Comparison of the FOIA and Privacy Act

FOIA

• Codified at 5 U.S.C. 552.
• Passed in 1966, became effective July 4, 1967.
• Passed after protracted legislative efforts, including a decade of hearings.

Privacy Act

• Codified at 5 U.S.C. 552a.
• Passed in 1974, became effective September 25, 1975.
• Passed in haste as an outgrowth of Watergate reforms and the growing use of computers.

FOIA

• Ensures an informed citizenry.
• Opens government activity to public scrutiny.

Privacy Act

• Restricts disclosure of personally identifiable records.
• Grants individuals an increased right of access to records about them.
• Allows individuals the right to amend records that are not accurate.
• Establishes a code of fair information practices.

FOIA

• Records are either created or maintained by the agency, and/or under agency control.

Privacy Act

• Any item, collection or grouping of information about an individual that is maintained by an agency in a “system of records.”

There is no requirement to create records that do not exist under either statute. See page 93 and 94 of the Department of Justice Overview of the Privacy Act of 1974, 2012 Edition.

FOIA

• “Any person” can gain access to non-exempt records.

Privacy Act

• Only the subject of the record (First Party Access) or appropriate designee (Third Party Access) can gain access.
• Applies only to U.S. citizens and aliens lawfully admitted for permanent residence.
• Access may also be granted through “exceptions,” including published routine uses.

FOIA

• Reasonable search of all records created or maintained by the agency including those in Privacy Act systems of records.

Privacy Act

• Search is limited to records contained in a system of records maintained by the agency, unless you have reason to believe that records exist in non-Privacy Act files.

FOIA

• Processing times outlined in statute.
• 20 business days.
• 10 additional days in exceptional circumstances.

Privacy Act

• Statute does not specify processing time limit.
• Processing times defined by agency regulation.
• The Department of Justice has stated that all Privacy Act requests are to be processed as FOIA requests, which generally provides a much broader search and a greater access to information to the party requesting the information, thus imposing a 20 business day response time to the request.

FOIA

• Adequacy of search.
• Failure to comply with the time limits as outlined in statute.
• Denial of information in full or part pursuant to an exemption.
• Denial of fee waiver or expedited processing.
• Process included in statute and implementing regulation.

Privacy Act

• Denial of access.
• Denial of amendment.
• Process established by regulation not statute.

FOIA

• Uniform fee schedule prescribed by OMB.
• Sets search, review and duplication costs based on the category type of the requester.
• Provision for fee waivers.
• Must resolve fee matters prior to processing.

Privacy Act

• Fees limited to duplication costs.
• Costs outlined in implementing regulations.

FOIA

• (b)(1) Exempts properly classified information pursuant to prevailing executive order on classification from disclosure.
• (b)(3) Exempts from disclosure, information that is specifically exempted from disclosure by statute.
• (b)(7)(A), (b)(7)(B), (b(7)(C), (b)(7)(D), (b)(7)(E) and (b)(7)(F) Exempts information compiled for law enforcement purposes from disclosure.
• (b)(3) Exempts from disclosure, information that is specifically exempted from disclosure by statute.
• No comparable exemption.
• (b)(6) Exempts information that if disclosed would invade another individual's personal privacy.
• (b)(2) Exempts information related solely to the internal personnel rules and practices of an agency from disclosure.
• (b)(5) Exempts deliberative information from disclosure.(b)(7)(D) Exempts information that could reasonably be expected to disclose the identity of a confidential source from disclosure.
• (b)(4) Exempts information that concerns business trade secrets or other confidential commercial or financial information from disclosure.
• (b)(5) Exempts from disclosure, information that concerns communications within or between agencies which are protected by legal privileges that include but are not limited to:
  • 1. Attorney-Work Product Privilege
  • 2. Attorney-Client Privilege
  • 3. Deliberative Process Privilege
  • 4. Presidential Communications Privilege
• (b)(8) Exempts from disclosure, information that concerns the supervision of financial institutions.
• (b)(9) Exempts geological information on wells from disclosure.

Privacy Act

• (k)(1) Exempts properly classified information from disclosure.
• (j)(1) Exempts CIA Records from disclosure.
• (j)(2) and (k)(2) Exempts investigative material compiled for law enforcement purposes from disclosure.
• (k)(3) Exempts information related to the protection of the President from disclosure.
• (k)(4) Exempts information used solely as a statistical record from disclosure.
• (k)(5) Exempts from disclosure, investigative material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal Civilian employment, military service, Federal contracts or access to classified information but only to the extent that disclosure of such material would reveal the identity of a confidential source.
• (k)(6) Exempts testing and evaluation materials from disclosure.
• (k)(7) Exempts evaluation material used to determine potential for promotion in the armed services, but only to the extent that the disclosure of such material would reveal the identity of a confidential source who furnished information to the government.
• (d)(5) Exempts information compiled in reasonable anticipation of a civil action or proceeding from disclosure.

FOIA

• Judicial review after exhausting administrative remedies:
  • Denial or procedural matters.
  • Option for immediate judicial review in timeliness cases.
  • Attorney fees and litigation costs.

Privacy Act

• Judicial review for access, accuracy or amendment cases.
• Privacy right of action for violations.
  • Civil and criminal penalties.

FOIA

• Appeal
  • Requesters can appeal the adequacy of search, no record responses, fees, full, or partial denial of information.

Privacy Act

• Amendment
  • Requesters can appeal adverse determinations.
  • Can seek amendment of “factual” information (not opinions).

FOIA

• FOIA Officer or FOIA Analyst or FOIA Coordinator as appropriate.

Privacy Act

• FOIA Officer, Privacy Officer or Systems Manager.

FOIA

• Ensure you have a valid request.
  • Reasonable description of records being sought.
  • Acknowledge the request with an acknowledgement letter.
  • Conduct a reasonable search for responsive records.
• Review records to determine if information should be withheld.
  • Conduct line by line review.
• Making determination to withhold or release records under FOIA.
  • Records must be exempt under one of the 9 exemptions and/or be shown to cause harm to the agency, if released to be withheld.
  • Withhold segregable portions of otherwise releasable documents.
• Provide appropriate appeal rights.

Privacy Act

• Ensure you have an appropriate request.
  • First party of authorized representative.
  • Disclosure pursuant to a published routine use.
• Review system notice to determine if exemptions apply.
  • Properly published exemptions, except (d)(5) which is self-executing.
• Continue to process under FOIA.
  • Records must contain both a Privacy Act exemption and a FOIA exemption to be withheld.
• Provide appropriate appeal rights.

FOIA

• Attorney fees and litigation costs.

Privacy Act

• Civil and criminal penalties for maintaining illegal Privacy Act system of records; willfully requesting a record under false pretenses; or willfully disclosing to unauthorized entity.