
    [882 NYS2d 862]
    In the Matter of Hearst Corporation et al., Petitioners, v State of New York et al., Respondents.
    Supreme Court, Albany County,
    April 16, 2009
    
      APPEARANCES OF COUNSEL
    
      Jonathan R. Donnellan, General Counsel, New York City (Ravi V Sitwala of counsel), for Hearst Corporation, petitioner. Andrew M. Cuomo, Attorney General, Albany (Michael McCartin of counsel), for respondents. William R Seamon, Albany {Renee L. Delgado of counsel), for Public Employees Federation, amicus curiae.
   OPINION OF THE COURT

Richard M. Platkin, J.

Petitioners the Hearst Corporation and J. Robert Port bring this proceeding pursuant to CPLR article 78, challenging the State Comptroller’s denial of a Freedom of Information Law (FOIL) request for certain records pertaining to the New York State public employee payroll. Respondents, the State Comptroller, the Office of the State Comptroller (OSC) and the State of New York, oppose the petition through an answer. Petitioners also move for an order striking a supplemental affidavit filed by respondents or, in the alternative, granting them leave to respond. Finally, the New York State Public Employees Federation AFL-CIO (PEF) moves for permission to appear as amicus curiae in this proceeding.

Background

Petitioner the Hearst Corporation is the publisher of the Albany Times Union, a daily newspaper covering Albany and the greater Capital Region. Petitioner J. Robert Port is an investigative journalist employed by the Times Union.

In connection with his reporting duties, Mr. Port filed a FOIL request on January 21, 2008 with the Office of the State Comptroller seeking the following information regarding the New York State public employee payroll:

“I hereby request an electronic copy of the following NY State payroll tables: Addl Pay, Compensation, Department, Job, Job Approvals, Job Code, Location, NY Time Detail, Pay Earnings, Pay Other Earnings, Paycheck, Personal Data, Position, and Retirement. Please include related metadata, record layouts, and documentation.
“I am seeking these records in a data file or grouping of related data files, in any commonly-used digital database of spreadsheet format or as ASCII text delimited files.”

Following informal telephone and e-mail communications between the parties, the Records Access Officer for OSC, Shelly Brown, partially denied petitioners’ FOIL request by letter dated March 19, 2008. OSC provided petitioners with the names, public office addresses, titles and salaries for all state employees, but refused to disclose the other requested information. The denial primarily was based on the Records Access Officer’s assertion that OSC would be required to engage in substantial computer reprogramming to respond to petitioners’ request:

“[Although the information you have requested is contained within [OSC’s] PayServ database, such information cannot be retrieved without extensive and time-consuming data extraction, record creation, and/or computer reprogramming by our staff. Moreover, for these records, it is not possible to link the information in one record to the appropriate data in another record without including the employees’ Social Security Numbers.”

In addition, the denial letter maintained that the release of the birth dates of state employees would constitute an unwarranted invasion of personal privacy and could facilitate identity theft. Finally, the portion of petitioners’ FOIL request seeking the metadata, record layouts and documentation was denied on the basis of two additional FOIL exemptions: (1) the information sought by petitioners constitutes trade secrets or proprietary material, the release of which would injure a company’s competitive position in the marketplace; and (2) the release of such information could compromise OSC’s ability to protect the security of its information technology assets.

On April 17, 2008, petitioners filed an administrative appeal of the agency’s FOIL denial. In their appeal letter, petitioners described several alternative methods by which the requested data could be produced in usable form without the disclosure of Social Security numbers. Petitioners also objected to the other grounds for denial asserted by OSC.

By letter dated May 7, 2008, the agency’s FOIL Appeals Officer, Albert W. Brooks, affirmed the denial of access to the requested records for substantially the same reasons put forward by the Records Access Officer. Further, in his letter, Mr. Brooks offered a detailed explanation as to why petitioners’ various options for addressing the Social Security number issue did not overcome the agency’s objections.

Petitioners then commenced this proceeding pursuant to CPLR article 78. On February 23, 2009, this matter was reassigned to the undersigned. Oral argument was held on April 3, 2009. This decision, order and judgment follows.

Discussion

A. Creation of New Records

1. Applicable Legal Standard

Pursuant to FOIL, all “records” of a government agency are presumptively available to the public unless the requested records fall within one of the exemptions set forth in the FOIL statute (Public Officers Law § 87 [2]; Matter of Encore Coll. Bookstores v Auxiliary Serv. Corp. of State Univ. of N.Y. at Farmingdale, 87 NY2d 410, 417 [1995]). At the same time, nothing in FOIL “shall be construed to require any entity to prepare any record not possessed or maintained by such entity except the records specified in subdivision three of section eighty-seven” (Public Officers Law § 89 [3] [a]).

In its recent decision in Matter of Data Tree, LLC v Romaine (9 NY3d 454 [2007]), the Court of Appeals addressed the obligation of a government agency to provide the public with access to information that its possesses in electronic form. In Data Tree, a commercial enterprise requested that the Suffolk County Clerk provide it with certain real property records in electronic form. The Clerk denied the request, contending, among other things, that “the FOIL request would require rewriting and reformatting of the data, which the Clerk’s Office is not required to do” (id. at 460).

In addressing this contention, the Court of Appeals explained that “FOIL does not differentiate between records stored in paper form or those stored in electronic format” and that “[disclosure of records is not always necessarily made by the printing out of information on paper, but may require duplicating data to another storage medium, such as a compact disc” (id. at 464). The Court went on to hold as follows:

“[I]f the records are maintained electronically by an agency and are retrievable with reasonable effort, that agency is required to disclose the information. In such a situation, the agency is merely retrieving the electronic data that it has already compiled and copying it onto another electronic medium. On the other hand, if the agency does not maintain the records in a transferable electronic format, then the agency should not be required to create a new document to make its records transferable. A simple manipulation of the computer necessary to transfer existing records should not, if it does not involve significant time or expense, be treated as creation of a new document.” {Id. at 464-465.)

In support of its claim of exemption, the Clerk’s Office relied upon the affidavit of its information technology director, who averred that a new computer program would have to be written to permit the requested information to be extracted and produced in electronic form {id. at 465). In response, Data Tree’s own software engineer averred that the requested records could be produced without any computer programming {id.). Data Tree also noted that its FOIL request merely asked that the records be produced in an “electronic format regularly maintained by the County” {id. at 465-466). Under these circumstances, the Court of Appeals found that “questions of fact exist as to whether disclosure may be accomplished by merely retrieving information already maintained electronically by the Clerk’s Office or whether complying with Data Tree’s request would require creating a new record” {id. at 466).

Following the Data Tree decision, the State Legislature amended FOIL in relation to, inter alia, electronic records {see L 2008, ch 223, § 6). As a result, Public Officers Law § 89 (3) was amended to include the following language applicable to requests for data stored in electronic form:

“An agency shall not deny a request on the basis that the request is voluminous or that locating or reviewing the requested records or providing the requested copies is burdensome because the agency lacks sufficient staffing or on any other basis if the agency may engage an outside professional service to provide copying, programming or other services required to provide the copy, the costs of which the agency may recover pursuant to paragraph (c) of subdivision one of section eighty-seven of this article. . . . When an agency has the ability to retrieve or extract a record or data maintained in a computer storage system with reasonable effort, it shall be required to do so. When doing so requires less employee time than engaging in manual retrieval or redactions from non-electronic records, the agency shall be required to retrieve or extract such record or data electronically. Any programming necessary to retrieve a record maintained in a computer storage system and to transfer that record to the medium requested by a person or to allow the transferred record to be read or printed shall not be deemed to be the preparation or creation of a new record.”

Chapter 223 was signed into law by the Governor on July 7, 2008 and took “effect on the thirtieth day after it shall have become a law” (L 2008, ch 223, § 8).

As a threshold matter, the court concludes that the 2008 amendments to Public Officers Law § 89 (3) are not applicable to this application. The agency’s denial of petitioners’ FOIL request became final on May 7, 2008, the date on which the FOIL Appeals Officer denied access to the requested records. The new legislation took effect, at the very latest, on August 6, 2008, 30 days after chapter 223 became law. Thus, the new law was not in effect when OSC rendered the challenged administrative determination.

Further, there is nothing in the text of chapter 223 that evinces an intent on the part of the Legislature to have the new FOIL provisions apply retroactively to final agency determinations rendered prior to its effective date (see Matter of New York State Rifle & Pistol Assn., Inc. v Kelly, 55 AD3d 222, 223 n [1st Dept 2008] [“This requirement was not in effect when petitioner made the request at issue here”]). Indeed, when the State Legislature has intended to make amendments to FOIL applicable to cases pending before the courts, it has said so expressly (see e.g. Matter of New York Veteran Police Assn. v New York City Police Dept. Art. I Pension Fund, 61 NY2d 659 [1983]). Moreover, since the new legislation was not the basis for the determinations challenged in this CPLR article 78 proceeding, application of chapter 223 to the facts of this case would inappropriately require the court to consider issues and arguments that were not raised before the administrative agency in the first instance (see Matter of Molloy v New York City Police Dept., 50 AD3d 98 [1st Dept 2008]).

Thus, this application is controlled by the standard set forth in the Data Tree decision. Insofar as petitioners wish to avail themselves of whatever benefits the 2008 legislation may provide, their remedy is to make a new FOIL request.

2. The Parties’ Factual Contentions

The issue then becomes whether respondents have demonstrated that the records sought by petitioners are not “retrievable with reasonable effort” from OSC’s database management system (see Data Tree, 9 NY3d at 464). Put another way, the court must determine whether respondents have established that access to the requested records cannot be provided through a “simple manipulation of the computer” that “does not involve significant time or expense” (id. at 465).

In seeking to meet this burden, OSC relies upon an affidavit from MaryAnne Barry, the Director of its Bureau of Information Technology Services. As an initial matter, Ms. Barry contends that petitioners are seeking more than just the data contained in the 14 payroll tables that are the subject of their FOIL request; rather, she contends that petitioners seek direct access to the database management system used by OSC to maintain payroll records or its functional equivalent — i.e., “an electronic information system comprising a sub-set of the State Payroll System, with the accompanying documentation about the format of that sub-set of the State Payroll System” (Barry aff ¶ 8).

According to Ms. Barry, this conclusion follows from language of petitioners’ FOIL request, which seeks electronic copies of 14 specified database tables and the “related meta-data, record layouts, and documentation” (id. ¶ 9). Further, she notes that in follow-up correspondence with OSC, Mr. Port made plain his desire to “relate the various tables that comprise the database as a whole and . . . extract information and tabulations in a comprehensible, predictable way” (id. ¶ 10). On the basis of the foregoing, Ms. Barry avers that petitioners’ request cannot be satisfied without the agency granting petitioners access to OSC’s payroll system or “building them a new electronic system” with equivalent data processing capabilities (id. ¶ 11).

In addition, Ms. Barry explains that many, but not all, of the tables sought by petitioners use the Social Security numbers of state employees as their “key” — the data element that logically connects the various tables and links the data contained therein to specific state employees (id. ¶ 16). Petitioners acknowledge, as they must, that the disclosure of Social Security numbers is restricted by federal law and, therefore, is exempt from disclosure under FOIL. In informal discussions with the agency’s Records Access Officer, petitioners suggested a number of alternatives to work around this problem, including encryption of Social Security numbers or the creation of a substitute key.

With respect to the notion of encrypting or “scrambling” the key, Ms. Barry expresses concern that any encryption algorithm could be “reverse engineered,” thereby resulting in the disclosure of confidential information (id. ¶¶ 14, 15). While acknowledging that it would be technologically feasible to replace Social Security numbers with a substitute key, she asserts that such a process would require a considerable expenditure of time and effort (id. ¶¶ 13, 16). According to Ms. Barry, the creation of a substitute key would take 85 to 90 hours of actual staff time, including analysis, computer programming, data object creation, migration and processing time. In addition, an additional 400 to 565 hours would be required to complete the three other major steps required to extract the requested data and place it into a usable electronic database.

In response, petitioners rely upon the affidavit of Darron K. Fuller, an independent consultant with experience in database design and management, including the Oracle payroll system used by OSC. It is Mr. Fuller’s opinion that “the data requested by Petitioners could be provided by the Comptroller without substantial or unreasonable effort” (Fuller aff ¶ 4).

As an initial matter, Mr. Fuller avers that 6 of the 14 tables requested by petitioners do not use Social Security numbers as their primary key.

“For these tables, the information could be directly exported into an Excel (or similar commercially available) spreadsheet or a text file in a flat format, dependent on the size of the table. The programming required should take no longer than ten minutes (there is built-in Oracle command to do this)” (id. ¶ 6).

With respect to the remaining tables, Mr. Fuller acknowledges that “[w]hile the data in these tables could be exported without SSNs, it would not be of much value, as the SSNs appear to be the primary key in the data base” (id. ¶ 8). However, he contends that there are several straightforward methods for OSC to export the data in the tables so as to prevent the disclosure of Social Security numbers while maintaining the logical integrity of the exported data.

According to Mr. Fuller, the “best method” involves a three-step process. First, OSC would be required to create a new database table consisting of two fields: (1) Social Security numbers; and (2) unique identifiers that would not disclose private information concerning state employees (e.g. sequential numbers). Second, Social Security numbers from the existing tables would be added to the new table, “a process that would require a simpl[e] query” (id. ¶ 10). Thus, when complete, the new data table would associate each Social Security number with a unique substitute key. Finally, using this new table, the data in the remaining PayServ tables could be “exported” in a manner by which the nonsensitive unique identifiers are substituted for Social Security numbers. “This entire process would take a tiny fraction of the time that Ms. Barry suggests it would take to fulfill the request” (id.).

Mr. Fuller further observes that a “far simpler” but “inferior” method would be to use a simple query to extract and join together all of the data in the tables, other than Social Security numbers (id. ¶ 12). However, this method would leave the resulting table devoid of a unique identifier, thus preventing petitioners from distinguishing among state employees with the same names. Finally, petitioners’ expert suggests that OSC could simply utilize one of several commercially available software applications specifically designed for the purpose of masking private data {id. ¶ 13).

In her supplemental affidavit, Ms. Barry argues that Mr. Fuller “over simplifies the effort involved with obtaining” the requested data, failing to take into account the mission critical nature of the PayServ system and the resultant need for OSC personnel to follow strict protocols in analyzing, designing, coding, testing and implementing anything that might affect the integrity of the system or its stored data (Barry supp aff ¶¶ 5, 6). Ms. Barry also claims that petitioners’ analysis ignores the need to design and build a new table structure and to create the necessary documentation, tasks that she estimates would take between 225 and 325 hours.

As to the tables that do not contain Social Security numbers, Ms. Barry does not directly dispute Mr. Fuller’s contention that OSC’s database system allows for data to be easily exported, but she does assert that “table structures must be changed from the Oracle proprietary formats” and, as a result, “programs still will need to be designed, coded, tested and executed to extract the data . . . [and] remove and/or mask all private/ confidential data” {id. ¶ 10).

For the tables that use Social Security numbers as their primary key, Ms. Barry argues that the “substitute key” solution proposed by Mr. Fuller would require a considerable expenditure of time and effort, whereas his other approaches would either compromise petitioners’ ability to distinguish between state employees with the same names or require OSC to procure and purchase new computer software {id. ¶¶ 13-16). Finally, Ms. Barry reiterates her contention that petitioners seek not only the data from the 14 specified tables, but also a system that would provide the ability to run search queries against such data {id. ¶¶ 17-18).

Finally, in his supplemental response, Mr. Fuller states that his prior affidavit testimony did in fact account for all of the steps necessary to respond to petitioners’ FOIL request and that nothing he proposed would jeopardize the integrity of the OSC’s computer system or its stored payroll data (Fuller supp aff ¶¶ 2-3). He also contends that many of the steps suggested by Ms. Barry, including the creation of documentation, are unnecessary {id. ¶ 4).

3. Analysis

The court begins its analysis with the payroll tables that do not use Social Security numbers as their primary key. Petitioners assert that the Oracle database management system used by OSC provides a straightforward method of exporting the data from these payroll tables into an electronic spreadsheet format. Respondents acknowledge as much, but contend that “[sjince . . . the table structures must be changed from the Oracle proprietary formats, programs will still need to be designed, coded, tested and executed to extract the data. We would also need to develop a methodology to remove and/or mask all private/ confidential data” (Barry supp aff ¶ 10).

The court concludes that the proof offered by OSC is insufficient to meet its burden of denying access to these records. For the reasons explained below, respondents have failed to demonstrate that exporting specified data from these tables into an electronic spreadsheet format would result in the disclosure of Oracle’s trade secrets or that any such disclosure would cause substantial injury to Oracle’s competitive position (Public Officers Law § 87 [2] [d]). Further, the record demonstrates that the Oracle software used by OSC provides several straightforward options for preventing the disclosure of any table columns containing exempt data.

As to the remaining tables, which use the Social Security numbers of state employees as their primary key, the court begins with petitioners’ preferred approach: the replacement of Social Security numbers with nonsensitive, unique identifiers. The court agrees with respondents that this process requires the creation of new records and goes well beyond a “simple manipulation of the computer” that “does not involve significant time or expense” {Data Tree, 9 NY3d at 465).

According to the affidavit of OSC’s Director of Information Technology, the computer programming and other work needed to create substitute keys for the aforementioned tables would take 85 to 90 hours of actual staff time. In addition to the creation of new computer programs to perform the substitution process, this approach would require the agency to create a new database table, one that translates Social Security numbers to the nonsensitive, unique identifiers that would be provided to petitioners, and populate the new table with data. Further, these efforts would go well beyond the mere extraction of data stored in the payroll database or the masking of confidential data. Rather, development of substitute keys would require OSC to create and provide to petitioners data of a type not otherwise maintained by the agency in order to respond to the subject FOIL request.

In response, petitioners argue that much of the work contemplated by Ms. Barry is unnecessary (Fuller supp aff ¶¶ 4-5). However, the three step process outlined by Mr. Fuller in his affidavit (Fuller aff ¶ 10) conforms generally to the first phase of processing outlined by respondents’ expert (Barry aff ¶¶ 21-22). Further, while Mr. Fuller avers that Ms. Barry’s estimate of 85 to 90 hours is overstated, petitioners have failed to offer any alternative estimate. Moreover, given the critical nature of the State’s payroll system, the court would be hard-pressed to say that OSC should dispense with the rigorous software life-cycle development processes, including appropriate documentation, that the agency routinely uses to protect the integrity of its payroll database. And petitioners’ own submissions confirm that OSC would be required to write new computer programming, create new database structures, generate new intermediate data and, ultimately, provide them with records of a type not otherwise maintained by the agency. Under these circumstances, it is clear that respondents are being called upon to create new records, in contravention of Public Officers Law § 89 (3).

Several of the other alternatives suggested by petitioners can be dismissed without extended discussion. While Mr. Port initially proposed the encryption (or “scrambling”) of Social Security numbers, petitioners have failed to come forward with any evidence that would address respondents’ concern about the possibility of reverse engineering or decryption. Further, while Mr. Fuller suggests that OSC could purchase commercially available software packages designed to mask private data, petitioners cite no authority for requiring an agency to purchase new software in order to meet its obligations under the FOIL provisions that govern this application.

The court must then turn its attention to the remaining two options that petitioners raise as alternatives to the “substitute key” approach. According to Mr. Fuller, a “far simpler” but “inferior” method would be to use a simple query to extract and join together all of the data in the tables, other than Social Security numbers (Fuller aff ¶ 12). However, as acknowledged by Mr. Fuller, this method would not allow petitioners to distinguish among state employees with the same names. Mr. Fuller also observes that the requested table data could be exported by simply deleting Social Security numbers, though the resulting data “would not be of much value” because the logical association between the data and particular state employees would be lost {id. ¶ 8). While acknowledging these drawbacks at oral argument, petitioners nonetheless insist that respondents were obliged, at a minimum, to produce the requested table data by one of these methods.

Respondents disagree, contending that petitioners’ FOIL request, properly construed, called for the production of specified tables, metadata and record layouts in the form of an electronic database management system that would give petitioners the ability to run queries against payroll data. Given the drawbacks associated with the alternative methods described in paragraphs 8 and 12 of the Fuller affidavit, respondents argue that such methods are not responsive to petitioners’ FOIL request.

In response, petitioners acknowledge their desire to obtain the requested data in the form most useful to their journalistic efforts, but contend that the language of their FOIL request is sufficiently broad to encompass the production of some or all of the requested data in a variety of electronic formats. In other words, they deny taking the “all or nothing” approach attributed to them by respondents.

The court begins with Mr. Port’s initial FOIL request. There is nothing in the language of this request that compels the restrictive interpretation adopted by respondents. Petitioners sought “an electronic copy” of 14 specified payroll tables, as well as “related metadata, record layouts, and documentation.” They further requested that such records be provided “in a data file or grouping of related data files, in any commonly-used digital database of spreadsheet format or as ASCII text delimited files.” Thus, petitioners’ request “reasonably describe^]” the records requested (Public Officers Law § 89 [3]), and provides the agency with a variety of methods by which such data may be provided.

Following the initial FOIL request, the parties engaged in informal discussions. While the record does not disclose the substance of these conversations, it does include a February 8, 2008 e-mail from Mr. Port to the Records Access Officer seeking to “clarify and detail [the FOIL] request and make it as specific as possible.” Mr. Port explained that petitioners were requesting that specified data elements be extracted from the 14 specified payroll tables. He further acknowledged that the issue of Social Security numbers “is problematic because [Social Security numbers are] used in the Comptroller’s payroll database as the ‘primary key’ data that allows one to relate the various tables that comprise the databases as a whole and allows someone to extract information and tabulations in a comprehensible, predictable way.” The solution proposed by Mr. Port was to “scramble or encrypt” such numbers.

On March 19, 2008, the Records Access Officer advised petitioners of the partial denial of the FOIL request. The denial letter specifically referred to Mr. Port’s e-mail and rejected the notion of encrypting Social Security numbers.

By letter dated April 17, 2008, petitioners appealed to the agency’s FOIL Appeals Officer. In that letter, petitioners argued that respondents had failed to apply the Data Tree standard to their request, stating as follows:

“We believe that the information in the Request could readily be exported in electronic form through a simple query using Structured Query Language (‘SQL’) or through some other process. . . . Similarly, the Controller’s [sic] assertion that it is impossible to redact social security numbers (‘SSNs’) from the data provided is incorrect. Oracle databases can generate reports with chosen fields, and a report could easily be generated containing the requested fields and not SSNs. Alternatively, it would not take significant effort to generate a report in which SSNs are replaced with some other non-identifying [unique] number . . . .”

In reaffirming the agency’s partial denial of the FOIL request, the FOIL Appeals Officer focused on petitioners’ suggestion of replacing Social Security numbers with nonsensitive, unique identifiers — “one of the alternative approaches that [petitioners] assert could be used to create such a database.” The letter also discussed the risks associated with petitioners’ suggestion of encrypting Social Security numbers.

Based on the language of petitioners’ FOIL request, as amplified by subsequent written communications between the parties, the court concludes that respondents correctly determined that exporting the table data without Social Security numbers was not responsive to petitioners’ request. As petitioners’ expert concedes, eliminating Social Security numbers from the tables that use these numbers as their primary key would leave the resulting data devoid of any logical association to particular state employees and, therefore, of little value (Fuller aff ¶ 8). Further, it would not meet Mr. Port’s stated objective of allowing “one to relate the various tables that comprise the databases as a whole and allow[ ] someone to extract information and tabulations in a comprehensible, predictable way.” There simply is nothing in the record to support petitioners’ belated contention that the production of logically unlinked table data would in any way be responsive to their FOIL request.

The court reaches a different conclusion, however, with respect to the “far simpler” but “inferior” method of using a simple query to extract and join together all of the table data, other than Social Security numbers (Fuller aff ¶ 12). While this process also would result in a loss of information to some extent — the inability to distinguish among state employees with identical names — it would substantially accomplish petitioners’ objectives and is reasonably consistent with the language of Mr. Port’s original FOIL request and petitioners’ subsequent written communications. Insofar as respondents rejected this approach based on a contrary interpretation of petitioners’ request (see Barry supp aff ¶ 12), such an interpretation is not supported by the record and, therefore, must be rejected.

The court therefore concludes that respondents have failed to demonstrate that the data in the tables that use Social Security numbers as their primary key is not “retrievable with reasonable effort” through a “simple manipulation of the computer” (Data Tree, supra). Accordingly, petitioners are entitled to the nonexempt data in these tables through the extraction and joining process described by Mr. Fuller in paragraph 12 of his affidavit.

B. Disclosure of Birth Dates

In denying access to the requested records, OSC further contends that the birth dates of state employees are exempt from disclosure pursuant to Public Officers Law § 87 (2) (b) and § 89 (2) (b), which authorize an agency to withhold records to avoid an unwarranted invasion of personal privacy. Petitioners disagree, contending that the public is entitled to this information under FOIL.

The burden of demonstrating the applicability of a FOIL exemption rests squarely with the government agency (Public Officers Law § 89 [4] [b]; Matter of Daily Gazette Co. v City of Schenectady, 93 NY2d 145, 158-159 [1999]). “In order to deny disclosure, the [agency] must show that the requested information ‘falls squarely within a FOIL exemption by articulating a particularized and specific justification for denying access’ ” (Data Tree at 462, quoting Matter of Capital Newspapers Div. of Hearst Corp. v Burns, 67 NY2d 562, 566 [1986]).

Pursuant to Public Officers Law § 87 (2) (b), an agency may withhold records that “if disclosed would constitute an unwarranted invasion of personal privacy under the provisions of subdivision two of section eighty-nine of this article.” That statute provides, in pertinent part:

“An unwarranted invasion of personal privacy includes, but shall not be limited to: .. .
“iv. disclosure of information of a personal nature when disclosure would result in economic or personal hardship to the subject party and such information is not relevant to the work of the agency requesting or maintaining it; or
“v. disclosure of information of a personal nature reported in confidence to an agency and not relevant to the ordinary work of such agency” (Public Officers Law § 89 [2] [b] [emphasis added]).

The foregoing constitutes “a nonexclusive list of examples” (Data Tree at 462). If the information sought to be withheld does not fall within any of the statutory examples, the court must “balanc[e] the privacy interests at stake against the public interest in disclosure of the information” (Matter of New York Times Co. v City of N.Y. Fire Dept., 4 NY3d 477, 485 [2005]). Ultimately, “[w]hat constitutes an unwarranted invasion of personal privacy is measured by what would be offensive and objectionable to a reasonable [person] of ordinary sensibilities” (Matter of Humane Socy. of U.S. v Fanslau, 54 AD3d 537, 538 [3d Dept 2008] [internal quotation marks omitted]).

The court begins its analysis with the two nonexclusive examples cited by respondents and quoted above (Public Officers Law § 89 [2] [b] [iv], [v]). The court agrees with petitioners that neither of these examples is directly on point. Linder both examples, only information that is not relevant to the work of the agency may be withheld. While the record is sparse as to the precise relevance of birth dates to the work of OSC, the agency does not dispute petitioners’ contention that birth dates have some relevance to certain aspects of its work. Accordingly, even if an employee’s date of birth is “information of a personal nature [and] disclosure would result in economic or personal hardship,” the instant case falls outside of the literal language of Public Officers Law § 89 (2) (b) (iv). For similar reasons, the exemption set forth in Public Officers Law § 89 (2) (b) (v) is unavailable.* Thus, respondents have not supported their claim of exemption by reference to one of the examples set forth in the statute.

That said, the court rejects petitioners’ argument that this conclusion forecloses respondents from relying upon the more generalized FOIL exemption for disclosures that would cause an unwarranted invasion of personal privacy. In making this argument, petitioners appear to rely on a form of expressio unius est exclusio alteráis, a canon of statutory construction stating that the expression of one thing is to the exclusion of the other. Thus, petitioners argue that even if birth dates constitute personal information and the disclosure thereof would result in economic or personal hardship to state employees, the State Legislature has determined that the personal privacy exemption is available only in cases where such “information is not relevant to the work of the agency.”

This argument, however, runs counter to the plain language of the statute, which provides that an “unwarranted invasion of personal privacy includes, but shall not be limited to” the examples set forth in statute (Public Officers Law § 89 [2] [b]). Moreover, it would be a curious result to say that an agency is foreclosed from relying upon the generalized exemption for personal privacy only in cases that are similar (though not identical) to the nonexclusive list of examples set forth in statute.

The court concludes that respondents properly invoked the personal privacy exemption in denying petitioners access to the birth dates of the approximately 250,000 individuals who comprise New York State’s workforce. Looking first to the privacy interests at stake, it is by now well established that the disclosure of an individual’s full birth date, taken together with his or her full name and the details of employment, can be used to facilitate identity theft, thereby resulting in both economic and personal hardship to individuals (see e.g. Matter of Goyer v New York State Dept. of Envtl. Conservation, 12 Misc 3d 261 [Sup Ct, Albany County 2005, McCarthy, J.]). Even recognizing the somewhat lesser expectation of privacy enjoyed by public employees with respect to the details of their state employment, the court believes that a reasonable person would find the disclosure of his or her precise birth date, taken together with his or her full name and other details of his or her state employment, to be offensive and objectionable.

This conclusion is consistent with judicial decisions requiring the redaction of birth dates of state employees along with other sensitive personal information, such as Social Security numbers and home addresses (see Matter of Beyah v Goord, 309 AD2d 1049, 1050 [3d Dept 2003]). Further, in Data Tree, the Court of Appeals expressly equated dates of birth with Social Security numbers for purposes of personal privacy, albeit in dicta (Data Tree at 463). And even jailed prisoners, who enjoy only the most minimal expectation of privacy, have been found entitled to have their dates of birth protected from disclosure under FOIL (Matter of Investigation Tech., LLC v Horn, 4 Misc 3d 1023[A], 2004 NY Slip Op 51010[U] [Sup Ct, NY County 2004]).

On the other hand, petitioners have failed to identify a persuasive countervailing public interest in the disclosure of this information. In fact, petitioners expressly disclaim any intention of publishing the birth dates of state employees, contending only that birth dates are sought “to distinguish between people with the same name in the payroll database, and avoid errors in the database that it provides to the public” (petitioners’ reply mem of law at 16). While the purpose of a FOIL request generally is irrelevant to a claim of exemption, the narrow and limited public interest identified by petitioners in support of disclosure tips the balance of interests decidedly in favor of the protection of personal privacy.

Moreover, it is of no moment in this analysis that the birth dates of these individuals may be available from other sources, including voter registration records. Since the Election Law requires the disclosure of voter registration records, including dates of birth (see Election Law §§ 5-500, 5-602), a board of elections may not rely upon the FOIL exemption for personal privacy to withhold such information. Moreover, the exemptions in FOIL are permissive, in that an agency may nonetheless grant access to records falling within an exemption (Public Officers Law § 87 [2]). Therefore, even if other governmental agencies were to conclude that birth dates should be disclosed, it does not foreclose the State Comptroller from being more vigilant in protecting the personal privacy of state employees. And while petitioners contend that birth dates commonly are used “in business and commerce” (petitioners’ reply mem of law at 11), it is precisely that contention that underlies the Comptroller’s concerns regarding identity theft.

As the United States Supreme Court has held in applying the federal Freedom of Information Act’s privacy exemption to home addresses:

“It is true that home addresses often are publicly available through sources such as telephone directories and voter registration lists, but in an organized society, there are few facts that are not at one time or another divulged to another. . . . An individual’s interest in controlling the dissemination of information regarding personal matters does not dissolve simply because that information may be available to the public in some form” (Department of Defense v FLRA, 510 US 487, 500 [1994] [internal quotation marks omitted]).

The same conclusion follows here.

C. Metadata and Record Layouts

Petitioners further contend that respondents improperly denied their request for the “metadata, record layouts, and documentation” related to the 14 database tables to which they seek access. OSC denied this portion of petitioners’ request based on the FOIL exemptions for (1) trade secrets and proprietary material and (2) information that would jeopardize the security of an agency’s information technology assets.

Under FOIL, an agency may withhold records that “are trade secrets or are submitted to an agency by a commercial enterprise or derived from information obtained from a commercial enterprise and which if disclosed would cause substantial injury to the competitive position of the subject enterprise” (Public Officers Law § 87 [2] [d]). “For this exception to apply, it must be established that the commercial enterprise that provided the data is in actual competition with other entities, and that release of the information would likely cause it substantial competitive injury” (Matter of City of Schenectady v O’Keeffe, 50 AD3d 1384, 1386 [3d Dept 2008]).

In seeking to meet this burden, respondents contend the metadata, record layouts and associated documentation sought by petitioners is proprietary or trade secret information belonging to Oracle Corporation, the vendor of the database management software that OSC uses to host the PayServ application. As noted previously, respondents also contend that exporting data from specified tables into an electronic spreadsheet format would implicate Oracle’s proprietary rights and, therefore, require OSC to construct “an alternative software database program” in order to comply with petitioners’ FOIL request.

In support of its claim of exemption, respondents rely primarily upon the affidavit of Carolyn Cozart, an Oracle vice-president. She avers, in pertinent part:

“PeopleSoft HCM . . . includes confidential and proprietary information in the Application Designer portion of the software. The record layouts and electronic fields in the Application Designer function like a blueprint, revealing the architecture of the PeopleSoft software and how it is stored in the database. There are thousands of separate pages in the PeopleSoft HCM Application Designer, all of which contain proprietary information. These record layouts and electronic fields are not available publicly; only licensees of PeopleSoft HCM are able to access them, and Oracle vigorously protects the confidentiality of this information.”

In reply, petitioners argue that respondents already have disclosed the “data dictionary,” thus undermining any claim of trade secret status. Further, petitioners contend that respondents’ evidentiary showing falls short of establishing that the information sought to be withheld qualifies for trade secret status under New York law.

The court is satisfied that respondents have established that the “metadata, record layouts, and documentation” that petitioners seek are exempt from disclosure pursuant to Public Officers Law § 87 (2) (d). The Cozart affidavit, which is not rebutted by any evidence submitted by petitioners, provides a legally sufficient basis for concluding that: (a) the information sought by petitioners is treated as confidential and proprietary by Oracle; (b) access to such information is not available to the public and is limited to licensees and other persons in a contractual relationship with Oracle (who, like OSC, have a duty to protect Oracle’s confidences); and (c) the requested information would function as a “blueprint” of the architecture of the PeopleSoft system and how it manages and stores human resources data. Given these undisputed facts, it is reasonable to infer that the information sought by petitioners would be valuable “to potential competitors” and, therefore, its disclosure would cause competitive harm to Oracle (O’Keeffe at 1386). And while OSC would be hard-pressed to rely upon this exemption if it had previously disclosed the same information, it is clear from Ms. Barry’s supplemental affidavit that the data dictionary provided to petitioners, which provides a functional description of each table field, is distinct from the detailed metadata required to comply with petitioners’ request.

However, as noted above, the court concludes that respondents have failed to demonstrate that merely providing petitioner with the requested data from specified payroll tables in electronic form would constitute a breach of Oracle’s proprietary rights or cause it to suffer a substantial competitive injury. Indeed, respondents have already provided petitioners with the data dictionary: a listing of the data elements comprising the 14 tables they seek. There is nothing in the affidavit of Ms. Cozart that provides a basis for concluding that Oracle would suffer competitive harm as a result of the agency exporting specified data elements from the various database tables and providing it to petitioners in an electronic spreadsheet format. Accordingly, the court rejects OSC’s contention that it would be required to construct “an alternative software database program” in order to provide petitioners with data from the 14 requested payroll tables.

D. Attorney’s Fees and Costs

Finally, petitioners seek an award of attorney’s fees and costs pursuant to Public Officers Law § 89 (4) (c). Under the cited statute, a prevailing FOIL requester may recover counsel fees and costs where the agency lacked a reasonable basis for denying access to the requested records.

The court denies this branch of petitioners’ application. While petitioners have substantially prevailed in this matter, the court is not persuaded that respondents lacked a reasonable basis for their actions. The bulk of the relief accorded to petitioners comes not from a determination that OSC erred in rejecting the “substitute key” approach advocated by petitioners, but from the court’s conclusion that the written record does not support the agency’s interpretation of the FOIL request as requiring the production of the requested data in its most useful form. The issues of precisely what petitioners were seeking and how it could be provided to them clearly engendered significant confusion. Indeed, Mr. Port’s own “clarification” of his request was itself a source of confusion, since it refers to the objective of being able to run queries against the resulting data. Under these circumstances, the court cannot say that respondents acted unreasonably and, therefore, denies petitioners’ request for attorney’s fees and costs.

Conclusion

The court has considered the parties’ remaining contentions and finds them unavailing or unnecessary to the disposition of this proceeding.

Accordingly, it is ordered that the motion of New York State Public Employees Federation AFL-CIO to participate as amicus curiae in this proceeding is granted; and it is further ordered that petitioners’ motion for leave to file a response to the supplemental reply affidavit of MaryAnne Barry is granted, and such response is received by the court; and it is further ordered that petitioners’ application for an award of attorney’s fees and costs is denied; and it is further ordered, adjudged and decreed that the petition is granted to the extent that respondents’ determination of May 7, 2008 is hereby vacated, and the matter is remanded to the Office of the State Comptroller to promptly comply with petitioners’ FOIL request in a manner not inconsistent with this decision, order and judgment. 
      
      . At oral argument, the court granted PEF’s unopposed application to participate as amicus curiae in this proceeding. Further, the court granted petitioners’ motion to respond to the supplemental reply affidavit filed by OSC’s Director of Information Technology.
     
      
      . Public Officers Law § 87 (3) (b) requires each agency to maintain “a record setting forth the name, public office address, title and salary of every officer or employee of the agency.” It is this information that OSC provided to petitioners in response to their FOIL request.
     
      
      . Given the intervening change in the law, the court does not see such a request running afoul of the general proscription against successive FOIL requests seeking the same records. Respondents’ counsel conceded as much at oral argument.
     
      
      . Specifically, Ms. Barry avers that the following additional steps are necessary: 150 to 250 hours to design and build different database table structures; 175 to 240 hours to extract data from the PayServ database and load it into the newly designed tables; and 75 hours to document the meta-data, record layouts and table descriptions. In addition to protecting employees’ Social Security numbers and giving petitioners a usable electronic database, these estimates also include the time necessary to protect the information security of the state payroll system and prevent the disclosure of proprietary Oracle information, issues that are discussed below.
     
      
      . At oral argument, respondents asserted, without contradiction, that only five of the tables do not contain Social Security numbers.
     
      
      . The court notes that respondents have not identified any such exempt data within these tables. In contrast, Mr. Fuller avers that these tables do not contain Social Security numbers or other data that respondents claim to be exempt under FOIL.
     
      
      . Further, Ms. Barry estimates that an additional 400 to 565 staff hours would be required to complete the other stages of processing necessary to comply fully with petitioners’ FOIL request, including developing appropriate documentation of the agency’s efforts.
     
      
      . Similarly without merit is any claim that petitioners’ FOIL request does not encompass the exporting of specified data from the tables that do not use Social Security numbers as their primary key into an electronic spreadsheet format.
     
      
      . Indeed, Ms. Barry acknowledges that there are “simple and straight forward ways to export data,” but that such methods would not be responsive to petitioners’ FOIL request (Barry supp aff ¶ 12).
     
      
      . Respondents note that birth date is an optional field in the PayServ system, and the birth date field of about one half of all state employees contains no usable information (Barry supp aff ¶ 2).
     
      
      . Further, there has been no showing that state employees report their birth dates “in confidence” to their employer.
     
      
      . Of course, the court can envision circumstances in which there is a powerful public interest in the disclosure of birth dates. This, however, is not such a case.
     
      
      . Courts in New York generally follow section 757 of the Restatement (First) of Torts in determining whether business information qualifies as a trade secret (see Ashland Mgt. v Janien, 82 NY2d 395, 407 [1993]). Under this definition, a trade secret is “ ‘any formula, pattern, device or compilation of information which is used in one’s business, and which gives [the business] an opportunity to obtain an advantage over competitors who do not know or use it’ ” (id., quoting Restatement [First] of Torts § 757, Comment b).
      
     
      
      . Nor have respondents established that the disclosure of this table data “would jeopardize [OSC’s] capacity to guarantee the security of its information technology assets” (Public Officers Law § 87 [2] [i]).
     
      
      . Moreover, the agency’s position regarding the disclosure of birth dates, metadata, record layouts and documentation was sustained.
     