Supreme Court of Florida
No. AOSC16-107
IN RE: STANDARDS FOR ACCESS TO ELECTRONIC COURT
RECORDS
ADMINISTRATIVE ORDER
The Florida State Courts System has made considerable efforts to develop
policies that facilitate access to electronic court records while simultaneously
protecting confidential and sensitive information.
In re: Standards for Access to
Electronic Court Records, Fla. Admin. Order No. AOSC14-19 (amended May 23,
2014), governs appropriate, differentiated levels of access to electronic court
records and prescribes a process by which a clerk of court who wishes to provide
court records online must develop and test in a pilot program its online electronic
records access system and, when compliant with Standards for Access to
Electronic Court Records and the Access Security Matrix adopted by the Supreme
Court, seek Supreme Court approval to provide online access to electronic court
records. The clerks of court for seven counties have completed the pilot program
and are seeking approval to provide online access to electronic records.
- 2 -
Through AOSC14-19 the Supreme Court adopted the standards and the
security matrix and subsequently amended the standards and security matrix
through In re: Access to Electronic Court Records
, Fla. Admin. Order No.
AOSC16-14 (April 27, 2016). The Florida Courts Technology Commission
(Commission) has recommended additional amendments to the standards and the
security matrix.
Approval of Clerk of Court Requests
The clerk of court for each county listed below engaged in a pilot program
of at least 90 days to test its online electronic records access system; submitted at
least three monthly status reports to the Office of the State Courts Administrator;
reported all incidents of inadvertent release and unauthorized access to confidential
information, if any occurred; took the appropriate corrective actions necessary to
address all reported incidents related to confidential information; and ensured
compliance with the current version of the standards and security matrix.
In addition, each of these clerks of court submitted a certification request,
consistent with AOSC14-19, and a written description of the steps, processes, or
tools used to validate compliance with the standards and the security matrix. The
Access Governance Board (Board) of the Florida Courts Technology Commission
reviewed each request and recommended approval, and the Commission concurred
with the recommendation of the Board.
- 3 -
Accordingly, the request to provide online access to electronic court records
submitted by the respective clerk of court for each of the following counties is
hereby approved, subject to the terms and conditions established hereinafter.
1. Charlotte County
2. Clay County
3. Hillsborough County
4. Levy County
5. Palm Beach County
6. St. Lucie County
7. Volusia County
This approval is subject to the following terms and conditions:
1. Within 90 days following the date of this order, each clerk of court
must implement its online electronic records access system in
accordance with the standards and the security matrix adopted by
AOSC14-19 and amended by AOSC16-14.
2. Each clerk shall incorporate any future amendments or updates to the
standard and security matrix into the clerk’s existing online electronic
records access system, including but not limited to the amendments
adopted in this administrative order.
3. To ensure compliance with the standards or security matrix, each
clerk of court shall provide the Supreme Court or its designee access
accounts for all roles in the security matrix, if so requested.
- 4 -
Violation of any of these terms and conditions shall constitute grounds for
revocation of the approval to implement online electronic records access in the
respective county.
Amendments to Standards for Access to Electronic Court Records
The Board worked in partnership with the Florida Public Defender
Association and previously submitted language to the Court regarding public
defenders’ attorney of record access. See
In re: Access to Electronic Court
Records, Fla. Admin. Order No. AOSC16-14 (April 27, 2016). The Board
inadvertently excluded language affirming public defenders will be granted access,
as the attorney of record, to any case type to which applicable statutes grant the
public defenders attorney of record access. As cases are newly created, the public
defender will be granted access as an attorney of record by default on any case of a
type to which statute so grants the public defender such access. Access will then
be changed to general government and constitutional officers when the public
defender is no longer counsel of record or when another attorney is assigned.
Pursuant to the Board’s recommendation, each public defender’s office must
establish policies to ensure that access to confidential records and information is
limited to those individuals who require access in performance of their official
duties.
- 5 -
Additionally, in order to clarify that law enforcement agencies from other
states should not have access to Florida records similar to Florida and federal law
enforcement agencies, the Board defined “law enforcement” specifically as federal
law enforcement, Florida law enforcement, Florida state attorney’s offices, Florida
attorney general’s offices, and the Florida Department of Corrections.
In accordance with its authority under Florida Rule of Judicial
Administration 2.236 to “establish, periodically review, and update technical
standards for technology used and to be used in the judicial branch to receive,
manage, maintain, use, secure, and distribute court records by electronic means,
consistent with the technology policies established by the supreme court,” the
Commission, concurring with the Board’s recommendations, submitted amended
standards and an amended security matrix for the Court’s consideration.
As a means for the judicial branch to continue to ensure responsible access
to electronic records, the Court hereby adopts the amended Standards for Access to
Electronic Court Records and the amended Access Security Matrix to supersede
those adopted by AOSC16-14. The amended standards and security matrix are
attached hereto and incorporated herein by reference.
1
1. The Standards for Access to Electronic Court Records and the Access
Security Matrix are also available on the Florida Courts website. See
http://flcourts.org/resources-and-services/court-technology/technology-
standards.stml.
- 6 -
DONE AND ORDERED at Tallahassee, Florida, on December 30, 2016.
_________________________
Chief Justice Jorge Labarga
ATTEST:
______________________________
John A. Tomasino, Clerk of Court
Standards for Access to Electronic Court Records December 2016 Page 1
Standards For Access To Electronic Court Records
December 2016
These standards establish statewide technical and operational requirements for access to
electronic court records by the public, special user groups, judges, and court and clerk’s office
personnel. The standards also implement the Access Security Matrix, which governs remote
internet and clerk’s office access to electronic court records.
ACCESS METHODS
There are three different methods for accessing electronic court records.
1. Direct access via application to internal live data
2. Web-based application for replicated or live data with security
3. Web-based portal for public viewing of replicated data and variable levels of security
based on user role
Direct or web access to live production data is generally limited to court and clerk officers and
authorized court and clerk’s office staff. Most users will access replicated data to protect the
integrity and availability of the official court record maintained by the clerk.
ACCESS SECURITY MATRIX
The Access Security Matrix appended to these standards governs access to electronic court
records based upon user roles and applicable rules, statutes, and administrative policies. The
matrix performs the following functions:
1. Establishes user groups
2. Establishes access levels
3. Assigns access level for each user group based on case type
4. Assigns access level for all docket codes
The Access Governance Board, under the authority of the Florida Courts Technology
Commission, is responsible for maintaining the matrix by timely incorporating legislative and
rule changes that impact access to electronic court records. Access permitted under the Access
Security Matrix applies equally to electronic and paper court records.
USER GROUPS
Access to electronic court records is determined by the user’s role and applicable statutes, rules,
and administrative policy. Access may be restricted to certain user groups based on case type,
document type, or information contained within records. All individuals and entities authorized
under these standards to have greater access than the general public must establish policies to
protect confidential records and information in accordance with applicable rule and statutory
requirements. Remote electronic access may be more restrictive than clerk in-house electronic
access.
Standards for Access to Electronic Court Records December 2016 Page 2
USER GROUPS
ACCESS PERMITTED
SECURITY
REQUIREMENTS
Judges and authorized
court and clerk’s office
personnel
All court records, except those
expunged pursuant to s.
943.0585, F.S., with
discretionary limits based on
local security policy. Each
court and clerk must establish
policies to ensure that access to
confidential records and
information is limited to those
individuals who require access
in performance of their official
duties.
Access to records sealed
pursuant to s. 943.059, F.S., is
permitted judges to assist in
performance of case-related
adjudicatory responsibilities.
In-house secure network and
secure web access.
Parties
All records in the party’s case
except those that are expunged
or sealed; access may be
denied to information
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
order, depending upon case
type and the language of the
order.
Secure access on case-by-
case basis. Access by
notarized request to insure
identity of party.
General public
All records except those that
are expunged or sealed,
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
order.
No remote access to images of
records in cases governed by
the Florida Family Law Rules
of Procedure, Florida Rules of
Juvenile Procedure, or Florida
Probate Rules, pursuant to s.
28.2221(5)(a), F.S.
None. Anonymous internet
access permitted.
Standards for Access to Electronic Court Records December 2016 Page 3
USER GROUPS
ACCESS PERMITTED
SECURITY
REQUIREMENTS
Individuals registered
for subscriber service
All records except those that
are expunged or sealed,
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
order.
Viewable on request remote
access to images of records in
cases governed by the Florida
Family Law Rules of
Procedure, Florida Rules of
Juvenile Procedure, or Florida
Probate Rules, pursuant to s.
28.2221(5)(a), F.S.
Secure access through user
name and password by
written notarized agreement.
Attorneys of record
All records except those that
are expunged or sealed; access
may be denied to records or
information automatically
confidential under rule
2.420(d)(1), or made
confidential by court order,
depending upon the type of
case and the language of the
court order.
Secure access through user
name and password by
written notarized agreement.
The gatekeeper is
responsible for maintaining
authorized user list.
Public Defenders
(institutional access)
The Office of the Public
Defender is considered the
attorney of record at a
defendant’s first appearance as
permitted by Juvenile Rule of
Procedure 8.010 and Rule of
Criminal Procedure 3.130.
Access will be changed to
general government and
constitutional officers when
the public defender is no
longer counsel of record or
another attorney is assigned.
All records except those that
are expunged or sealed,
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
Secure access through user
name and password by
written notarized agreement.
The gatekeeper is
responsible for maintaining
authorized user list.
Standards for Access to Electronic Court Records December 2016 Page 4
USER GROUPS
ACCESS PERMITTED
SECURITY
REQUIREMENTS
order.
Access to records as permitted
by ss. 27.51, 27.52, 27.58, and
27.59, F.S.
Access to juvenile delinquency
records as permitted by s.
985.045(2), F.S. and Rule of
Juvenile Procedure 8.165.
Access to mental health
records as permitted by s.
916.107(8), F.S.
Access to mental health
records as permitted by ss.
394.4615, 394.4655, and
394.467, F.S.
Access to records of
individuals detained under the
Involuntary Civil Commitment
of Sexually Violent Predators
Act (formerly known as the
“Jimmy Ryce Act”) as
permitted by ss. 394.916 and
394.917, F.S.
Each public defender must
establish policies to ensure that
access to confidential records
and information is limited to
those individuals who require
access in performance of their
official duties.
Authorized state or local
government agencies
All records except those that
are expunged or sealed,
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
order.
Access to social security
Secure access through user
name and password by
written notarized agreement.
Agency gatekeeper is
responsible for maintaining
authorized user list.
Standards for Access to Electronic Court Records December 2016 Page 5
USER GROUPS
ACCESS PERMITTED
SECURITY
REQUIREMENTS
numbers as permitted by
s.119.071, F.S.
Certified law
enforcement officers of
Federal law enforcement
agencies and all Florida
law enforcement
agencies, including but
not limited to, Florida
state attorney’s offices,
the Florida Attorney
General’s office, and
Florida Department of
Corrections, and their
authorized users
All records except those that
are expunged or sealed,
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
order.
Access to social security
numbers as permitted by
s.119.071, F.S.
Access to HIV test results as
permitted by ss. 775.0877,
951.27, and 960.003, F.S.
Access to sexually transmitted
disease results as permitted by
s. 384.29(1), F.S.
Access to birth certificates as
permitted by s. 382.013(5),
F.S.
Access to mental health
records as permitted by s.
916.107(8), F.S.
Access to addresses of
domestic violence victims, and
identities of victims of sexual
and child abuse when
originating from law
enforcement as permitted by s.
119.071(2), F.S.
Access to children and families
Secure access through user
name and password by
written notarized agreement.
Agency gatekeeper is
responsible for maintaining
an authorized user list.
Standards for Access to Electronic Court Records December 2016 Page 6
USER GROUPS
ACCESS PERMITTED
SECURITY
REQUIREMENTS
in need of services records as
permitted by s. 984.06(3), F.S.
Access to juvenile records as
permitted by s.
39.0132(4)(a)(1), F.S.
Access to juvenile delinquency
records as permitted by s.
985.04, F.S.
Access limited to law
enforcement personnel who
require access in performance
of their official job duties.
Department of Children
and Families personnel,
or authorized service
providers of the agency
All records except those that
are expunged or sealed,
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
order.
Access to social security
numbers as permitted by s.
119.071, F.S.
Access to birth certificates as
permitted by s. 382.013(5),
F.S.
Access to children and families
in need of services records as
permitted by s. 984.06(3), F.S.
Access to juvenile records as
permitted by s. 39.0132(3),
F.S.
Access to juvenile delinquency
records as permitted by s.
985.04, F.S.
Access to records is limited to
agency personnel and service
Secure access through user
name and password by
written notarized agreement.
Agency gatekeeper is
responsible for maintaining
authorized user list.
Standards for Access to Electronic Court Records December 2016 Page 7
USER GROUPS
ACCESS PERMITTED
SECURITY
REQUIREMENTS
providers who require access
in performance of their official
job duties.
Commercial purchasers
of bulk records
All records except those that
are expunged or sealed,
automatically confidential
under rule 2.420(d)(1), or
made confidential by court
order.
No remote access to images of
records in cases governed by
the Florida Family Law Rules
of Procedure, Florida Rules of
Juvenile procedure, or Florida
Probate Rules, pursuant to s.
28.2221(5)(a), F.S.
Secure access through user
name and password by
written notarized agreement.
Commercial purchaser
gatekeeper is responsible for
maintaining an authorized
user list.
Administrative
Access for administrative
purposes only to manage
accounts for an organization
with multiple users
Secure access to maintain
and update user accounts.
Gatekeeper can represent an
agency under a single
notarized agreement.
ACCESS LEVELS
Access permitted to:
A. All but expunged, or sealed under Ch. 943
B. All but expunged, or sealed under Ch. 943, or sealed under rule 2.420
C. All but expunged, or sealed under Ch. 943 and sealed under rule 2.420, or confidential
D. All but expunged, sealed, or confidential; record images viewable upon request
E. Case number, party names, dockets only
F. Case number and party names only
Standards for Access to Electronic Court Records December 2016 Page 8
G. Case number only
H. No access
Viewable on request access level applies to documents containing confidential information that
must be redacted; this access level requires examination of the case file by a clerk to identify and
redact confidential information before the record can be viewed. Requests for judicial orders
will be reviewed by the clerk for redaction or application of security protocols consistent with
these standards.
SECURITY
No sensitive security information should be presented on the user interface. Sensitive data shall
be exchanged over trusted paths, or using adequate encryption between users, between users and
systems, and between systems. The system must employ appropriate security and encryption
measures to prevent disclosure of confidential data to unauthorized persons.
Minimum Technical Requirements:
1. Encryption (general public and authenticated)**
2. No “cut and paste” of workable links
3. Hyperlinks must not include authentication credentials
4. No access to live data; replicated records will be used for public access
5. Authenticated access for access beyond general public access
6. Monitor bulk data transfers to identify and mitigate abuses of the system by utilizing
access programs using automated methods.
**Encryption protects the integrity of the record and prevents exposure to potential security
risks. It also prevents authenticated users with higher access from sending links to information
to non-authorized users.
INTEGRITY OF THE COURT RECORD
To protect the integrity and availability of the court record, public access will not be to the
original record, but to a replicated and redacted version.
Online links shall be encrypted to prevent return access to a URL via “cut and pasting”. Link
refresh times shall time out.
REDACTION
Redaction is the process of obscuring confidential information contained within a public record
from view. Redacted portions of the record are blacked out. Redaction may be accomplished
manually or through use of technology such as redaction software. Redaction software is used
when information is in electronic form. If redaction software is used, it must identify and protect
confidential records through redaction of confidential content. For efficiency, redaction software
is preferred over manual processes when the files are in electronic form.
Standards for Access to Electronic Court Records December 2016 Page 9
There are generally two levels of redaction:
• Level 1 -The system reads the images and uses the knowledge base to auto-redact
suspect regions.
• Level 2 -Redacted images are presented to a first reviewer to accept or decline to
redact selected data on the image.
Redaction software may not identify all sensitive data when the source is unreadable, such as
with handwritten text or poor quality images. In these instances, a manual process must exist to
review to review records that cannot be redacted by software. It is recommended that access to
these records be limited to “available upon request”, to ensure proper review and redaction can
be completed records are made available for on-line for viewing. The default view for judges is
the non-redacted version of the record.
QUALITY ASSURANCE
Clerks must employ redaction processes through human review, the use of redaction software or
a combination of both. Clerks must audit the process adopted at least annually for quality
assurance and must incorporate into their processes new legislation or court rules relating to
protection of confidential information. It is recommended that clerks advise commercial
purchasers that court records are regularly updated, and encourage use of updated records.
PERFORMANCE
Search parameters for internet access to electronic records will be limited to the following:
A. Public User
1. case type
2. case number
3. party name
4. citation number
5. date range
B. Authenticated Users may have more robust search features than public users.
Non-confidential data or data accessed by an authenticated user may be viewed immediately.
Some images may be "viewable on request" to allow time for the redaction process.
Online access to documents stored as images may be provided. Documents stored as images are
“view only”. If a requested document is maintained by the clerk in a searchable format, the
document may be provided to the public in that format, but only in response to a specific request.
Search capability, if available, will be limited to such requested document and must not support
automated bulk search requests.
Only authorized automated search programs, to be used solely on the indices, shall be used with
the court’s electronic public access system. Automated search programs may not be used on any
other component of the court’s electronic public access system. The court and clerk will
Standards for Access to Electronic Court Records December 2016 Page 10
determine the criteria for authorization of any automated search programs. Such authorization
may be revoked or modified at the discretion of the court and clerk.
ARCHIVAL REQUIREMENTS
Electronic records must be archived in a manner that protects the records from degradation, loss
of content, or problems with software compatibility relative to the proper rendering of electronic
records.
AUTHENTICATION REQUIEMENTS
Members of the general public do not require a username or password to access information that
is generally available to the public. For information that is accessible to individuals or entities
beyond general public access, users must be authenticated to verify their role and associated
access levels. Users must subscribe to the access system, and provide information to verify their
identity. Users are then assigned a login account. At a minimum, users accessing records and
information beyond general public access must have a user name and password, and have the
ability to change their password using self service within the access portal.
USER MAINTENANCE
Each state or local government agency or law office with personnel who access electronic
records in a role that must be authenticated must assign a gatekeeper to notify clerk’s office staff
of employee or contractor changes. Each agency and law office must remove terminated
employees or contractors and must accept responsibility for unauthorized access. The clerks
must develop and maintain agreements clearly defining responsibilities for user maintenance.
