The FOIA Ombudsman

Well-crafted FOIA regulations are a must and will leave agency FOIA professionals resting easy. (ARC Identifier 514682)

Freedom of Information Act regulations sound like a sure cure for insomnia, but if FOIA were a movie, their role would be a real sleeper. We at OGIS recognize that well-crafted FOIA regulations are key to an effective agency FOIA process so we regularly comment on proposed changes to regulations as part of our statutory mission to review agency FOIA policies, procedures and compliance. Regulations set the stage for an agency’s FOIA program and exist for both requesters and agency FOIA professionals.   

The FOIA statute itself says that agencies shall have regulations that

• Specify a fee schedule and limit those fees to reasonable standard charges;
• Designate agency components to receive requests; and  
• Provide for expedited processing.

FOIA also says that agencies may have regulations regarding multi-tracking processing and the aggregation of certain requests by the same requester or group of requesters acting together.

A recent audit of agency FOIA regulations found that more than half of 99 agencies have not updated their FOIA regulations since the OPEN Government Act of 2007, which amended FOIA and created OGIS. The audit, conducted by the nongovernmental National Security Archive, which maintains a clearinghouse of declassified documents, also found that 17 agencies have not posted their regulations on their FOIA websites as required by the E-FOIA of 1996.

The day of the audit’s release, a representative of the National Security Archive joined representatives from OpenThe Government.org, the Federal Register and OGIS to discuss best practices for FOIA regulations at the American Society of Access Professionals’ annual symposium and training conference at the National Archives Dec. 4-5.

OGIS recognizes that revising FOIA regulations can be a mammoth task. We’re here to help.

In addition to regularly consulting FOIA regulations as part of our mission of providing mediation services, OGIS monitors the Federal Register for notice of proposed FOIA regulations and revisions, and comments via the public comment process through our parent agency, the National Archives. In the last two years, we’ve commented on 15 proposed department and agency FOIA regulations, as well as proposed FOIA/Privacy Act request forms at two agencies.

We’ve also conducted three collaborative reviews in which we worked with three departments and agencies reviewing their FOIA regulations before the Federal Register comment period.

A set of best practices, based on the comments we’ve submitted, is designed to help agencies that are considering revising their regulations. OGIS suggests, among other things, that agencies include language that establishes

• A process in which the referring agencies notify requesters of the name of the agency to which the request has been referred, the part of the request that has been referred and a point of contact at the receiving agency;
• A process for providing requesters with fee estimates, including a breakdown of fees for search, review and duplication, as well as the administrative discretion to waive fees; and
• A commitment to work with OGIS, including alerting requesters in final agency determinations that OGIS exists to provide mediation services so requesters have an alternative to filing a lawsuit if they are dissatisfied.

If you’re at an impasse on updating your FOIA regulations, contact us and let’s see if we can help you.

Government agencies have billions of records. Making those records findable and preserving them for future generations requires careful calibration. (ARC Identifier 3493247)

It’s common wisdom in the library and information science community that if you have something and you can’t find it, you don’t have it. This principle is as true for agencies’ records as it is in university libraries, and it directly affects the efficiency and effectiveness of agency FOIA programs.

We’ve written before about President Obama’s Memorandum on Managing Government Records and the Managing Government Records Directive, issued jointly by the Office of Management and Budget (OMB) and our parent agency, the National Archives and Records Administration (NARA). These directives represent a new focus at the very highest levels on the importance of government records management.

In the five months since it released the Directive, NARA’s Records Management staff has been working hard to lay the groundwork for the major changes in store, and agencies also have taken first steps. The Directive requires agencies to select a Senior Agency Official (SAO) who is ultimately responsible for leading the records management effort.

The SAO has an essential role in the records management directive:

• Ensuring that permanent records are identified for transfer and reported to NARA;
• Establishing agencywide records management training; and
• Ensuring that all agency records are scheduled for retention and disposition

Archivist of the United States David Ferriero hosted the SAOs for a kickoff meeting on November 25, 2012. Much of the discussion focused on SAOs’ responsibilities under the Directive, including establishing a records management training program. There was also a great deal of discussion on OPM’s goal to establish a records management job series by the end of 2013.

As the Archivist pointed out in his remarks, the hard work on the records management effort is still to come. While the goals and timelines of the Directive are daunting, the meeting attendees made it clear that agencies are ready to move forward and modernize their records management programs.

OGIS has continually beaten the drum for improved records management practices. We’ve observed how agencies that link their records management and FOIA programs tend to see improvements in both. We cannot wait to see how improving records management across the government yields benefits for FOIA programs. We will continue to report on the Directive’s progress, but if you are hungry for more information, check out the Records Express blog.

We’re busy making best practices. Hope you’re hungry! (ARC Identifier 522689)

While many (correctly) associate OGIS with mediation services to resolve FOIA disputes, those services are not the full extent of our mandate. Congress created OGIS to also review agencies’ FOIA policies, procedures and compliance. Sounds great, but how does OGIS learn what agencies are doing, and what do we do with that information?

Obviously, our work providing mediation services gives us some perspective on how agencies do their FOIA work. But another way that we review what’s happening in FOIA shops across the government is by reading annual Chief FOIA Officer (CFO) Reports. FOIA requires each agency’s CFO to report to the Attorney General on the agency’s performance in implementing FOIA. The annual reports, to the Department of Justice’s Office of Information Policy, provide a broad overview of the leadership and direction of each agency. These reports are a great source of details about what is working in agency FOIA shops. For instance:

• The United States Postal Service appointed a representative from each of its departments who works with the records management division to identify records that should be proactively disclosed online.
• The Federal Communications Commission created a new website that makes government data available in formats that can help entrepreneurs build innovative applications, including making APIs available for developers.
• A FOIA program manager at the U.S. Department of State provides weekly training for new information management officers sent to overseas posts and responsible for FOIA duties.

You may have heard Congress’s process of making laws described as “making sausage” (in that you don’t want to see how it’s done). Once we’ve  sifted through the CFO reports, the details we glean become our favorite ingredient in our version of “sausage” – OGIS’s recommended best practices. We share best practices in a number of ways, including in our reports, special publications, and this blog.

We’ll be publishing a new round of best practices (serving up more sausage!) in the coming months in conjunction with our report on Fiscal Year 2012.

Wounded soldiers recover in a Civil War hospital in the early 1860s. A combination of medical care and their cheerful demeanors demonstrated in this Mathew Brady photo may have ensured that some lived long enough for Prof. Costa’s research project. (ARC 524777)

When University of California–Los Angeles economics professor Dora Costa started looking at aging processes and extreme longevity, she knew military files of Civil War veterans would be crucial to her research. Costa planned to compare medical records and life histories of Civil War veterans with present-day veterans’ records for soldiers who lived to be at least 95 years old. If Costa and her team can better understand how aging processes change over time, they can better understand aging generally.

The project – which includes 12 universities and has spanned more than 20 years – is funded by a Federal grant from the National Institute on Aging, part of the National Institutes of Health. For her part, Costa needed to gather about 1,000 Civil War veterans’ files to ensure a large enough sample size. While the records are physically stored in Federal Records Centers around the country, run by the National Archives and Records Administration (NARA), the records remain under the control of the Department of Veterans Affairs (VA).

In March 2010, Costa filed a Freedom of Information Act (FOIA) request with the VA asking for the 1,000 records by name of the veteran, explaining that she was a university researcher working on an educational research project. The VA responded that, pursuant to its standard agreement with the Federal Records Centers to pay the labor costs associated with processing records requests, it would cost $50 per hour to process the request. What’s more,  the average time for each record is one hour. Costa was floored by the VA’s $50,000 estimate. She wrote back and explained that she had worked with NARA to pull historical military records before and had not encountered such a policy. She filed a FOIA appeal and the VA affirmed its action.

VA regulations allow the agency to charge the direct costs of responding to a request; however, the VA did not address Costa’s requester status or whether she might qualify for a preferred requester category.

The parties were at an impasse. Costa needed the records for her research and didn’t see why these costs would come up when she had previously obtained records stored at NARA facilities without such expense. The VA could process the request, but would get a hefty bill from NARA for its labor – and if the VA couldn’t pass it on to the requester, as its regulations allow, the agency would be out 50 grand. A tough spot all around.

In May 2010, Costa called the Office of Government Information Services (OGIS) and asked for help. “I was running into a brick wall with the VA,” she said. It took nearly two-and-a-half years, but OGIS was able to work with the VA, NARA and Costa to resolve the fee issue, locate records around the country and get copies to Costa and her team.

At OGIS’s request, the VA reviewed the fee category and determined that Costa qualified as an educational requester. (In the end, the VA waived all fees entirely because of the length of time involved.) Next, OGIS worked with Costa and the VA to identify the records sought by using VA and NARA records databases. Nine Records Centers from Seattle to St. Louis had the records Costa sought access to; staffers pulled and copied the files and sent them over to the VA. The VA reviewed the records for names of any possible living beneficiaries and sent the records to Costa and her team in October 2012.

“Your involvement made a huge difference,” Costa told OGIS.

The request was filled thanks to the collaboration and assistance from the professionals at the VA, NARA and the Federal Records Centers across the country. OGIS kept the ball moving, giving the occasional prod when needed, but it was the perseverance of the folks in the agency trenches that got this request processed. They made a plan to locate the records using sometimes-outdated databases, worked to pull the files, copied the delicate pages and reviewed them line-by-line.

And in the end, 21 big boxes of records in  Costa’s UCLA office will ensure some longevity to this project.

Class is in session for small agencies looking to better resolve FOIA disputes. However you get to training, please join us! (ARC Identifier 532148)

OGIS will offer an all-day Dispute Resolution Skills for FOIA Professionals training program on Monday December 3, 2012, at the National Archives building in Washington, D.C.

While we’ve offered this training program — which equips FOIA professionals with practical communications and dispute resolution skills — for nearly three years, this session will be a little different. This time, we’ve tailored the training for FOIA professionals from smaller agencies.

Small agencies face big problems when it comes to FOIA. Naturally, small agencies tend to have small FOIA staffs, but resource issues aren’t the only challenges they face. Small agency FOIA shops also contend with referrals and consultations (often with larger agencies) and the need to develop a team approach to responding to FOIA requests. In small agencies, the FOIA shop may consist of one FOIA professional, which can make it difficult to handle competing priorities. All the more reason to have good communication skills to avoid disputes. We will examine each of these issues on December 3 and discuss ways to tackle them.

If you are a small agency FOIA professional, we hope that you will join us for this special session. Please email ogis@nara.gov for more information and to register.

Just as in a polka, OGIS must “step in” at that right point in the FOIA process. (ARC Identifier 557790)

Experienced FOIA requesters can attest that FOIA requests follow a well-established process: a requester submits a request; the agency responds to that request; if the requester is dissatisfied with the response, he/she submits an administrative appeal; the agency responds to the appeal. Before OGIS opened in 2009, a requester who remained dissatisfied after the agency issued a response to his/her appeal had one recourse: Federal court. Considering the FOIA  process, when does OGIS get involved in FOIA disputes?

If you ask an OGIS staffer, she’ll likely tell you that OGIS strives to work in harmony with an agency’s administrative process. That’s because OGIS was established as a non-exclusive alternative to litigation. So, a requester should contact OGIS when he or she is contemplating litigation – in other words, when he or she completes the administrative process.

So does OGIS get involved in FOIA disputes before the agency issues a final decision on a FOIA appeal? As The Simpsons’ Reverend Lovejoy famously said: “The short answer is ‘yes’ with an ‘if.’ The long answer is ‘no’ with a ‘but.’” Let’s look at the short answer first.

The OPEN Government Act of 2007 directed agencies to make their FOIA Public Liaisons available to requesters. It also specified that FOIA Public Liaisons are to help resolve FOIA disputes. See 5 U.S.C. §§ 552 (a)(6)(B)(ii) & (l). If the administrative process is not completed (i.e., you have not received a response to your administrative appeal), we would encourage you to first contact the agency’s FOIA Public Liaison for assistance. A FOIA Public Liaison is in the best position to answer questions about his/her agency’s administrative process, answer questions about the agency’s records, and look into the status of your request.

So will OGIS get involved before an appeal is decided? In some cases, yes. We’ve had cases in which the administrative process has broken down to the point that it is appropriate for OGIS to get involved. In cases of significant delay, this might involve OGIS contacting the agency to determine the status of a request or an appeal. We’ve also been contacted by agencies asking us to assist them with overly broad requests or with communicating with a requester. In those cases we worked with the requester and the agency to understand the interests of each, narrow the request where it was possible, and facilitate internal and external communications.

The key to understanding OGIS’s role – at this or any point in the administrative process – is our commitment to the team approach. OGIS cannot compel an agency to release records, nor will we ask an agency to process one request or appeal ahead of another. What we can do is encourage an agency and a requester to work together to satisfy the shared goal of completing a FOIA request.

We look forward to hearing from you, wherever you are in the process!

When you request records about yourself from the Federal government, agencies apply both the Freedom of Information Act (FOIA) and the Privacy Act of 1974 (Privacy Act) to grant the most access possible.

FOIA and the Privacy Act have different purposes. FOIA provides the public with a right of access to government records while the Privacy Act was created to protect information about individuals from release to others while allowing them to access it. OGIS has written about the basic differences between both laws before, and on October 24, 2012, we partnered with the Justice Department’s Office of Information Policy for our quarterly Requester Roundtable to tackle this topic in person.

About 20 requesters and agency FOIA and Privacy Act professionals covered many of the technical provisions of the laws and posed some helpful questions—and answers.

Q:  How do you request your own records under the Privacy Act?

• You do not need to cite the name of the law in your request. When you request records about yourself, the agency will automatically process the request using both FOIA and the Privacy Act.
• You must validate your identity by using a certification of identity, or other such form, that you sign under penalty of perjury verifying that you are who you say you are. This DOJ form is a good example. Other departments and agencies have different forms for this purpose and you should check agency FOIA websites for the proper form to use.
• After a review for withheld material, the records will be released to you (or to a designee) and are not considered a release to the public. With FOIA, a release to one is a release to all. With the Privacy Act, a release is intended only for the individual requester.

Q:  We know that FOIA applies to all agency records, which is just about anything that an agency maintains, but what is covered by the Privacy Act?

• Only Federal agencies are subject to the Privacy Act; state and local governments are not.
• Only records of U.S. citizens or Lawful Permanent Residents are covered; corporations, associations and foreign nationals are excluded.
• Records must be about an individual and contained in a location (or “system” in Privacy Act terms) where they can be retrieved by a name or identifier (such as a case number).
• The record must actually be retrieved by that name or identifier in its system of records. This becomes important in the digital age now that records are not necessarily kept in physical paper files. If a record is electronically stored, it does not matter that it could be retrieved by name; for it to qualify as a Privacy Act record, the record must actually be retrieved by name.

Q:  How will the agency use both laws to process the request?

• The agency FOIA professional processing your request will likely start the analysis under the Privacy Act.
  • If no Privacy Act exemptions apply, that ends the analysis and the record is released.
  • If one of the 10 Privacy Act exemptions apply to any part of the record, the agency will then look to FOIA to determine if the information is also exempt under FOIA.
  • If a Privacy Act exemption and FOIA exemption applies, the agency must withhold the information. The information must be exempt under both statutes to be withheld from disclosure.

Q:  Can agencies disclose records about individuals without a request?

• Agencies must have what is called a “routine use” established through rulemaking, which includes public notice and comment, in order to share Privacy Act-protected information absent a request or the individual’s written consent. The Privacy Act also contains 12 conditions of disclosure under which agencies can disclose information about individuals without a request or consent. 5 U.S.C. § 552a(b).
  • Agencies may only share information among themselves if the disclosure would fall within one of the 12 conditions of disclosure or there is a routine use that allows the sharing of information between agencies. OGIS is working to establish a routine use with all agencies so we can streamline our processes to discuss FOIA disputes.
  • Agencies must have a specific purpose for a routine use to share information with the public, such as disclosure of sex offenders pursuant to federal law.
• If an agency makes a disclosure outside of what is allowed under the Privacy Act and a routine use does not apply, the individual can sue the agency for money damages.

Q:  What if a record is about me, but not contained in a “system or records” or retrieved by my name or identifier?

• That record is not considered a Privacy Act record and would be processed under FOIA, applying any exemptions that might apply to protect privacy interests of third parties, such as Exemptions 6 or 7(C). 5 U.S.C. §§ 552(b)(6) or (7)(C).
• The good news is that since more agency records are not contained within Privacy Act “systems of records,” requesters have access to a bigger universe of records under FOIA.

Q:   What if someone else requests records about me?

• The Privacy Act has a “no disclosure without consent” provision such that an agency cannot release your records without your permission.
• If your records are maintained in another individual’s file, the records would be processed under FOIA and FOIA privacy exemptions would apply unless you provided your signed consent to allow the release of your records.

Q: Who oversees the Privacy Act and the FOIA?

• The Office of Management and Budget is the legal authority for the Privacy Act.
• The Attorney General is charged with encouraging FOIA compliance.
• The Justice Department’s Office of Information Policy develops FOIA policy.
• OGIS is charged with reviewing agencies’ FOIA policies, procedures and compliance. While Privacy Act matters fall outside the scope of OGIS’s mission, because they often overlap with FOIA, we provide ombuds services to individuals requesting their own records.

Both the Freedom of Information Act (FOIA) and the Privacy Act  contain provisions that grant a right of access to Federal records. Hear from government experts in both fields about The Intersection of the Privacy Act and the Freedom of Information Act at the next FOIA Requester Roundtable on October 24, 2012.

OGIS, along with the Office of Information Policy (OIP), co-hosts a series of roundtable discussions with FOIA professionals and the FOIA requester community. These regular sessions focus on issues surrounding requests made for various types of records, such as law enforcement records, records about third parties, and contractor and other business-related records, as well as the procedural issue of document referrals and consultations. This session will address the the relationship between the Privacy Act and the FOIA, as well as the challenges that requesters and agencies face navigating between the two Acts. These sessions provide an opportunity to participate in the exchange of ideas and help increase understanding of the issues surrounding these topics.

The roundtable will be held October 24, 2012 from 10 a.m. to noon in OIP’s Conference Room: 1425 New York Avenue, NW, Suite 11050 Washington, D.C. Registration is required to attend each Requester Roundtable. If you are interesting in attending, please e-mail your name and phone number to OIP Training Officer Bertina Adams at DOJ.OIP.FOIA@usdoj.gov. Seating is limited and available on a first-come, first-served basis. Please note, you must also present government-issued picture identification to enter the building. If you have any questions regarding this event, please contact Ms. Adams at (202) 514-1010.

Let OGIS whet your appetite for resolving FOIA disputes at our upcoming brown bag lunch meeting (ARC Identifier 541236)

Conflict Resolution Week is October 15-19, 2012. To help celebrate, the federal Interagency Alternative Dispute Resolution Working Group is sponsoring a number of events. OGIS is pleased to be part of that celebration by offering the upcoming brown bag meeting/teleconference, “Dispute Resolution’s Impact on the FOIA Framework.”

If you are interested in how OGIS is using Dispute Resolution (DR) as a common meeting ground for FOIA disputes, please plan to join us in person (or on the phone) on Tuesday, October 16, 2012 from 11:00 a.m. to 12:30 p.m. OGIS Director Miriam Nisbet and Jean Whyte, Director of National Archives’ Alternative Dispute Resolution program, RESOLVE, will discuss these questions and more:

•  How does OGIS use DR to work with requesters and agencies?
• How can agencies use OGIS’s services and how can they use DR skills at the earliest? possible time to make the FOIA process go more smoothly?
• What kinds of cases has OGIS handled in the past three years?
• Where are the opportunities for DR practitioners and for FOIA professionals?
• What are the barriers to this emerging area of DR?

Please bring your lunch and join us for what promises to be a lively discussion. If you prefer to join the conversation by phone, please let us know in your response and we will send you the telephone and conference numbers. Please RSVP to ogis@nara.gov for more information.

SORNs get our mojo flowing! (ARC Identifier 532261)

We at OGIS are always looking for ways to streamline our procedures and we’ve encouraged your input. This time is no different as we seek your support in ginning up some mojo for an OGIS routine use!

Yes, an OGIS routine use, as in a Privacy Act system of records routine use. Without getting too technical (or boring you to tears), a routine use is a mechanism for sharing information without an individual’s prior written consent. Agencies can do that by  including routine use language in Privacy Act system of records notices (SORNs).

If you’ve worked with OGIS, you may recall that one of our case procedures is to obtain the requester’s consent to share information with Federal agencies. We do that so that when we provide mediation services, we do not violate the Privacy Act of 1974. We instituted this procedure because agencies’ Freedom of Information Act (FOIA) request and appeal files are protected by the Privacy Act of 1974, which prohibits agencies from sharing information contained in these files without the requester’s prior written consent or the existence of a routine use allowing this type of disclosure. See 5 U.S.C. §§ 552a(b) & (b)(3).

When an agency’s Privacy Act SORN contains a routine use allowing the agency to share information with OGIS, it reduces the delay between opening a new OGIS  case and resolving the dispute because we do not need to wait for receipt of the requester’s consent. It’s cost effective, too.

The Departments of Health and Human Services, Justice, State and Transportation and the Office of Special Counsel have all revised their SORNs to include a routine use for this purpose. The U. S. Postal Service’s revised SORN will become effective on October 15, 2012. We’re  very pleased with their action and applaud this effort to build efficiencies into the FOIA administrative process.

OGIS worked with the Department of Justice (DOJ)  to develop a model routine use that agencies can use, which appears below. In an effort to keep the momentum going, we ask FOIA professionals to share this language with their Privacy Act Officers to hasten this important revision to the agency’s FOIA request and appeal SORN.

Here is DOJ’s model language:

To the National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. § 552(h), to review administrative agency policies,  procedures, and compliance with the Freedom of Information Act (FOIA), and to facilitate OGIS’ offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.

We’re on a roll and with your assistance we can keep the mojo going towards streamlining our procedures and improving how FOIA works. If you have other suggestions, we’d love to hear from you!