Technology advancements continue to threaten to blow the wheels off the public information access process in Maryland and beyond. State and local officials are sounding the alarm but oversight committee stops short of meaningful recommendations to tackle the issues. 

Maryland’s Public Information Act (PIA) is a cornerstone of open government, designed to ensure transparency and accountability at every level of public service. For county governments in particular, the PIA can present a complex balancing act — one that requires navigating citizen expectations for access to information, protecting sensitive data, and managing the administrative burden of frequent and detailed records requests. As technology, public engagement, and legal standards continue to evolve, counties across Maryland are adapting their policies and practices to meet both the spirit and the letter of the law. With new challenges emerging around cybersecurity, artificial intelligence, and data management, more changes to Maryland’s PIA framework may soon be on the horizon. This policy deep dive will explore how the PIA and the work of the Maryland Public Access Ombudsman and PIA Compliance Board impact local governments as well as what kinds of changes should be on the horizon.

Role of Ombudsman and Compliance Board

These two entities both play a role in resolving any disputes that arise as the result of a PIA request. The Ombudsman handles initial mediation between parties, and the Board reviews and issues decisions for anything that is not resolved in the mediation phase. As an example, if a custodian of a local government receives a request that they believe is too broad and the requester refuses to narrow the scope of the inquiry, that county or municipality could seek mediation with the Ombudsman’s Office. This could result in guidance that either encourages the requestor to narrow the inquiry or clarifies for the local government what their obligation is for the existing request. This third party strategy has been in place for a decade and has kept hundreds of disputes off the court dockets and out of the review process for the Board. This leaves room for the appropriate care and attention to be reserved for the most serious and significant disputes.

How Is the Ombudsman Process Going?

Both the Ombudsman’s Office and Board offer annual feedback and perspective as to how the PIA request process is working in Maryland, if it is changing, and how policy and legislation might evolve with those shifts. During the annual update to the Board by Maryland PIA Ombudsman Lisa Kershner, at the August 21 meeting, she highlighted the work of her office over the past year. They shared that recent changes made by the General Assembly and Office of the Attorney General (OAG) have vastly improved their ability to manage the workload of what was originally an office of one.

Within the existing budget, the OAG was able to hire another attorney to help as a mediator, and the General Assembly was able to effectively authorize the delegation of the Ombudsman’s powers to additional staff members. SB 296 / HB 331, wisely championed by Senator Augustine and Delegate White Holland, facilitated this change during the 2025 legislative session. This gave the office the ability to move through more cases faster as the coming report will show. Prior to those changes the department was running behind all the time creating too long of a wait for resolution and eroding the trust of the public and the agencies fielding requests, according to Kershner.

Ombudsman Kershner was happy to report that, not only are they caught up and moving through cases at a sustainable pace, they have been able to resurrect certain components of the original charge of the Ombudsman’s Office which includes educational programing for agencies and the public. A forthcoming, revamped brown bag lunch series will host a number of expert panels to discuss some of the most pressing questions and concerns the office is currently fielding, particularly around technology and the PIA. Ombudsman Kershner’s comments convey that confusion around protocols and standards related to technology being used by custodians and requestors is the next big frontier for the PIA. The following few sections will discuss some of those challenges facing both the public and local governments.

Technology Troubles Transparency In Cybersecurity Protocols 

During Ombudsman Kershner’s update, cybersecurity was at the top of the list as an issue for both the request and disclosure process as well as a topic for an upcoming brown bag lunch session. From a requestor perspective, attackers can use the process as a vector for malware, particularly if it is disguised as an attachment. Custodians are required to review and respond to all requests in a timely manner. This can create an incident where they are not reviewing requests due to the risk of a security breach, and vice versa, where they move forward with the review unknowingly and expose the system to a breach. Warnings about these types of situations were circulated last year by MACo and other state officials as reported in Maryland Matters.

As can be seen in the MACo coverage and the linked Maryland Matters report, cybersecurity breaches of government entities have been increasing in frequency and severity making information about standards, protocols, investigations, and the like relatively new in terms of an information request. Custodians must be incredibly diligent in protecting sensitive information, system infrastructure, and breach assessments to name a few. Despite the risks, advocates are suggesting the increasing number of exemptions for cybersecurity reasons is troubling, while local governments are having to operate in a new landscape without clear guardrails for denials and exemptions. This necessitates a balance between disclosures that facilitate transparency and the necessary caution to avoid revealing information that could lead to further vulnerabilities. Stakeholder work groups have been suggested to hone in on what the most appropriate changes should be to strike the proper balance of transparency and security.

Challenges Persist with Body Worn Camera Requests

Another technology related issue Ombudsman Kershner highlighted was requests for officer body-worn camera (BWC) footage to local governments. With the passage of the Police Accountability Act of 2021, all county police forces were required to have a BWC on all officers. This has prompted an increase in requests to local police forces. Ombudsman Kershner explained that these requests are consistently coming up as a problem. From the meeting:

“Many local jurisdictions every time they get a request for body-worn camera footage or some sort of video footage, its a problem because they have to review it for potential redactions. There are really a myriad of exemptions that might possibly come into play so they have to sit down, review, make a decision if anything needs to be redacted, and then they have to do it or have it done. And if you don’t have the in house capability to do this it is incredibly time consuming.”

Further on this point, for officer BWC footage, often multiple divisions need to review the information multiple times including the officer, the custodian, and county attorneys. Reviews also often require multiple viewings to ensure accuracy and thoroughness of removing information that is a mandatory denial, such as information that could personally identifying an individual.

As an example, there might be footage of a victim standing outside their home. These images could have a number of personally identifying factors that need to be redacted including but not limited to their face, a tattoo, birthmarks, house numbers, street names, car license plates, mailbox numbers, and the like. Custodians must catch all of this and remove it to avoid legal exposure and do it all in the allotted time frame as defined by the PIA. Additionally, there is the complication that someone could get a hold of a video that has been effectively redacted to not reveal these types of elements, but an AI scan of the remaining elements could pin point the location of the video. This is particularly problematic in the case of a victim, but also for unwitting members of the public who might not be aware they are on a video.

MACo and a number of state legislators and stakeholders have advocated for adjustments to mandatory denial standards in situations like this for years. Meaningful changes have yet to be made, but, with legislator advocates continuing to push the conversation forward – including every member of the Judicial Proceedings Committee, championed by Senator Charles Sydnor, and more recently Delegate Nicole Williams in the House Judiciary Committee  – changes could be on the horizon.

System Wide Email Searches Bog Down PIA Process

Another highlight of the Ombudsman’s update was the consistent challenge presented by requests for large batches of emails from both state and local government entities.

From Ombudsman Kershner during the report:

Email searches is a perennial problem. Huge problem. And unless someone asks for something very specific, to do a search of an organizations email system is time consuming, expensive, and difficult.

Local governments over the past couple decades have seen an increase in the frequency of these requests, and can be hamstrung by a lack of resources available to acquire the technology to streamline this process or, worse cost wise, contract it out. The disruption to productivity and workload severity of these requests also makes it hard to get and keep good people in these custodian positions, which carry personal liability – a feature unique in Maryland. This is, again, another technology based record presenting a quandary between the importance for the public to access it but is increasingly more challenging to provide. It represents another process in need of consideration.

Automatic Submissions and Requests by Artificial Intelligence

Not addressed during the meeting but an issue all the same, automated submissions from anonymous sources have also become an increasingly prevalent issue. Individuals can use online tools to automate a request based on specific topics and prompts as well as do so at repeated intervals. This gives a requestor the ability to flood an office with inquiries even if they are seemingly abusive in nature. This is an example related to why the OAG actually requested changes to the PIA during the 2025 legislative session – HB 806 / SB 554 – to recognize that a request could be abusive in addition to the existing exemption standards of “frivolous, vexatious, or in bad faith.”

These new tools additionally give rise to the question of whether anonymous submissions are legitimate. Going one step further, especially as the technology advances, the question arises as to whether an AI bot is able to submit a legitimate request either from the prompt of an individual or the bots own “judgement.”

Guardrails Need to Go Further Than Current Recommendations Suggest 

The Board has made some legislative recommendations during the last two meetings of the group. Those were covered in detail previously on Conduit Street. While some of these clarifications or expansions could be useful they do net yet go far enough with new technologically based recommendations to preserve the integrity of the process. In essence, all of the suggested changes, at the moment serve to expand the responsibility of government entities without recognizing any of the challenges brought up by the Ombudsman.

The Ombudsman and Board reports will be available soon with verified statistics for how the process has gone over the last year. Legislation has been proposed in the past that could attempt to start streamlining some of the processes while maintaining transparency but will likely require going further than the current recommendations call for. An unwillingness of the General Assembly to truly grapple with these emerging challenges will only serve to further erode the process and the necessary public trust, as well as that of the agencies.