Division of Archives and Records Service

Verifying a Requester’s Identity

Rosemary Cundiff
November 14, 2018

The Government Records Access and Management Act (GRAMA) provides for the release of private records to certain individuals. These individuals include the subject of the record, a parent or guardian, and additional individuals who have a notarized release or power of attorney (Utah Code Section 63G-2-202(1)(a)). GRAMA also states that before releasing a private (controlled or protected) record, a records officer should obtain evidence of the requester’s identity (Utah Code Section 63G-2-202(6)).The law does not say how this evidence is to be obtained.

Last summer 435 records officers answered a survey about responding to GRAMA requests. One question was, “When you provide access to private records, how do you verify the recipient’s identity?” More than half of the respondents (219) said that the recipient is required to appear in person with identification. Some (86) said that they will also accept a photocopy or scan of identification. A few (11) require a notarized release, and a few more (7) said that all requesters are familiar to them. Some records officers (77) said that this question is not relevant because they have not responded to a request for private records. The remaining records officers (35) provided a unique response.

All private records are not equally sensitive. The level of security about identifying individuals before providing access may appropriately differ. For example, a case file of the Department of Child and Family Services is more sensitive than a home address or personal phone number. Governmental entities should make policies based on their best judgment of the level of sensitivity and circumstances around requests. Perhaps this information about what others are doing will be helpful.