fact, Thompson attested that in planning for future trips with the governor, some of the same security protocols that were incorporated into past security plans—including the Super Bowl trip—will inform how the security detail allocates resources and personnel for the governor’s safety and may also be used to determine whether security protocols need to be modified for a particular trip or in response to a particular risk. {¶ 31} The Enquirer also challenges the affidavit of Douglass on the basis that he had no personal knowledge regarding whether or how the department used the requested records. But Douglass did not attest to his personal knowledge regarding how the department used the requested records in providing security for the governor. Rather, his affidavit was based on his firsthand experiences of providing security for two presidents and other government officials and dignitaries while serving with the Secret Service and on a security detail for the governor of Indiana. In short, Douglass testified as a subject-matter expert. And since the Enquirer does not otherwise challenge Douglass’s qualifications or the relevance of his testimony, we reject this argument. b. The Enquirer did not prove that the requested records are no longer exempt {¶ 32} Second, the Enquirer argues that the records are no longer exempt from disclosure under FitzGerald, 145 Ohio St.3d 92, 2015-Ohio-5056, 47 N.E.3d 13 SUPREME COURT OF OHIO 124, and State ex rel. Rogers v. Dept. of Rehab. & Corr., 155 Ohio St.3d 545, 2018- Ohio-5111, 122 N.E.3d 1208. Neither case is helpful to the Enquirer’s position. {¶ 33} As discussed above, we determined in FitzGerald that when the keycard-swipe data were first requested, R.C. 149.433(A) exempted the requested records from disclosure as security records. Id. at ¶ 24. But by the time we rendered our decision, the county had moved its administrative offices to a new building, it had demolished the old building where the keycard system was installed, FitzGerald was no longer the county executive, and the county had released the requested records to the media. Id. at ¶ 3. Based on these changed circumstances, we held that the keycard-swipe data were no longer security records. Id. at ¶ 27-30. {¶ 34} In Rogers, we ordered the release of security-camera footage, finding that the Department of Rehabilitation and Correction had failed to provide evidence showing that the 2015 video recording was being used in a current investigation regarding the incident depicted in it or that the video disclosed any current security-response plans or protocols. Id. at ¶ 21. We explained that even if the requested record had been properly withheld as a security record when requested, “ ‘R.C. 149.433(A)(1) does not establish the exception in perpetuity.’ ” Id., at ¶ 20, quoting Gannett GP Media, Inc. v. Ohio Dept. of Pub. Safety, Ct. of Cl. No. 2017-00051-PQ, 2017-Ohio-4247, ¶ 32. Instead, in resolving a public-records request, this court must “ ‘consider the facts and circumstances existing at the time that [we make our] determination on a writ of mandamus, not at some earlier time.’ ” (Brackets sic.) Id., quoting State ex rel. Quolke v. Strongsville City School Dist. Bd. of Edn., 142 Ohio St.3d 509, 2015-Ohio-1083, 33 N.E.3d 30, ¶ 29. {¶ 35} The Enquirer maintains that the security detail’s deployment for the Super Bowl trip was completed at the time of Bischoff’s records request and that the requested records related to a one-time, unique assignment and are no longer directly used for security. Therefore, according to the Enquirer, the statutory 14 January Term, 2024 exemption no longer applies under the authority of FitzGerald, 145 Ohio St.3d 92, 2015-Ohio-5056, 47 N.E.3d 124, and Rogers, 155 Ohio St.3d 545, 2018-Ohio- 5111, 122 N.E.3d 1208. We disagree. {¶ 36} Thompson, the Highway Patrol staff lieutenant, testified that the security detail develops a “different[,] unique” security plan for each trip the governor takes. He also confirmed that the security protocols implemented for the trip to the Super Bowl “would be different from the protocols that [the security detail would] engage for [the governor’s] trip from the governor’s mansion to the State Capitol every day.” And Thompson explained that the protocols would vary “based on [the] specific differentiation in travel and location” of the trip and that the size of the security detail is affected by whether the governor travels alone or with his family. According to the Enquirer, the point that Thompson established is that no two travel events are the same and that each involves individual planning and execution. As a result, the Enquirer asserts, it is inaccurate to claim that information about a completed detail would provide valuable information to a would-be wrongdoer or information that will be used directly for security for future trips. {¶ 37} The Enquirer selectively quotes Thompson’s deposition testimony, while ignoring other evidence from Thompson averring that even though the department develops a unique plan every time the governor travels, in planning for future trips the security detail will incorporate some of the same security protocols that were incorporated into the Super Bowl trip and will also use this information to determine how the security detail allocates resources and personnel for the governor’s safety and whether security protocols need to be modified for a particular trip or in response to a particular risk. In short, the department has proved that the security records at issue are still being used. 15 SUPREME COURT OF OHIO c. The department did not violate the Public Records Act by failing to produce redacted records {¶ 38} Lastly, the Enquirer argues that even if the records are exempt from disclosure, the department violated the Public Records Act by failing to produce redacted versions of the requested records. The Enquirer cites R.C. 149.43(B)(1), which states: If a public record contains information that is exempt from the duty to permit public inspection or to copy the public record, the public office or the person responsible for the public record shall make available all of the information within the public record that is not exempt. {¶ 39} But under R.C. 149.433(B)(1), “a record kept by a public office that is a security record is not a public record under section 149.43 of the Revised Code and is not subject to mandatory release or disclosure under that section.” Thus, if the requested records fall under the security-records exemption in R.C. 149.433(A)(1), they are not public records, and the public office would not be required to release or disclose redacted versions pursuant to R.C. 149.433(B)(1). {¶ 40} We considered exactly the same issue in Plunderbund, 141 Ohio St.3d 422, 2014-Ohio-3679, 25 N.E.3d 988, in which we upheld the department’s refusal to release records of threats against the governor—even redacted records— on the ground that they were security records under R.C. 149.433(A) and hence were not public records under R.C. 149.433(B). Plunderbund, at ¶ 1, 30. Accordingly, we conclude that the department did not violate the Public Records Act by refusing to release redacted versions of the requested records to the Enquirer in this case. 16 January Term, 2024 C. The Enquirer’s Requests for Statutory Damages, Court Costs, and Attorney Fees {¶ 41} The Enquirer also requests awards of statutory damages, court costs, and attorney fees. Because we hold that the department has not failed to comply with an obligation under R.C. 149.43(B), we deny the Enquirer’s requests. See R.C. 149.43(C)(2), 149.43(C)(3)(a)(i), and 149.43(C)(3)(b). III. CONCLUSION {¶ 42} We deny the writ of mandamus. We also deny the Enquirer’s requests for statutory damages, court costs, and attorney fees. Writ denied. FISCHER, LUPER SCHUSTER, and DETERS, JJ., concur. KENNEDY, C.J., concurs, with an opinion. DONNELLY, J., dissents, with an opinion joined by STEWART and BRUNNER, JJ. BETSY LUPER SCHUSTER, J., of the Tenth District Court of Appeals, sitting for DEWINE, J. _________________ KENNEDY, C.J., concurring. {¶ 43} I concur in the majority’s judgment denying relator Cincinnati Enquirer’s request for a writ of mandamus seeking records related to Governor Mike DeWine’s trip to the 2022 Super Bowl in Los Angeles, California, from respondent, Andy Wilson, the director of the Ohio Department of Public Safety. I also concur in the majority’s reasoning in reaching that judgment and in its denial of the Enquirer’s requests for statutory damages, court costs, and attorney fees. I write separately to highlight the evidentiary distinction between this case and Welsh-Huggins v. Jefferson Cty. Prosecutor’s Office, 163 Ohio St.3d 337, 2020- Ohio-5371, 170 N.E.3d 768. Unlike the respondent in Welsh-Huggins, the 17 SUPREME COURT OF OHIO department presented evidence establishing that the requested records contain information that qualifies them as security records exempt from disclosure. Security Records {¶ 44} Ohio’s Public Records Act, R.C. 149.43, guarantees the public access to records kept by governmental entities in Ohio. Such access promotes the policy “that open government serves the public interest and our democratic system.” State ex rel. Dann v. Taft, 109 Ohio St.3d 364, 2006-Ohio-1825, 848 N.E.2d 472, ¶ 20. But not all records in the government’s possession are subject to release. For example, a record may be exempt from release if it qualifies as a “security record”—that is, if the record “contains information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage.” R.C. 149.433(A)(1). Welsh-Huggins v. Jefferson Cty. Prosecutor’s Office {¶ 45} In Welsh-Huggins, this court determined that a courthouse’s surveillance video capturing the shooting of a judge was not a “security record” that qualified for the exemption from the disclosure requirement. Welsh-Huggins at ¶ 1. The majority explained that when a public office or a person responsible for public records seeks to prevent the disclosure of a record based on a statutory exemption, the public office or records custodian has the burden “to plead and prove facts clearly establishing the applicability of the exemption.” Id. at ¶ 27. The majority further clarified that “[c]onclusory statements in an affidavit that are not supported by evidence are not sufficient evidence to establish the exemption’s applicability,” id. at ¶ 30, and concluded that “a record’s status as a security record is determined by the public office’s actual use of the information,” id. at ¶ 69. So, it follows that “[a] record is not a security record if it does not contain information directly used to protect and maintain the security of the public office.” (Emphasis sic.) Id. at ¶ 82 (Kennedy, J., concurring in judgment only). 18 January Term, 2024 {¶ 46} The prosecutor in Welsh-Huggins relied on three affidavits offered as evidence in support of the assertion that the requested copy of the surveillance video fit squarely within the security-records exemption. Id., 163 Ohio St.3d 337, 2020-Ohio-5371, 170 N.E.3d 768, at ¶ 55, 59-60. But there was an initial issue— the affidavits were fatally defective. Id. at ¶ 83 (Kennedy, J., concurring in judgment only). The affidavits were “made to the best of [the prosecutor’s] knowledge, information, and belief,” but this assertion did not satisfy the personal- knowledge standard under Evid.R. 602. Id. at ¶ 83. (Kennedy, J., concurring in judgment only), citing State ex rel. Esarco v. Youngstown City Council, 116 Ohio St.3d 131, 2007-Ohio-5699, 876 N.E.2d 953, ¶ 15-16. Therefore, the prosecutor did not proffer any evidence to show how the video was directly “used to protect or secure any public office from attack, interference, or sabotage.” Id. (Kennedy, J., concurring in judgment only). {¶ 47} But even when considering the affidavits as evidence of the security- records exemption’s application, the majority found that the prosecutor still had not met the burden of production so as to justify exempting the requested copy of the surveillance video from the disclosure requirement. Id. at ¶ 55, 67. The prosecutor’s first purported affidavit asserted in a “conclusory fashion that the video was directly used for protecting or maintaining the security of a public office” and “did not explain how the video was used for protecting or maintaining the security of a public office.” (Emphasis sic.) Id. at ¶ 55. The second purported affidavit similarly “failed to explain how the video qualified for the [security- record] exemption.” (Emphasis sic.) Id. at ¶ 59. And the third purported affidavit revealed only technical information about the video and a concern that “disclosure of the video would reveal perceived vulnerabilities” of the public office. Id. at ¶ 60. The majority held, therefore, that there was no basis for determining that the requested surveillance video contained information that fit squarely within the security-records exemption. Id. at ¶ 69. 19 SUPREME COURT OF OHIO The Evidence in this Case {¶ 48} The evidence presented by the department in this case stands in stark contrast to the evidence presented in Welsh-Huggins. For starters, the department presented multiple valid affidavits based on personal knowledge to support the applicability of the security-records exemption. The relevant affidavits included sworn testimony from Highway Patrol Captain Craig Cvetan, Highway Patrol Staff Lieutenant James Thompson, and Kurt Douglass, who averred that he had served for 42 years in law enforcement with both the United States Secret Service and the Indiana State Police. {¶ 49} The affidavits submitted by the department do not merely state in “conclusory fashion,” id., 163 Ohio St.3d 337, 2020-Ohio-5371, 170 N.E.3d 768, at ¶ 55, that the requested records were directly used in protecting the governor. Rather, they explain that the requested records contain information identifying the names and number of members of the governor’s security personnel; dates, times, and sequencing of the governor’s travel; and patterns related to the governor’s security detail. Lieutenant Thompson specifically explained in his affidavit that this information will be used “when planning future trips with the Governor” and “will inform how the Governor’s security personnel allocate resources and personnel” for the governor’s safety. Lieutenant Thompson’s affidavit confirmed that “many of the elements that were incorporated into the security plan for the Super Bowl trip, such as how the advance team is dispatched, would also be incorporated into future security plans.” Majority opinion, ¶ 20. Therefore, the requested records “are exempt from disclosure as security records because the evidence shows that the department uses information in the records to plan for the governor’s security on a day-to-day and event-to-event basis.” Id. at ¶ 29. Conclusion {¶ 50} The department has met its burden of production by presenting evidence that clearly establishes the applicability of the security-records exemption 20 January Term, 2024 by showing that the requested records “contain[] information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage,” R.C. 149.433(A)(1). Accordingly, the majority correctly rejects the Cincinnati Enquirer’s request for a writ of mandamus compelling the disclosure of the requested documents and correctly denies the Enquirer’s requests for statutory damages, court costs, and attorney fees. {¶ 51} Therefore, I concur. _________________ DONNELLY, J., dissenting. {¶ 52} As the majority opinion states, relator, the Cincinnati Enquirer, sought disclosure under Ohio’s Public Records Act, R.C. 149.43, of “electronic copies of the travel and expenses for troopers and/or staff attending the 2022 Super Bowl in Los Angeles, CA with Gov. DeWine.” Majority opinion, ¶ 3. There is no question that the records sought are initially presumed to be public records—they are records kept by a public office. R.C. 149.43(A)(1). The question is whether an exception to the disclosure requirement applies. {¶ 53} The Ohio Department of Public Safety and its director—respondent, Andy Wilson—denied the Enquirer’s public-records request, concluding that the request was for security records, which are statutorily defined as “not a public record,” R.C. 149.433(B)(1). Today, after an in camera review, a majority of this court agrees with the department, concluding that the records sought are not public records. Despite noting that “[e]xemptions to the disclosure requirement under the act are strictly construed against the records custodian,” majority opinion at ¶ 10, citing State ex rel. Cincinnati Enquirer v. Jones-Kelley, 118 Ohio St.3d 81, 2008- Ohio-1770, 886 N.E.2d 206, ¶ 10, nothing in the majority opinion suggests that the members of the majority have adhered to that standard. {¶ 54} “Security record” means any of the following: 21 SUPREME COURT OF OHIO (1) Any record that contains information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage; (2) Any record assembled, prepared, or maintained by a public office or public body to prevent, mitigate, or respond to acts of terrorism, including any of the following: (a) Those portions of records containing specific and unique vulnerability assessments or specific and unique response plans either of which is intended to prevent or mitigate acts of terrorism, and communication codes or deployment plans of law enforcement or emergency response personnel; (b) Specific intelligence information and specific investigative records shared by federal and international law enforcement agencies with state and local law enforcement and public safety agencies; (c) National security records classified under federal executive order and not subject to public disclosure under federal law that are shared by federal agencies, and other records related to national security briefings to assist state and local government with domestic preparedness for acts of terrorism. (3) An emergency management plan adopted pursuant to section 5502.262 of the Revised Code. R.C. 149.433(A). {¶ 55} The records sought in this case do not fit clearly and squarely into any of those categories, as they must in order to be exempt from disclosure. See State ex rel. Miller v. Ohio State Hwy. Patrol, 136 Ohio St.3d 350, 2013-Ohio- 3720, 995 N.E.2d 1175, ¶ 23. The only provision in R.C. 149.433(A) that might at 22 January Term, 2024 first glance seem potentially applicable here is the first one, which states that documents that “contai[n] information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage” are security records, R.C. 149.433(A)(1). But information in payroll ledgers, per diem lists, and receipts related to gas-station, hotel, rental-car, and airline expenditures is not “directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage.” On its face, it is obvious that the security-records exception does not apply—let alone after construing the Enquirer’s request liberally in favor of broad access. See State ex rel. Cincinnati Enquirer v. Ohio Dept. of Pub. Safety, 148 Ohio St.3d 433, 2016-Ohio-7987, 71 N.E.3d 258, ¶ 28 (“We construe R.C. 149.43 liberally in favor of broad access and resolve any doubt in favor of disclosure”); see also Jones-Kelly, at paragraph two of the syllabus. {¶ 56} Although a bad actor could misuse these ledgers, lists, and receipts to glean information about the governor’s security detail that might be of some use in planning a future attack, we have previously rejected a similar argument against disclosure. In Welsh-Huggins v. Jefferson Cty. Prosecutor’s Office, 163 Ohio St.3d 337, 2020-Ohio-5371, 170 N.E.3d 768, ¶ 69, we stated that “a record’s status as a security record is determined by a public office’s actual use of the information. It is not determined by a public requester’s potential use or misuse of the information.” Here, the department uses the requested records as evidence of expenditures, not to protect or maintain security. It is more than a stretch to argue that the department has directly used a receipt for the purchase of gasoline to protect or maintain security. {¶ 57} In this case, there is no evidence—or reason to believe—that the department uses its expense records for anything related to protecting or maintaining security; there is evidence only that such records could be misused by someone else. Although there was testimony suggesting that information about past security procedures could be used in planning and training for future events, 23 SUPREME COURT OF OHIO there was no suggestion that the information in these records (basically, a collection of receipts) will be used for security training—and it is pretty hard to imagine how they could be used in that way. {¶ 58} It is obvious that all disclosures of public records come with some security concerns. As an extreme example, there is no doubt that any governor would be much safer if no one knew his or her name, what she or he looks like, or where he or she lives and works. But the incremental concern at issue here is not, to my mind, sufficient justification for shrouding government spending in secrecy. The best guarantee of good government is transparency, which is why the General Assembly has decreed that doubts regarding the release of public records are to be decided in favor of disclosure. {¶ 59} The security interests ostensibly at stake in this case are de minimus in general, let alone when weighed against the people’s right to know how much public money was spent while the governor was in California to watch the Super Bowl. I would conclude that the requested records—copies of expenditures for meals, travel, lodging, and overtime pay—are not security records and, therefore, that they should not be exempt from disclosure. I would issue a writ ordering production of the requested records subject to any proper redactions necessary for security reasons. {¶ 60} Accordingly, I dissent. STEWART and BRUNNER, JJ., concur in the foregoing opinion. _________________ Graydon Head & Ritchey, L.L.P., John C. Greiner, Darren W. Ford, and Kellie A. Kulka, for relator. Zeiger, Tigges & Little, L.L.P., Marion H. Little Jr., and John W. Zeiger, Special Counsel to Attorney General Dave Yost, for respondent. _________________ 24