The Freedom of Information Act (FOIA) was passed in 1966 and became effective July 4, 1967, and the Privacy Act was passed in 1974 and became effective September 25, 1975. Both Acts were passed as a result of hearings on the abuse of power and information. However, the Privacy Act was particularly inspired by not only the abuses of power and information from the collection of information on American citizens but also the Watergate scandal and the rising growth of the use of computers to store information on the public. While at first glance the FOIA and the Privacy Act seem quite similar, there are in fact distinct and important differences in their objectives.  

The purpose of FOIA is to ensure that citizens are able to be informed on the inner workings of the federal government. The policy objectives of the Privacy Act are to grant individuals an increased right of access to records about themselves; it also allows individuals the right to amend records that are not accurate. Yet another objective of the Privacy Act is to establish a code of fair information practices.

There are some important differences in the application of the laws and the ways the government responds to access requests as well. The FOIA provides anyone with access to non-exempt records from the federal government. While the Privacy Act provides first-party access or third-party access to an appropriately designated individual to receive a copy of records on the first-party individual. Additionally, searches for records under the FOIA must include a search of all records that are created or maintained by the federal government agency, including those in a Privacy Act system of records. Whereas a search for records under the Privacy Act is limited to records contained in a system of records maintained by the agency, unless you have reason to believe that records exist in non-Privacy Act files.

ADVERTISEMENT

Cassie IAPP Leaderboard - AI Checklist-041024-WP

For an indepth comparative analysis of the two laws, click here.

Here are some tips for government information specialists to utilize when processing a FOIA request or a Privacy Act request.

Processing a FOIA Request

When processing a FOIA request it is a good idea to first ensure that you have a valid request. A valid request provides a reasonable description of the records being sought. The FOIA request should be acknowledged with an acknowledgement letter. Additionally, make certain that you conduct a reasonable search for responsive records and conduct a line-by-line review to determine if information should be withheld under one of the nine FOIA exemptions. When making the determination to withhold or release records under the FOIA, ensure that you are able to show that there may be harm to the agency if the information that you are proposing to withhold were released. As much as possible, the agency official preparing the records for release under the FOIA should withhold segregable portions of the otherwise releasable documents. The final response letter to a FOIA request should always provide appeal rights.

Processing a Privacy Act Request

When processing a Privacy Act request, ensure that you have an appropriate request and that the request is from a first party or authorized representative. Furthermore, ensure that you only disclose information pursuant to a published routine use. Review the System of Records Notice (SORN) to determine if exemptions apply. The Privacy Act request should continue to be processed under the FOIA, and the records must contain both a Privacy Act exemption and a FOIA exemption to be withheld. The final response letter to the Privacy Act request should provide appeal rights to the requester.

Failure to properly process a FOIA request may mean the agency will have to pay the attorney fees and litigation costs of the requester if ordered so by a judge. Under the Privacy Act there are both civil and criminal penalties for maintaining an illegal Privacy Act system of records. There are also civil and criminal penalties for willfully requesting a record under false pretenses or willfully disclosing to an unauthorized entity.

Important Things to Remember When Processing a FOIA or Privacy Act Request

  • The requester doesn’t always know which statute applies to his/her request.
  • Review the threshold requirements of each statute in conjunction with the subject of the request.
  • Once a decision is made on which statutes apply, follow all relevant agency and departmental guidance.
  • Reference the agency and departmental Privacy Act SORNs.

Eight Steps to Processing a FOIA/Privacy Act Request

  1. Identify the requester.
  2. Review the request, agency records and/or Privacy Act System of Records.
  3. If the request is for records in a Privacy Act System of Records, review the SORN.
  4. Inform the requester under which act(s) you are processing their request.
  5. Explain very thoroughly any exemptions used to withhold information, as this will help to cut down on appeals.
  6. Provide information on appeal rights.
  7. Explain fees and the decision to grant or deny fee-waiver requests.
  8. Make sure your response is timely, accurate and complete.

Sources: Department of Defense (DOD) Office of the Secretary of Defense and Joint Chief of Staff Privacy Office, Department of Defense Civil Liberties and Privacy Office, Department of the Navy, Indian Health Service and the Department of Justice (DOJ).

Further Reading