Public Records Requests for Employee Information

Frequently Asked Questions

The Department of Administrative Services (DAS) sometimes receives public records requests for information about all state employees. When this happens, DAS notifies employees by email. This page covers answers to the questions DAS hears most often from employees about this type of public records request.

In response to public records requests, DAS has a statutory responsibility to release employee information that is not, by law, exempt from disclosure.

The information that DAS releases will vary depending on the request, but most requests include at least some of the following:

Employee Name
Agency
Work Location
Work Email
Work Phone
Employee Salary

DAS will never release personal employee information, such as home address, home phone number, date of birth, SSN, etc. – this type of information is protected from disclosure under the public records law. However, employee information such as your name, your work contact information, where you work, and how much you make is considered public record under Oregon law.

Under Oregon’s public records law, “every person” has a right to inspect any nonexempt public record of a public body in Oregon. This right extends to any natural person, corporation, partnership, firm or association. Typically the requests DAS receives are from members of the news media, research organizations, and businesses.

There is no requirement under the public records law for requesters to explain why they’re requesting information and what they will be using it for. However, some requesters will voluntarily provide this information to DAS. If DAS knows of the motive for the request, it will let employees know in the notification email it sends to all employees.

DAS charges fees for public records requests according to Statewide Policy 107-001-030. The policy requires agencies to waive a minimum of 30 minutes of staff time. When DAS can provide a record or a document during the normal course of business at negligible cost, it will do so without charge.

There is not a way for employees to opt out of having their public information released via the public records law. However, there are protections in place for those who have obtained protective orders through the court system.

Once you have obtained a protective order through the court system, you must work with HR staff at your agency to ensure your legal name will not appear in releases of public information.

For questions or concerns relating to safety or protective orders, please contact your agency HR staff.
For questions relating to specific public records requests, please contact DAS Public Records Manager Bryanna Duke at bryanna.duke@das.oregon.gov.
For more information about Oregon’s public records law, please consult the Attorney General’s Public Records and Meetings Manual.

All data that is released through the public records request process is data that is legally considered public information and that DAS is required to release. This data will never include personal employee information, such as home address, home phone number, date of birth, SSN, etc.

A data breach refers to an incident where confidential, sensitive or protected information is accessed, disclosed or stolen by unauthorized individuals, groups or entities. These breaches can occur in various ways, including cyberattacks, hacking, social engineering or insider threats and is confirmed through analysis.

In a data breach, personal or sensitive data may be compromised, such as:

Personal information: Names, home addresses, phone numbers, email addresses, social security numbers, etc.
Financial information: Credit card numbers, bank account details, payment records, etc.
Healthcare data: Medical history, diagnoses, treatment information, etc.
Passwords and login credentials: Username and password combinations for various accounts.
Intellectual property: Proprietary business information, trade secrets, patents, etc.
The consequences of a data breach can be severe and wide-ranging, impacting both individuals and organizations. For individuals, it may lead to identity theft, financial losses and other privacy-related issues. For organizations, data breaches can result in reputational damage, legal liabilities, financial losses and loss of customer trust.

As common practice, we encourage you to monitor your credit and bank statements for any fraudulent activity:

Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
Experian: experian.com/help or 1-888-397-3742
TransUnion: transunion.com/credit-help or 1-888-909-8872

Return to the main page for Public Records Requests.

Public Records Requests for Employee Information

Frequently Asked Questions

Why is my information being released?

What type of information is being released?

This information seems personal. Why are you releasing it?

Who can request my information?

What is my information going to be used for?

Did the requester pay to receive this information?

I don’t want my information to be released. Can I opt out?

I have a protective order through the court. How do I ensure my employee information is protected from release?

Who do I contact if I have more questions?

Are public records requests potential sources of data breaches?