FOIA v. Privacy Act: A Comparison Chart

Chart created by Todd Walls Sr, CIPP/G, CIPM, privacy offcer, Bureau of Indian Affairs. Click here to read the accompanying article.

The Statutes
FOIA
Privacy Act
FOIA: Codified at 5 U.S.C. 552
Privacy Act: Codified at 5 U.S.C. 552a
FOIA: Passed in 1966, became effective July 4, 1967
Privacy Act: Passed in 1974, became effective September 25, 1975
FOIA: Passed after protracted legislative efforts, including a decade of hearings
Privacy Act: Passed in haste as an outgrowth of Watergate reforms and the growing use of computers
Policy Objectives
FOIA
Privacy Act
FOIA: Ensures an informed citizenry.
Privacy Act: Restricts disclosure of personally identifiable records.
FOIA: Opens government activity to public scrutiny.
Privacy Act: Grants individuals an increased right of access to records about them.
 
Privacy Act: Allows individuals the right to amend records that are not accurate.
 
Privacy Act: Establishes a code of fair information practices.
Records
FOIA
Privacy Act
FOIA: Records are either created or maintained by the agency, and/or under agency control.
Privacy Act: Any item, collection or grouping of information about an individual that is maintained by an agency in a “system of records.”
There is no requirement to create records that do not exist under either statute. See page 93 and 94 of the Department of Justice Overview of the Privacy Act of 1974, 2012 Edition.
Access Provisions
FOIA
Privacy Act
FOIA: “Any person” can gain access to non-exempt records.
Privacy Act: Only the subject of the record (First Party Access) or appropriate designee (Third Party Access) can gain access.
 
Privacy Act: Applies only to U.S. citizens and aliens lawfully admitted for permanent residence.
 
Privacy Act: Access may also be granted through “exceptions,” including published routine uses.
Conducting a Search
FOIA
Privacy Act
FOIA: Reasonable search of all records created or maintained by the agency including those in Privacy Act systems of records.
Privacy Act: Search is limited to records contained in a system of records maintained by the agency, unless you have reason to believe that records exist in non-Privacy Act files.
Processing Time Limits
FOIA
Privacy Act
FOIA: Processing times outlined in statute
Privacy Act: Statute does not specify processing time limit
FOIA: 20 business days
Privacy Act: Processing times defined by agency regulation
FOIA: 10 additional days in exceptional circumstances
Privacy Act: The Department of Justice has stated that all Privacy Act requests are to be processed as FOIA requests, which generally provides a much broader search and a greater access to information to the party requesting the information, thus imposing a 20 business day response time to the request.
Appeal Rights
FOIA
Privacy Act
FOIA: Adequacy of search
Privacy Act: Denial of access
FOIA: Failure to comply with the time limits as outlined in statute
Privacy Act: Denial of amendment
FOIA: Denial of information in full or part pursuant to an exemption
Privacy Act: Process established by regulation not statute
FOIA: Denial of fee waiver or expedited processing
 
FOIA: Process included in statute and implementing regulation
 
Fees
FOIA
Privacy Act
FOIA: Uniform fee schedule prescribed by OMB.
Privacy Act: Fees limited to duplication costs.
FOIA: Sets search, review and duplication costs based on the category type of the requester.
Privacy Act: Costs outlined in implementing regulations.
FOIA: Provision for fee waivers.
 
FOIA: Must resolve fee matters prior to processing.
 
Exemptions
FOIA
Privacy Act
FOIA: (b)(1) Exempts properly classified information pursuant to prevailing executive order on classification from disclosure.
Privacy Act: (k)(1) Exempts properly classified information from disclosure.
FOIA: (b)(3) Exempts from disclosure, information that is specifically exempted from disclosure by statute.
Privacy Act: (j)(1) Exempts CIA Records from disclosure.
FOIA: (b)(7)(A), (b)(7)(B), (b(7)(C), (b)(7)(D), (b)(7)(E) and (b)(7)(F) Exempts information compiled for law enforcement purposes from disclosure.
Privacy Act: (j)(2) and (k)(2) Exempts investigative material compiled for law enforcement purposes from disclosure.
FOIA: (b)(3) Exempts from disclosure, information that is specifically exempted from disclosure by statute.
Privacy Act: (k)(3) Exempts information related to the protection of the President from disclosure.
FOIA: No comparable exemption.
Privacy Act: (k)(4) Exempts information used solely as a statistical record from disclosure.
FOIA: (b)(6) Exempts information that if disclosed would invade another individual's personal privacy
Privacy Act: (k)(5) Exempts from disclosure, investigative material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal Civilian employment, military service, Federal contracts or access to classified information but only to the extent that disclosure of such material would reveal the identity of a confidential source.
FOIA: (b)(2) Exempts information related solely to the internal personnel rules and practices of an agency from disclosure.
Privacy Act: (k)(6) Exempts testing and evaluation materials from disclosure.
FOIA: (b)(5) Exempts deliberative information from disclosure.(b)(7)(D) Exempts information that could reasonably be expected to disclose the identity of a confidential source from disclosure.
Privacy Act: (k)(7) Exempts evaluation material used to determine potential for promotion in the armed services, but only to the extent that the disclosure of such material would reveal the identity of a confidential source who furnished information to the government.
FOIA: (b)(4) Exempts information that concerns business trade secrets or other confidential commercial or financial information from disclosure.
Privacy Act: No similar exemption.
FOIA: (b)(5) Exempts from disclosure, information that concerns communications within or between agencies which are protected by legal privileges that include but are not limited to:

  1. Attorney-Work Product Privilege
  2. Attorney-Client Privilege
  3. Deliberative Process Privilege
  4. Presidential Communications Privilege
Privacy Act: (d)(5) Exempts information compiled in reasonable anticipation of a civil action or proceeding from disclosure.
FOIA: (b)(8) Exempts from disclosure, information that concerns the supervision of financial institutions.
Privacy Act: No similar exemptions
FOIA: (b)(9) Exempts geological information on wells from disclosure.
Privacy Act: No similar exemptions
Litigation
FOIA
Privacy Act
FOIA: Judicial review after exhausting administrative remedies:

  • Denial or procedural matters.
  • Option for immediate judicial review in timeliness cases.
  • Attorney fees and litigation costs.
Privacy Act: Judicial review for access, accuracy or amendment cases.
 
Privacy Act: Privacy right of action for violations.

  • Civil and criminal penalties.
Appeals/Amendments
FOIA
Privacy Act
FOIA: Appeal

  • Requesters can appeal the adequacy of search, no record responses, fees, full, or partial denial of information.
Privacy Act: Amendment

  • Requesters can appeal adverse determinations.
  • Can seek amendment of “factual” information (not opinions).
Who Responds
FOIA
Privacy Act
FOIA: FOIA Officer or FOIA Analyst or FOIA Coordinator as appropriate
Privacy Act: FOIA Officer, Privacy Officer or Systems Manager
Processing
FOIA
Privacy Act
FOIA: Ensure you have a valid request.

  • Reasonable description of records being sought
  • Acknowledge the request with an acknowledgement letter
  • Conduct a reasonable search for responsive records.
Privacy Act: Ensure you have an appropriate request.

  • First party of authorized representative
  • Disclosure pursuant to a published routine use.
FOIA: Review records to determine if information should be withheld.

  • Conduct line by line review.
Privacy Act: Review system notice to determine if exemptions apply.

  • Properly published exemptions, except (d)(5) which is self-executing.
FOIA: Making determination to withhold or release records under FOIA.

  • Records must be exempt under one of the 9 exemptions and/or be shown to cause harm to the agency, if released to be withheld.
  • Withhold segregable portions of otherwise releasable documents.
Privacy Act: Continue to process under FOIA.

  • Records must contain both a Privacy Act exemption and a FOIA exemption to be withheld.
FOIA: Provide appropriate appeal rights.
Privacy Act: Provide appropriate appeal rights.
Penalties
FOIA
Privacy Act
FOIA: Attorney fees and litigation costs.
Privacy Act: Civil and criminal penalties for maintaining illegal Privacy Act system of records; willfully requesting a record under false pretenses; or willfully disclosing to unauthorized entity.