The Freedom of Information Act (FOIA) was passed in 1966 and became effective July 4, 1967, and the Privacy Act was passed in 1974 and became effective September 25, 1975. Both Acts were passed as a result of hearings on the abuse of power and information. However, the Privacy Act was particularly inspired by not only the abuses of power and information from the collection of information on American citizens but also the Watergate scandal and the rising growth of the use of computers to store information on the public. While at first glance the FOIA and the Privacy Act seem quite similar, there are in fact distinct and important differences in their objectives. An accompanying article was published here.
expand_more
The Statutes
FOIA
Codified at 5 U.S.C. 552.
Passed in 1966, became effective July 4, 1967.
Passed after protracted legislative efforts, including a decade of hearings.
Privacy Act
Codified at 5 U.S.C. 552a.
Passed in 1974, became effective September 25, 1975.
Passed in haste as an outgrowth of Watergate reforms and the growing use of computers.
expand_more
Policy Objectives
FOIA
Ensures an informed citizenry.
Opens government activity to public scrutiny.
Privacy Act
Restricts disclosure of personally identifiable records.
Grants individuals an increased right of access to records about them.
Allows individuals the right to amend records that are not accurate.
Establishes a code of fair information practices.
expand_more
Records
FOIA
Records are either created or maintained by the agency, and/or under agency control.
Privacy Act
Any item, collection or grouping of information about an individual that is maintained by an agency in a “system of records.”
There is no requirement to create records that do not exist under either statute. See page 93 and 94 of the Department of Justice Overview of the Privacy Act of 1974, 2012 Edition.
expand_more
Access Provisions
FOIA
“Any person” can gain access to non-exempt records.
Privacy Act
Only the subject of the record (First Party Access) or appropriate designee (Third Party Access) can gain access.
Applies only to U.S. citizens and aliens lawfully admitted for permanent residence.
Access may also be granted through “exceptions,” including published routine uses.
expand_more
Conducting a Search
FOIA
Reasonable search of all records created or maintained by the agency including those in Privacy Act systems of records.
Privacy Act
Search is limited to records contained in a system of records maintained by the agency, unless you have reason to believe that records exist in non-Privacy Act files.
expand_more
Processing Time Limits
FOIA
Processing times outlined in statute.
20 business days.
10 additional days in exceptional circumstances.
Privacy Act
Statute does not specify processing time limit.
Processing times defined by agency regulation.
The Department of Justice has stated that all Privacy Act requests are to be processed as FOIA requests, which generally provides a much broader search and a greater access to information to the party requesting the information, thus imposing a 20 business day response time to the request.
expand_more
Appeal Rights
FOIA
Adequacy of search.
Failure to comply with the time limits as outlined in statute.
Denial of information in full or part pursuant to an exemption.
Denial of fee waiver or expedited processing.
Process included in statute and implementing regulation.
Privacy Act
Denial of access.
Denial of amendment.
Process established by regulation not statute.
expand_more
Fees
FOIA
Uniform fee schedule prescribed by OMB.
Sets search, review and duplication costs based on the category type of the requester.
Provision for fee waivers.
Must resolve fee matters prior to processing.
Privacy Act
Fees limited to duplication costs.
Costs outlined in implementing regulations.
expand_more
Exemptions
FOIA
(b)(1) Exempts properly classified information pursuant to prevailing executive order on classification from disclosure.
(b)(3) Exempts from disclosure, information that is specifically exempted from disclosure by statute.
(b)(7)(A), (b)(7)(B), (b(7)(C), (b)(7)(D), (b)(7)(E) and (b)(7)(F) Exempts information compiled for law enforcement purposes from disclosure.
(b)(3) Exempts from disclosure, information that is specifically exempted from disclosure by statute.
No comparable exemption.
(b)(6) Exempts information that if disclosed would invade another individual's personal privacy.
(b)(2) Exempts information related solely to the internal personnel rules and practices of an agency from disclosure.
(b)(5) Exempts deliberative information from disclosure.(b)(7)(D) Exempts information that could reasonably be expected to disclose the identity of a confidential source from disclosure.
(b)(4) Exempts information that concerns business trade secrets or other confidential commercial or financial information from disclosure.
(b)(5) Exempts from disclosure, information that concerns communications within or between agencies which are protected by legal privileges that include but are not limited to:
1. Attorney-Work Product Privilege
2. Attorney-Client Privilege
3. Deliberative Process Privilege
4. Presidential Communications Privilege
(b)(8) Exempts from disclosure, information that concerns the supervision of financial institutions.
(b)(9) Exempts geological information on wells from disclosure.
Privacy Act
(k)(1) Exempts properly classified information from disclosure.
(j)(1) Exempts CIA Records from disclosure.
(j)(2) and (k)(2) Exempts investigative material compiled for law enforcement purposes from disclosure.
(k)(3) Exempts information related to the protection of the President from disclosure.
(k)(4) Exempts information used solely as a statistical record from disclosure.
(k)(5) Exempts from disclosure, investigative material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal Civilian employment, military service, Federal contracts or access to classified information but only to the extent that disclosure of such material would reveal the identity of a confidential source.
(k)(6) Exempts testing and evaluation materials from disclosure.
(k)(7) Exempts evaluation material used to determine potential for promotion in the armed services, but only to the extent that the disclosure of such material would reveal the identity of a confidential source who furnished information to the government.
(d)(5) Exempts information compiled in reasonable anticipation of a civil action or proceeding from disclosure.
expand_more
Litigation
FOIA
Judicial review after exhausting administrative remedies:
Denial or procedural matters.
Option for immediate judicial review in timeliness cases.
Attorney fees and litigation costs.
Privacy Act
Judicial review for access, accuracy or amendment cases.
Privacy right of action for violations.
Civil and criminal penalties.
expand_more
Appeals/Amendments
FOIA
Appeal
Requesters can appeal the adequacy of search, no record responses, fees, full, or partial denial of information.
Privacy Act
Amendment
Requesters can appeal adverse determinations.
Can seek amendment of “factual” information (not opinions).
expand_more
Who Responds
FOIA
FOIA Officer or FOIA Analyst or FOIA Coordinator as appropriate.
Privacy Act
FOIA Officer, Privacy Officer or Systems Manager.
expand_more
Processing
FOIA
Ensure you have a valid request.
Reasonable description of records being sought.
Acknowledge the request with an acknowledgement letter.
Conduct a reasonable search for responsive records.
Review records to determine if information should be withheld.
Conduct line by line review.
Making determination to withhold or release records under FOIA.
Records must be exempt under one of the 9 exemptions and/or be shown to cause harm to the agency, if released to be withheld.
Withhold segregable portions of otherwise releasable documents.
Provide appropriate appeal rights.
Privacy Act
Ensure you have an appropriate request.
First party of authorized representative.
Disclosure pursuant to a published routine use.
Review system notice to determine if exemptions apply.
Properly published exemptions, except (d)(5) which is self-executing.
Continue to process under FOIA.
Records must contain both a Privacy Act exemption and a FOIA exemption to be withheld.
Provide appropriate appeal rights.
expand_more
Penalties
FOIA
Attorney fees and litigation costs.
Privacy Act
Civil and criminal penalties for maintaining illegal Privacy Act system of records; willfully requesting a record under false pretenses; or willfully disclosing to unauthorized entity.
The Privacy and Civil Liberties Oversight Board declassified the implementation report on Presidential Policy Directive 28: Signals Intelligence Activities following a Freedom of Information Act request filed by New York Times Reporter Charlie Savage, Lawfare reports. PPD-28 was signed by President ...
In a blog post, ACLU National Security Project Staff Attorney Ashley Gorski discusses a Freedom of Information Act request filed by the advocacy organization to obtain a "crucial" report created by the U.S. Privacy and Civil Liberties Oversight Board. "Despite requests from a senator and the Europea...
After a privacy impact assessment revealed the U.S. Department of Immigration and Customs Enforcement procured query-based access to a third-party commercial automatic license plate reader database, the Center for Democracy & Technology announced it has filed a Freedom of Information Act request...
Motherboard reports on information it obtained via the Freedom of Information Act outlining U.S. Drug Enforcement Agency funding to train other law enforcement on exploiting social media platforms to mine data. According to a statement of work, the DEA "is responsible for keeping up with the increas...
The Electronic Privacy Information Center was handed two legal victories Tuesday involving public access to the FBI's record-keeping systems and their impact on privacy, POLITICO reports. EPIC originally filed the Freedom of Information Act requests in 2014 seeking the FBI's privacy impact assessmen...