From the House Reports Online via GPO Access [wais.access.gpo.gov]
Union Calendar No. 25
105th Congress, 1st Session
House Report 105-37
A CITIZEN'S GUIDE ON USING THE FREEDOM OF INFORMATION ACT AND THE
PRIVACY ACT OF 1974 TO REQUEST GOVERNMENT RECORDS
FIRST REPORT
by the
COMMITTEE ON GOVERNMENT REFORM AND OVERSIGHT
March 20, 1997.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
COMMITTEE ON GOVERNMENT REFORM AND OVERSIGHT
DAN BURTON, Indiana, Chairman
BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California
J. DENNIS HASTERT, Illinois TOM LANTOS, California
CONSTANCE A. MORELLA, Maryland ROBERT E. WISE, Jr., West Virginia
CHRISTOPHER SHAYS, Connecticut MAJOR R. OWENS, New York
STEVEN H. SCHIFF, New Mexico EDOLPHUS TOWNS, New York
CHRISTOPHER COX, California PAUL E. KANJORSKI, Pennsylvania
ILEANA ROS-LEHTINEN, Florida GARY A. CONDIT, California
JOHN M. McHUGH, New York CAROLYN B. MALONEY, New York
STEPHEN HORN, California THOMAS M. BARRETT, Wisconsin
JOHN L. MICA, Florida ELEANOR HOLMES NORTON, Washington,
THOMAS M. DAVIS, Virginia DC
DAVID M. McINTOSH, Indiana CHAKA FATTAH, Pennsylvania
MARK E. SOUDER, Indiana TIM HOLDEN, Pennsylvania
JOE SCARBOROUGH, Florida ELIJAH E. CUMMINGS, Maryland
JOHN SHADEGG, Arizona DENNIS KUCINICH, Ohio
STEVEN C. LaTOURETTE, Ohio ROD R. BLAGOJEVICH, Illinois
MARSHALL ``MARK'' SANFORD, South DANNY K. DAVIS, Illinois
Carolina JOHN F. TIERNEY, Massachusetts
JOHN E. SUNUNU, New Hampshire JIM TURNER, Texas
PETE SESSIONS, Texas THOMAS H. ALLEN, Maine
MIKE PAPPAS, New Jersey ------
VINCE SNOWBARGER, Kansas BERNARD SANDERS, Vermont
BOB BARR, Georgia (Independent)
------ ------
Kevin Binger, Staff Director
Daniel R. Moll, Deputy Staff Director
Judith McCoy, Chief Clerk
Phil Schiliro, Minority Staff Director
Government Management, Information, and Technology Subcommittee
STEPHEN HORN, California, Chairman
PETE SESSIONS, Texas CAROLYN MALONEY, New York
TOM DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania
JOE SCARBOROUGH, Florida MAJOR R. OWENS, New York
MARK SANFORD, South Carolina ROD R. BLAGOJEVICH, Illinois
JOHN E. SUNUNU, New Hampshire DANNY K. DAVIS, Illinois
------ ------
Ex Officio
DAN BURTON, Indiana HENRY A. WAXMAN, California
J. Russell George, Staff Director and Counsel
Mark Uncapher, Counsel
Andrea Miller, Clerk
Dave McMillen, Minority Professional Staff
LETTER OF TRANSMITTAL
----------
House of Representatives,
Washington, DC, March 20, 1997.
Hon. Newt Gingrich,
Speaker of the House of Representatives,
Washington, DC.
Dear Mr. Speaker: By direction of the Committee on
Government Reform and Oversight, I submit herewith the
committee's first report to the 105th Congress. The committee's
report is based on a study conducted by its Subcommittee on
Government Management, Information, and Technology.
Dan Burton,
Chairman.
C O N T E N T
_______________________________________________________________________
Page
I. Preface..........................................................1
II. Introduction.....................................................2
III. Recommendations..................................................4
IV. How to use this guide............................................5
V. Which act to use.................................................5
VI. The Freedom of Information Act...................................6
A. The scope of the Freedom of Information Act........... 6
B. What records can be requested under the FOIA?......... 6
C. Making a FOIA request................................. 9
D. Fees and fee waivers.................................. 11
E. Requirements for agency responses..................... 13
F. Reasons access may be denied under the FOIA........... 14
1. Exemption 1.--Classified documents.............. 15
2. Exemption 2.--Internal personnel rules and 16
practices.
3. Exemption 3.--Information exempt under other 16
laws.
4. Exemption 4.--Confidential business information. 16
5. Exemption 5.--Internal Government communications 17
6. Exemption 6.--Personal privacy.................. 17
7. Exemption 7.--Law enforcement................... 18
8. Exemption 8.--Financial institutions............ 19
9. Exemption 9.--Geological information............ 19
G. FOIA exclusions....................................... 19
H. Administrative appeal procedures...................... 20
I. Filing a judicial appeal.............................. 21
VII. The Privacy Act of 1974.........................................22
A. The scope of the Privacy Act of 1974.................. 22
B. The Computer Matching and Privacy Protection Act...... 23
C. Locating records...................................... 24
D. Making a Privacy Act request for access............... 26
E. Fees.................................................. 27
F. Requirements for agency responses..................... 27
G. Reasons access may be denied under the Privacy Act.... 27
1. General exemptions.............................. 28
2. Specific exemptions............................. 29
3. Medical records................................. 30
4. Litigation records.............................. 30
H. Administrative appeal procedures for denial of access. 31
I. Amending records under the Privacy Act................ 31
J. Appeals and requirements for agency responses......... 32
K. Filing for judicial appeal............................ 33
APPENDIXES
Appendix 1.--Sample request and appeal letters................... 35
A. Freedom of Information Act request letter................. 35
B. Freedom of Information Act appeal letter.................. 37
C. Privacy Act request for access letter..................... 39
D. Privacy Act denial of access appeal....................... 40
E. Privacy Act request to amend records...................... 41
F. Privacy Act appeal of refusal to amend records............ 42
Appendix 2.--Bibliography of congressional publications on the 43
Freedom of Information Act.
Appendix 3.--Bibliography of congressional publications on the 47
Privacy Act of 1974.
Appendix 4.--Text of the Freedom of Information Act.............. 50
Appendix 5.--Text of the Privacy Act of 1974..................... 60
Union Calendar No. 25
105th Congress Report
HOUSE OF REPRESENTATIVES
1st Session 105-37
_______________________________________________________________________
A CITIZEN'S GUIDE ON USING THE FREEDOM OF INFORMATION ACT AND THE
PRIVACY ACT OF 1974 TO REQUEST GOVERNMENT RECORDS
_______
March 20, 1997.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______________________________________________________________________
Mr. Burton, from the Committee on Government Reform and Oversight,
submitted the following
FIRST REPORT
On March 12, 1997, the Committee on Government Reform and
Oversight approved and adopted a report entitled ``A Citizen's
Guide on Using the Freedom of Information Act and the Privacy
Act of 1974 To Request Government Records.'' The chairman was
directed to transmit a copy to the Speaker of the House.
I. Preface
In 1977, the House Committee on Government Operations
issued the first Citizen's Guide on how to request records from
Federal agencies.\1\ The original Guide was reprinted many
times and widely distributed. The Superintendent of Documents
at the Government Printing Office reported that almost 50,000
copies were sold between 1977 and 1986 when the Guide went out
of print. In addition, thousands of copies were distributed by
the House Committee on Government Operations, Members of
Congress, the Congressional Research Service, and other Federal
agencies. The original Citizen's Guide is one of the most
widely read congressional committee reports in history.
---------------------------------------------------------------------------
\1\ A Citizen's Guide on How to Use the Freedom of Information Act
and the Privacy Act in Requesting Government Documents, H. Rept. 95-
796, 95th Cong., 1st sess. (1977).
---------------------------------------------------------------------------
In 1987, the committee issued a revised Citizen's Guide.\2\
The new edition was prepared to reflect changes to the Freedom
of Information Act made during 1986. As a result of special
efforts by the Superintendent of Documents at the Government
Printing Office, the availability of the new Guide was well
publicized. The 1987 edition appeared on GPO's ``Best Seller''
list in the months following its issuance.
---------------------------------------------------------------------------
\2\ A Citizen's Guide on Using the Freedom of Information Act and
the Privacy Act of 1974 To Request Government Records, H. Rept. 100-
199, 100th Cong., 1st sess. (1987).
---------------------------------------------------------------------------
During the 100th Congress, major amendments were made to
the Privacy Act of 1974. The Computer Matching and Privacy
Protection Act of 1988 \3\ added new provisions to the Privacy
Act and changed several existing requirements. None of the
changes affects citizen's rights to request or see records held
by Federal agencies, but some of the information in the 1987
Guide became outdated as a result, and a third edition was
issued in 1989.\4\
---------------------------------------------------------------------------
\3\ 102 Stat. 2507.
\4\ A Citizen's Guide on Using the Freedom of Information Act and
the Privacy Act of 1974 To Request Government Records, H. Rept. 101-
193, 101st Cong., 1st sess. (1989).
---------------------------------------------------------------------------
During the 101st Congress, the Privacy Act of 1974 was
amended through further adjustments to the Computer Matching
and Privacy Protection Act of 1988. The changes did not affect
access rights. A fourth edition of the Citizen's Guide
reflected all changes to the FOIA and Privacy Act made through
the end of 1990.\5\ A fifth edition of the Guide, produced in
1993, included an expanded bibliography and editorial
changes.\6\
---------------------------------------------------------------------------
\5\ A Citizen's Guide on Using the Freedom of Information Act and
the Privacy Act of 1974 To Request Government Records, H. Rept. 102-
146, 102d Cong., 1st sess. (1991).
\6\ A Citizen's Guide on Using the Freedom of Information Act and
the Privacy Act of 1974 To Request Government Records, H. Rept. 103-
104, 103d Cong., 1st sess. (1993).
---------------------------------------------------------------------------
A sixth edition contained bibliography additions and
editorial changes and represented the first report issued by
the new Government Reform and Oversight Committee.\7\
---------------------------------------------------------------------------
\7\ A Citizen's Guide on Using the Freedom of Information Act and
the Privacy Act of 1974 To Request Government Records, H. Rept. 104-
156, 104th Cong., 1st sess. (1995).
---------------------------------------------------------------------------
In the closing days of the 104th Congress, the Senate and
the House of Representatives completed action on the Electronic
Freedom of Information Act Amendments of 1996. The President
signed this legislation into law on October 2, 1996, when it
became Public Law 104-231. With the exception of two sections,
these amendments become effective 180 days after enactment of
the legislation. The other two sections become effective 1 year
after enactment. Because the 1996 amendments change some FOIA
access rights, this seventh edition of the Guide was prepared
to reflect these modifications. It also contains bibliography
additions and editorial changes.\8\
---------------------------------------------------------------------------
\8\ The committee wishes to acknowledge the assistance of Harold C.
Relyea, Specialist, American National Government, Government Division,
Congressional Research Service, in the preparation of this report.
---------------------------------------------------------------------------
II. Introduction
A popular Government without popular information or
the means of acquiring it, is but a Prologue to a Farce
or a Tragedy or perhaps both. Knowledge will forever
govern ignorance, and a people who mean to be their own
Governors, must arm themselves with the power knowledge
gives.--James Madison \9\
---------------------------------------------------------------------------
\9\ Letter to W.T. Barry, Aug. 4, 1822, in G.P. Hunt, ed., IX The
Writings of James Madison 103 (1910).
The Freedom of Information Act [FOIA] establishes a
presumption that records in the possession of agencies and
departments of the executive branch of the U.S. Government are
accessible to the people. This was not always the approach to
Federal information disclosure policy. Before enactment of the
FOIA in 1966, the burden was on the individual to establish a
right to examine these government records. There were no
statutory guidelines or procedures to help a person seeking
information. There were no judicial remedies for those denied
access.
With the passage of the FOIA, the burden of proof shifted
from the individual to the government. Those seeking
information are no longer required to show a need for
information. Instead, the ``need to know'' standard has been
replaced by a ``right to know'' doctrine. The government now
has to justify the need for secrecy.
The FOIA sets standards for determining which records must
be disclosed and which records may be withheld. The law also
provides administrative and judicial remedies for those denied
access to records. Above all, the statute requires Federal
agencies to provide the fullest possible disclosure of
information to the public.
The Privacy Act of 1974 is a companion to the FOIA. The
Privacy Act regulates Federal Government agency recordkeeping
and disclosure practices. The act allows most individuals to
seek access to Federal agency records about themselves. The act
requires that personal information in agency files be accurate,
complete, relevant, and timely. The subject of a record may
challenge the accuracy of information. The act requires that
agencies obtain information directly from the subject of the
record and that information gathered for one purpose not be
used for another purpose. As with the FOIA, the Privacy Act
provides civil remedies for individuals whose rights may have
been violated.
Another important feature of the Privacy Act is the
requirement that each Federal agency publish a description of
each system of records maintained by the agency that contains
personal information. This prevents agencies from keeping
secret records.
The Privacy Act also restricts the disclosure of personally
identifiable information by Federal agencies. Together with the
FOIA, the Privacy Act permits disclosure of most personal files
to the individual who is the subject of the files. The two laws
restrict disclosure of personal information to others when
disclosure would violate privacy interests.
While both the FOIA and the Privacy Act support the
disclosure of agency records, both laws also recognize the
legitimate need to restrict disclosure of some information. For
example, agencies may withhold information properly classified
in the interest of national defense or foreign policy and
criminal investigatory files. Other specifically defined
categories of information may also be withheld.
The essential feature of both laws is that they make
Federal agencies accountable for information disclosure
policies and practices. While neither law grants an absolute
right to examine government documents, both laws establish the
right to request records and to receive a response to the
request. If a record cannot be released, the requester is
entitled to be told the reason for the denial. The requester
also has a right to appeal the denial and, if necessary, to
challenge it in court.
These procedural rights granted by the FOIA and the Privacy
Act make the laws valuable and workable. As a result, the
disclosure of Federal Government information cannot be
controlled by arbitrary or unreviewable actions.
III. Recommendations
The committee recommends that this Citizen's Guide be made
widely available at low cost to anyone who has an interest in
obtaining documents from the Federal Government. The Government
Printing Office and Federal agencies subject to the Freedom of
Information Act and the Privacy Act of 1974 should continue to
distribute this report widely.
The committee also recommends that this Citizen's Guide be
used by Federal agencies in training programs for government
employees who are responsible for administering the Freedom of
Information Act and the Privacy Act of 1974. The Guide should
also be used by those government employees who only
occasionally work with these two laws.
In following these recommendations, however, agencies are
not relieved of their obligation to comply with the provisions
of the 1996 FOIA amendments requiring agencies to make publicly
available, upon request, reference material or an agency guide
for requesting records or information. This agency guide should
include an index and description of all major information
systems of the agency, and guidance for obtaining various types
and categories of public information from the agency.
The agency guide is intended to be a short and simple
explanation for the public of what the FOIA is designed to do,
and how a member of the public can use it to access government
records. Each agency should explain, in clear and simple
language, the types of records that can be obtained from the
agency through FOIA requests; why some records cannot, by law,
be made available; and how the agency makes the determination
of whether or not a record can be released.
Each agency guide should explain how to make a FOIA
request, and how long a requester can expect to wait for a
reply from the agency. In addition, the guide should explain
the requester's rights under the law to appeal to the courts to
rectify agency action. The guide should give a brief history of
recent litigation the agency has been involved in, and the
resolution of those cases. If an agency requires that certain
requests, such as applications for expedited access, be
completed on agency forms, then the forms should be part of the
guide.
The agency guide is intended to supplement other
information locator systems, like the Government Information
Locator System (GILS) mandated by the Paperwork Reduction Act
of 1995.\10\ Thus, the guide should reference systems and
explain how a requester can obtain more information about them.
Any agency specific locator systems should be similarly
referenced in the guide.
---------------------------------------------------------------------------
\10\ 109 Stat. 163; 44 U.S.C. Sec. Sec. 3501-3520 (1995).
---------------------------------------------------------------------------
All agency guides should be available through electronic
means, and should be linked to agency annual reports on FOIA
administration. A citizen examining an agency guide should
learn how to access the agency's annual reports, and any
potential requester reading an annual report should learn about
the agency guide, and how to access it.
IV. How To Use This Guide
This report explains how to use the Freedom of Information
Act and the Privacy Act of 1974. It reflects all changes to the
laws made since 1996. Major amendments to the Freedom of
Information Act passed in 1974, 1986, and 1996. A major
addition to the Privacy Act of 1974 was enacted in 1988. Minor
amendments to the Privacy Act were made in 1989 and 1990.
This Guide is intended to serve as a general introduction
to the Freedom of Information Act and the Privacy Act.\11\ It
offers neither a comprehensive explanation of the details of
these acts nor an analysis of case law. The Guide will enable
those who are unfamiliar with the laws to understand the
process and to make a request. In addition, the complete text
of each law is included in an appendix.
---------------------------------------------------------------------------
\11\ This Guide is primarily intended to help the general public.
It includes a complete explanation of the basics of the two laws. In
the interest of producing a guide that would be both simple and useful
to the intended audience, the committee deliberately avoided addressing
some of the issues that are highly controversial. The committee
cautions against treating the neutrally written descriptions contained
in this report as definitive expressions of the committee's views of
the law or congressional intent.
The committee has expressed its views on some of these issues in
other reports. See, for example, Security Classification Policy and
Executive Order 12356, H. Rept. 97-731, 97th Cong. 2d sess. (1982); Who
Cares About Privacy? Oversight of the Privacy Act of 1974 by the Office
of Management and Budget and by the Congress, H. Rept. 98-455, 98th
Cong., 1st sess. (1983); Electronic Collection and Dissemination of
Information by Federal Agencies: A Policy Overview, H. Rept. 99-560,
99th Cong., 2d sess. (1986); Freedom of Information Act Amendments of
1986, H. Rept. 99-832, 99th Cong., 2d sess. (1986) (report to accompany
H.R. 4862). The latter report is a legislative report for a bill
reforming the business procedures of the FOIA. The bill did not become
law. The 1986 amendments to the FOIA were made by the Freedom of
Information Reform Act of 1986, Public Law 99-570. There were no
committee reports in either House or Senate accompanying the Freedom of
Information Reform Act.
---------------------------------------------------------------------------
Readers should be aware that FOIA litigation is a complex
area of law. There are thousands of court decisions
interpreting the FOIA.\12\ These decisions must be considered
in order to develop a complete understanding of the principles
governing disclosure of government information. Anyone
requiring more details about the FOIA, its history, or the case
law should consult other sources. There has been less
controversy and less litigation over the Privacy Act, but there
is, nevertheless, a considerable body of case law for the
Privacy Act as well. There are also other sources of
information on the Privacy Act.
---------------------------------------------------------------------------
\12\ See, e.g., U.S. Department of Justice, Office of Information
and Privacy, Freedom of Information Case List (published biennially)
and Freedom of Information Act Guide & Privacy Act Overview (published
annually).
---------------------------------------------------------------------------
However, no one should be discouraged from making a request
under either law. No special expertise is required. Using the
Freedom of Information Act and the Privacy Act is as simple as
writing a letter. This Citizen's Guide explains the essentials.
V. Which Act To Use
The access provisions of the FOIA and the Privacy Act
overlap in part. The two laws have different procedures and
different exemptions. As a result, sometimes information exempt
under one law will be disclosable under the other.
In order to take maximum advantage of the laws, an
individual seeking information about himself or herself should
ordinarily cite both laws. Requests by an individual for
information that does not relate solely to himself or herself
should be made only under the FOIA.
Congress intended that the two laws be considered together
in the processing of requests for information. Most government
agencies will automatically handle requests from individuals in
a way that will maximize the amount of information that is
disclosable. However, a requester should still make a request
in a manner that is most advantageous and that fully protects
all available legal rights. A requester who has any doubts
about which law to use should always cite both the FOIA and the
Privacy Act when seeking documents from the Federal Government.
VI. The Freedom of Information Act
A. THE SCOPE OF THE FREEDOM OF INFORMATION ACT
The Federal Freedom of Information Act applies to documents
held by agencies of the executive branch of the Federal
Government. The executive branch includes cabinet departments,
military departments, government corporations, government
controlled corporations, independent regulatory agencies, and
other establishments in the executive branch.
The FOIA does not apply to elected officials of the Federal
Government, including the President,\13\ Vice President,
Senators, and Congressmen.\14\ The FOIA does not apply to the
Federal judiciary. The FOIA does not apply to private
companies; persons who receive Federal contracts or grants;
private organizations; or State or local governments.
---------------------------------------------------------------------------
\13\ The Presidential Records Act of 1978, 44 U.S.C.
Sec. Sec. 2201-2207 (1982), does make the documentary materials of
former Presidents subject to the FOIA in part. Presidential papers and
documents generated after Jan. 20, 1981, will be available--subject to
certain restrictions and delays--under the general framework of the
FOIA.
\14\ Virtually all official records of the Congress are available
to the public. The Congressional Record, all bills introduced in the
House and the Senate, and all committee reports (except for those
containing classified information) are printed and disseminated. Most
committee hearings are also printed and available. Copies of most
congressional publications are available at Federal depository
libraries throughout the country. Historical records of the Congress
are made available in accordance with procedures established by House
and Senate rules.
In addition, almost all activities of the Congress take place in
public. The sessions of the House and Senate are normally open to the
public and televised. Most committee hearings and markups are open to
the public, and some are televised.
---------------------------------------------------------------------------
All States and some localities have passed laws like the
FOIA that allow people to request access to records. In
addition, there are other Federal and State laws that may
permit access to documents held by organizations not covered by
the Federal FOIA.\15\
---------------------------------------------------------------------------
\15\ See, e.g., the Federal Fair Credit Reporting Act, 15 U.S.C.
Sec. 1681 et seq. (1982) (providing for access to files of credit
bureaus), the Federal Family Educational Rights and Privacy Act of
1974, 20 U.S.C. Sec. 1232g (1982) (providing for access to records
maintained by schools and colleges). Some States have enacted laws
allowing individuals to have access to personnel records maintained by
employers. See, e.g., Michigan Compiled Laws Annotated Sec. 423.501.
---------------------------------------------------------------------------
B. WHAT RECORDS CAN BE REQUESTED UNDER THE FOIA?
The FOIA requires agencies to publish in the Federal
Register--thereby, under the Government Printing Office
Electronic Information Access Enhancement Act of 1993,\16\
making such information available online--(1) descriptions of
agency organization and office addresses; (2) statements of the
general course and method of agency operation; (3) rules of
procedure and descriptions of forms; and (4) substantive rules
of general applicability and general policy statements. The act
also requires agencies to make available for public inspection
and copying: (1) final opinions made in the adjudication of
cases; (2) statements of policy and interpretations adopted by
an agency, but not published in the Federal Register; (3)
administrative staff manuals that affect the public; (4) copies
of records released in response to FOIA requests that an agency
determines have been or will likely be the subject of
additional requests; and (5) a general index of released
records determined to have been or likely to be the subject of
additional requests.\17\ The 1996 FOIA amendments require that,
within 1 year after their enactment, these materials which an
agency must make available for inspection and copying without
the formality of a FOIA request and which are created on or
after November 1, 1996, must be made available by computer
telecommunications and in hard copy.\18\
---------------------------------------------------------------------------
\16\ 44 U.S.C. Sec. 4101 (1993); the Government Printing Office
Access website may be accessed at http://www.access.gpo.gov/su--docs/
aces/aaces001.html.
\17\ The 1996 amendments to the FOIA require that, by December 31,
1999, this general index should be made available by computer
telecommunications. Since not all individuals have access to computer
networks or are near agency public reading rooms, requesters would
still be able to access previously released FOIA records through the
normal FOIA process. 110 Stat. 3049.
\18\ 110 Stat. 3049; the 1996 FOIA amendments were signed into law
by the President on October 2, 1996.
---------------------------------------------------------------------------
All other ``records'' of a Federal agency may be requested
under the FOIA. The form in which a record is maintained by an
agency does not affect its availability. A request may seek a
printed or typed document, tape recording, map, photograph,
computer printout, computer tape or disk, or a similar item.
The 1996 FOIA amendments affirm the general policy that any
record, regardless of the form in which it is stored, that is
in the possession and control of a Federal agency is usually
considered to be an agency record under the FOIA. Although the
FOIA occasionally uses terms other than ``record,'' including
``information'' and ``matter,'' the definition of ``record''
made by the 1996 amendments should leave no doubt about the
breadth of the policy or the interchangability of terms.
Of course, not all records that can be requested under the
FOIA must be disclosed. Information that is exempt from
disclosure is described below in the section entitled ``Reasons
Access May Be Denied Under the FOIA.''
The FOIA, it should be noted, provides that a requester may
ask for records rather than information. This means that an
agency is only required to look for an existing record or
document in response to a FOIA request. An agency is not
obliged to create a new record to comply with a request. An
agency is neither required to collect information it does not
have, nor must an agency do research or analyze data for a
requester.\19\
---------------------------------------------------------------------------
\19\ When records are maintained in a computer, an agency is
required to retrieve information in response to a FOIA request. The
process of retrieving the information may result in the creation of a
new document when the data is printed out on paper or written on
computer tape or disk. Since this may be the only way computerized data
can be disclosed, agencies are required to provide the data even if it
means a new document must be created.
---------------------------------------------------------------------------
Requesters must ask for existing records. Requests may have
to be carefully written in order to obtain the desired
information. Sometimes, an agency will help a requester
identify a specific document that contains the information
being sought. Other times, a requester may need to be creative
when writing a FOIA request in order to identify an existing
document or set of documents containing the desired
information.
There is a second general limitation on FOIA requests. The
law requires that each request must reasonably describe the
records being sought. This means that a request must be
specific enough to permit a professional employee of the agency
who is familiar with the subject matter to locate the record in
a reasonable period of time.
Because agencies organize and index records in different
ways, one agency may consider a request to be reasonably
descriptive while another agency may reject a similar request
as too vague. For example, the Federal Bureau of Investigation
(FBI) has a central index for its primary record system. As a
result, the FBI is able to search for records about a specific
person. However, agencies that do not maintain a central name
index may be unable to conduct the same type of search. These
agencies may reject a similar request because the request does
not describe records that can be identified.
Requesters should make requests as specific as possible. If
a particular document is required, it should be identified
precisely, preferably by date and title. However, a request
does not always have to be that specific. A requester who
cannot identify a specific record should clearly explain his or
her needs. A requester should make sure, however, that a
request is broad enough to include all desired information.
For example, assume that a requester wants to obtain a list
of toxic waste sites near his home. A request to the
Environmental Protection Agency (EPA) for all records on toxic
waste would cover many more records than are needed. The fees
for such a request might be very high, and it is possible that
the request might be rejected as too vague.
A request for all toxic waste sites within 3 miles of a
particular address is very specific. However, it is unlikely
that the EPA would have an existing record containing data
organized in that fashion. As a result, the request might be
denied because there is no existing record containing the
information.
The requester might do better to ask for a list of toxic
waste sites in his city, county, or State. It is more likely
that existing records might contain this information. The
requester might also want to tell the agency in the request
letter exactly what information is desired. This additional
explanation may help the agency to find a record that meets the
request.
Many people include their telephone number with their
requests. Some questions about the scope of a request can be
resolved quickly when an agency employee and the requester
talk. This is an efficient way to resolve questions that arise
during the processing of FOIA requests.
It is to everyone's advantage if requests are as precise
and as narrow as possible. The requester benefits because the
request can be processed faster and cheaper. The agency
benefits because it can do a better job of responding to the
request. The agency will also be able to use its resources to
respond to more requests. The FOIA works best when both the
requester and the agency act cooperatively.
C. MAKING A FOIA REQUEST
The first step in making a request under the FOIA is to
identify the agency that has the records. A FOIA request must
be addressed to a specific agency. There is no central
government records office that services FOIA requests.
Often, a requester knows beforehand which agency has the
desired records. If not, a requester can consult a government
directory such as the United States Government Manual.\20\ This
manual has a complete list of all Federal agencies, a
description of agency functions, and the address of each
agency. A requester who is uncertain about which agency has the
records that are needed can make FOIA requests at more than one
agency.
---------------------------------------------------------------------------
\20\ The United States Government Manual is sold by the
Superintendent of Documents of the U.S. Government Printing Office.
Virtually every public library should have a copy on its shelves. An
electronic version of the Manual may be found on the Office of the
Federal Register website at http://nara.gov/nara/fedreg/fedreg.html#ep.
---------------------------------------------------------------------------
Agencies require that FOIA requests be in writing. Letters
requesting records under the FOIA can be short and simple. No
one needs a lawyer to make a FOIA request. Appendix 1 of this
Guide contains a sample request letter.
The request letter should be addressed to the agency's FOIA
officer or to the head of the agency. The envelope containing
the written request should be marked ``Freedom of Information
Act Request'' in the lower left-hand corner.\21\
---------------------------------------------------------------------------
\21\ All agencies have issued FOIA regulations that describe the
request process in greater detail. For example, large agencies may have
several components each of which has its own FOIA rules. A requester
who can find agency FOIA regulations in the Code of Federal Regulations
(available in many libraries and an electronic version may be found on
the Office of the Federal Register website provided in note 20) might
find it useful to check these regulations before making a request. A
requester who follows the agency's specific procedures may receive a
faster response. However, the simple procedures suggested in this guide
will be adequate to meet the minimum requirements for a FOIA request.
---------------------------------------------------------------------------
There are three basic elements to a FOIA request letter.
First, the letter should state that the request is being made
under the Freedom of Information Act. Second, the request
should identify the records that are being sought as
specifically as possible. Third, the name and address of the
requester must be included.
Under the 1986 amendments to the FOIA, fees chargeable vary
with the status or purpose of the requester. As a result, a
requester may have to provide additional information to permit
the agency to determine the appropriate fees. Different fees
can be charged to commercial users, representatives of the news
media, educational or noncommercial scientific institutions,
and individuals. The next section explains the fee structure in
more detail.
There are several optional items that are often included in
a FOIA request. The first is the telephone number of the
requester. This permits an agency employee processing a request
to speak with the requester if necessary.
A second optional item is a limitation on the fees that the
requester is willing to pay. It is common for a requester to
ask to be notified in advance if the charges will exceed a
fixed amount. This allows the requester to modify or withdraw a
request if the cost may be too high. Also, by stating a
willingness to pay a set amount of fees in the original request
letter, a requester may avoid the necessity of additional
correspondence and delay.
A third optional item sometimes included in a FOIA request
is a request for a waiver or reduction of fees. The 1986
amendments to the FOIA changed the rules for fee waivers. Fees
must be waived or reduced if disclosure of the information is
in the public interest because it is likely to contribute
significantly to public understanding of the operations or
activities of the government and is not primarily in the
commercial interest of the requester. Decisions about granting
fee waivers are separate from and different than decisions
about the amount of fees that can be charged to a requester.
A fourth optional item is the specification of the form or
format in which the requested material is sought. This is an
important consideration if a requester desires the responsive
information in a particular format. For example, should
information maintained by an agency in an electronic form be
provided in that same form (perhaps on a disk or CD-ROM) or in
hardcopy (such as a paper printout)? The 1996 amendments to the
FOIA require agencies to help requesters by providing
information in the form requested, including requests for the
electronic form of records, if the agency can readily reproduce
it in that form. Part of this helping effort includes informing
requesters of costs and delays that format preferences might
engender.
A fifth optional consideration is seeking expedited
processing of a request by showing a ``compelling need'' for a
speedy response. The 1996 amendments to the FOIA require the
agencies to promulgate regulations authorizing expedited access
where a requester demonstrates a ``compelling need'' for quick
response. These regulations are to become operative 1 year
after the enactment of the 1996 amendments.\22\ A ``compelling
need'' warranting faster FOIA processing exists in two
categories of circumstances. In the first category, the failure
to obtain the records within an expedited deadline poses an
imminent threat to an individual's life or physical safety. The
second category requires a request by someone ``primarily
engaged in disseminating information'' and ``urgency to inform
the public concerning actual or alleged Federal Government
activity.'' Agencies may determine other cases in which they
will make provision in their regulations for expedited
processing.
---------------------------------------------------------------------------
\22\ The 1996 FOIA amendments were signed into law by the President
on October 2, 1996.
---------------------------------------------------------------------------
The specified categories for compelling need are intended
to be narrowly applied. A threat to an individual's life or
physical safety qualifying for expedited access should be
imminent. A reasonable person should be able to appreciate that
a delay in obtaining the requested information poses such a
threat. A person ``primarily engaged in disseminating
information'' should not include individuals who are engaged
only incidentally in the dissemination of information. The
standard of ``primarily engaged'' requires that information
dissemination be the main activity of the requester, although
it need not be his or her sole occupation. A requester who only
incidentally engages in information dissemination, besides
other activities, would not satisfy this requirement.
The standard of ``urgency to inform'' requires that the
information requested should pertain to a matter constituting a
current exigency for the American public and that a reasonable
person might conclude that the consequences of delaying a
response to a FOIA request would compromise a significant
recognized interest. The public's right to know, although a
significant and important value, would not by itself be
sufficient to satisfy this standard.
A requester should keep a copy of the request letter and
related correspondence until the request has been finally
resolved.
D. FEES AND FEE WAIVERS
FOIA requesters may have to pay fees covering some or all
of the costs of processing their requests. As amended in 1986,
the law establishes three types of fees that may be charged.
The 1986 law makes the process of determining the applicable
fees more complicated. However, the 1986 rules reduce or
eliminate entirely the cost for small, noncommercial requests.
First, fees can be imposed to recover the cost of copying
documents. All agencies have a fixed price for making copies
using copying machines. A requester is usually charged the
actual cost of copying computer tapes, photographs, and other
nonstandard documents.
Second, fees can also be imposed to recover the costs of
searching for documents. This includes the time spent looking
for material responsive to a request. The 1996 amendments to
the FOIA define ``search'' as a ``review, manually or by
automated means,'' of ``agency records for the purpose of
locating those records responsive to a request.'' Under the
FOIA, an agency need not create documents that do not exist.
Computer records found in a data base rather than a file
cabinet may require the application of codes or some form of
programming to retrieve the information. Under the definition
of ``search'' in the amendments, the review of computerized
records would not amount to the creation of records. Otherwise,
it would be virtually impossible to get records maintained
completely in an electronic format, like computer data base
information, because some manipulation of the information
likely would be necessary to search the records. A requester
can minimize search charges by making clear, narrow requests
for identifiable documents whenever possible.
Third, fees can be charged to recover review costs. Review
is the process of examining documents to determine whether any
portion is exempt from disclosure. Before the 1986 amendments
took effect, no review costs were charged to any requester.
Review costs may be charged to commercial requesters only.
Review charges only include costs incurred during the initial
examination of a document. An agency may not charge for any
costs incurred in resolving issues of law or policy that may
arise while processing a request.
Different fees apply to different requesters. There are
three categories of FOIA requesters. The first includes
representatives of the news media, and educational or
noncommercial scientific institutions whose purpose is
scholarly or scientific research. A requester in this category
who is not seeking records for commercial use can only be
billed for reasonable standard document duplication charges. A
request for information from a representative of the news media
is not considered to be for commercial use if the request is in
support of a news gathering or dissemination function.
The second category includes FOIA requesters seeking
records for commercial use. Commercial use is not defined in
the law, but it generally includes profitmaking activities. A
commercial user can be charged reasonable standard charges for
document duplication, search, and review.
The third category of FOIA requesters includes everyone not
in the first two categories. People seeking information for
personal use, public interest groups, and nonprofit
organizations are examples of requesters who fall into the
third group. Charges for these requesters are limited to
reasonable standard charges for document duplication and
search. Review costs may not be charged. The 1986 amendments
did not change the fees charged to these requesters.
Small requests are free for a requester in the first and
third categories. This includes all requesters except
commercial users. There is no charge for the first 2 hours of
search time and for the first 100 pages of documents. A
noncommercial requester who limits a request to a small number
of easily found records will not pay any fees at all.
In addition, the law also prevents agencies from charging
fees if the cost of collecting the fee would exceed the amount
collected. This limitation applies to all requests, including
those seeking documents for commercial use. Thus, if the
allowable charges for any FOIA request are small, no fees are
imposed.
Each agency sets charges for duplication, search, and
review based on its own costs. The amount of these charges is
listed in agency FOIA regulations. Each agency also sets its
own threshold for minimum charges.
The 1986 FOIA amendments also changed the law on fee
waivers. Fees now must be waived or reduced if disclosure of
the information is in the public interest because it is likely
to contribute significantly to public understanding of the
operations or activities of the government and is not primarily
in the commercial interest of the requester.
The 1986 amendments on fees and fee waivers have created
some confusion. Determinations about fees are separate and
distinct from determinations about fee waivers. For example, a
requester who can demonstrate that he or she is a news reporter
may only be charged duplication fees. However, a requester
found to be a reporter is not automatically entitled to a
waiver of those fees. A reporter who seeks a waiver must
demonstrate that the request also meets the standards for
waivers.
Normally, only after a requester has been categorized to
determine the applicable fees does the issue of a fee waiver
arise. A requester who seeks a fee waiver should ask for a
waiver in the original request letter. However, a request for a
waiver can be made at a later time. The requester should
describe how disclosure will contribute to public understanding
of the operations or activities of the government. The sample
request letter in the appendix includes optional language
asking for a fee waiver.
Any requester may ask for a fee waiver. Some will find it
easier to qualify than others. A news reporter who is only
charged duplication costs may still ask that the charges be
waived because of the public benefits that will result from
disclosure. A representative of the news media, a scholar, or a
public interest group are more likely to qualify for a waiver
of fees. A commercial user may find it difficult to qualify for
waivers.
The eligibility of other requesters will vary. A key
element in qualifying for a fee waiver is the relationship of
the information to public understanding of the operations or
activities of government. Another important factor is the
ability of the requester to convey that information to other
interested members of the public. A requester is not eligible
for a fee waiver solely because of indigence.
E. REQUIREMENTS FOR AGENCY RESPONSES
Until the response requirements of the 1996 amendments to
the FOIA become fully effective in early October 1997, each
agency is currently required to determine within 10 days
(excluding Saturdays, Sundays, and legal holidays) after the
receipt of a request whether to comply with the request.\23\
The actual disclosure of documents is required to follow
promptly thereafter. If a request is denied in whole or in
part, the agency must tell the requester the reasons for the
denial. The agency must also tell the requester that there is a
right to appeal any adverse determination to the head of the
agency or his or her designee.
---------------------------------------------------------------------------
\23\ The new response requirements of the 1996 amendments to the
FOIA become effective 1 year after being signed into law by the
President on October 2, 1996.
---------------------------------------------------------------------------
The FOIA permits an agency to extend the time limits up to
10 days in unusual circumstances. These circumstances include
the need to collect records from remote locations, review large
numbers of records, and consult with other agencies. The agency
is supposed to notify the requester whenever an extension is
invoked.\24\
---------------------------------------------------------------------------
\24\ Agencies that take more than 10 days to respond to a request
do not always notify each requester that an extension has been invoked.
---------------------------------------------------------------------------
The statutory time limits for responses are not always met.
An agency sometimes receives an unexpectedly large number of
FOIA requests at one time and is unable to meet the deadlines.
Some agencies assign inadequate resources to FOIA offices.
Congress does not condone the failure of any agency to meet the
law's time limits. However, as a practical matter, there is
little that a requester can do about it. The courts have been
reluctant to provide relief solely because the FOIA's time
limits have not been met.
The best advice to requesters is to be patient. The law
allows a requester to consider that his or her request has been
denied if it has not been decided within the time limits. This
permits the requester to file an administrative appeal or file
a lawsuit in Federal District Court. However, this is not
always the best course of action. The filing of an
administrative or judicial appeal will not necessarily result
in any faster processing of the request.
Each agency generally processes requests in the order of
receipt. Some agencies will expedite the processing of urgent
requests. Anyone with a pressing need for records should
consult with the agency FOIA officer about how to ask for
expedited treatment of requests.
When the new response requirements of the 1996 amendments
to the FOIA become effective in early October 1997, several
changes will occur. As noted, agencies have long processed FOIA
requests on a ``first in, first out'' basis. Processing
requests solely on this basis, however, has resulted in lengthy
delays for simple requests. The prior receipt and processing of
complex requests delays other requests, increasing agency
backlogs. To change this situation, the 1996 amendments to the
FOIA authorize agencies to promulgate regulations establishing
multitrack processing systems, and make clear that agencies
should exercise due diligence within each track. Under these
new arrangements, agencies also may give requesters the
opportunity to limit the scope of their requests to qualify for
processing under a faster track.
The 1996 amendments also increase from 10 to 20 days
(excluding Saturdays, Sundays, and legal holidays) the time
allowed for an agency, after receiving a request, to determine
whether to comply with the request. Moreover, the amendments
provide a mechanism to deal with unusually burdensome requests
which an agency would not be able to process within prescribed
timeframes, including an extra 10 days for ``unusual
circumstances.'' For such requests, the 1996 amendments require
an agency to inform the requester that the request cannot be
processed within the statutory time limits and provide an
opportunity for the requester to limit the scope of the request
so that it may be processed within statutory time limits, and/
or arrange with the agency a negotiated deadline for processing
the request. In the event the requester refuses to reasonably
limit the scope of the request or agree upon a timeframe and
then seeks judicial review, that refusal shall be considered as
a factor in determining whether ``exceptional circum-stances''
exist for a judicial extension of processing time.
The FOIA currently provides that, in ``exceptional
circumstances,'' a court may extend the statutory time limits
for an agency to respond to a FOIA request, but does not
specify what those circumstances are. The 1996 amendments
clarify that routine, predictable agency backlogs for FOIA
requests do not constitute exceptional circumstances for
purposes of the act. Routine backlogs of requests for records
under the FOIA do not give agencies an automatic excuse to
ignore the time limits. A court shall consider an agency's
efforts to reduce the number of pending requests in determining
whether exceptional circumstances exist. Agencies may also make
a showing of exceptional circumstances based on the amount of
material classified, based upon the size and complexity of
other requests processed by the agency, based upon the
resources being devoted to the declassification of classified
material of public interest, or based upon the number of
requests for records by courts or administrative tribunals. A
court also shall consider a requester's unwillingness to
reasonably limit the scope of his or her request or to agree
upon a processing timeframe prior to seeking judicial review.
As noted at the outset of this section, the new response
requirements of the 1996 amendments to the FOIA do not become
effective until early October 1997.
F. REASONS ACCESS MAY BE DENIED UNDER THE FOIA
An agency may refuse to disclose an agency record that
falls within any of the FOIA's nine statutory exemptions. The
exemptions protect against the disclosure of information that
would harm national defense or foreign policy, privacy of
individuals, proprietary interests of business, functioning of
the government, and other important interests. A document that
does not qualify as an ``agency record'' may be denied because
only agency records are available under the FOIA. Personal
notes of agency employees may be denied on this basis. However,
most records in the possession of an agency are ``agency
records'' within the meaning of the FOIA.
An agency may withhold exempt information, but it is not
always required to do so. For example, an agency may disclose
an exempt internal memorandum because no harm would result from
its disclosure. However, an agency should not disclose an
exempt document that is classified or that contains a trade
secret.
When a record contains some information that qualifies as
exempt, the entire record is not necessarily exempt. Instead,
the FOIA specifically provides that any reasonably segregable
portions of a record must be provided to a requester after the
deletion of the portions that are exempt. This is a very
important requirement because it prevents an agency from
withholding an entire document simply because one line or one
page is exempt.
The ease with which in electronic form or format may be
redacted (deleting part of a record to prevent disclosure of
material covered by an exemption) makes the determination of
whether a few words or 30 pages have been withheld by an agency
at times impossible. The 1996 amendments to the FOIA require
agencies to identify the location of deletions in the released
portion of the record and, where technologically feasible, to
show the deletion at the place on the record where the deletion
was made, unless including that indication would harm an
interest protected by an exemption.
1. Exemption 1.--Classified Documents
The first FOIA exemption permits the withholding of
properly classified documents. Information may be classified in
the interest of national defense or foreign policy.
The rules for classification are established by the
President and not the FOIA or other law. The FOIA provides
that, if a document has been properly classified under a
Presidential Executive order, the document can be withheld from
disclosure.
Classified documents may be requested under the FOIA. An
agency can review the document to determine if it still
requires protection. In addition, the Executive order on
security classification establishes a special procedure for
requesting the declassification of documents.\25\ If a
requested document is declassified, it can be released in
response to a FOIA request. However, a document that is
declassified may still be exempt under other FOIA exemptions.
---------------------------------------------------------------------------
\25\ At the time that this Guide was prepared, the current
Executive order on security classification was Executive Order 12958,
which was promulgated by President Clinton on Apr. 17, 1995. The text
of the order can be found at 60 Federal Register 19825-43 (Apr. 20,
1995); an electronic version of the order may be found on the Office of
the Federal Register website provided at note 20. The rules for
mandatory review for declassification are in section 3.6 of the
Executive order.
---------------------------------------------------------------------------
2. Exemption 2.--Internal Personnel Rules and Practices
The second FOIA exemption covers matters that are related
solely to an agency's internal personnel rules and practices.
As interpreted by the courts, there are two separate classes of
documents that are generally held to fall within exemption 2.
First, information relating to personnel rules or internal
agency practices is exempt if it is trivial administrative
matter of no genuine public interest. A rule governing lunch
hours for agency employees is an example.
Second, an internal administrative manual can be exempt if
disclosure would risk circumvention of law or agency
regulations. In order to fall into this category, the material
will normally have to regulate internal agency conduct rather
than public behavior.
3. Exemption 3.--Information Exempt Under Other Laws
The third exemption incorporates into the FOIA other laws
that restrict the availability of information. To qualify under
this exemption, a statute must require that matters be withheld
from the public in such a manner as to leave no discretion to
the agency. Alternatively, the statute must establish
particular criteria for withholding or refer to particular
types of matters to be withheld.
One example of a qualifying statute is the provision of the
Tax Code prohibiting the public disclosure of tax returns and
tax return information.\26\ Another qualifying exemption 3
statute is the law designating identifiable census data as
confidential.\27\ Whether a particular statute qualifies under
exemption 3 can be a difficult legal question.
---------------------------------------------------------------------------
\26\ 26 U.S.C. Sec. 6103 (1988).
\27\ 13 U.S.C. Sec. 9 (1988).
---------------------------------------------------------------------------
4. Exemption 4.--Confidential Business Information
The fourth exemption protects from public disclosure two
types of information: Trade secrets and confidential business
information. A trade secret is a commercially valuable plan,
formula, process, or device. This is a narrow category of
information. An example of a trade secret is the recipe for a
commercial food product.
The second type of protected data is commercial or
financial information obtained from a person and privileged or
confidential. The courts have held that data qualifies for
withholding if disclosure by the government would be likely to
harm the competitive position of the person who submitted the
information. Detailed information on a company's marketing
plans, profits, or costs can qualify as confidential business
information. Information may also be withheld if disclosure
would be likely to impair the government's ability to obtain
similar information in the future.
Only information obtained from a person other than a
government agency qualifies under the fourth exemption. A
person is an individual, a partnership, or a corporation.
Information that an agency created on its own cannot normally
be withheld under exemption 4.
Although there is no formal requirement under the FOIA,
many agencies will notify a submitter of business information
that disclosure of the information is being considered.\28\ The
submitter then has an opportunity to convince the agency that
the information qualifies for withholding. A submitter can also
file suit to block disclosure under the FOIA. Such lawsuits are
generally referred to as ``reverse'' FOIA lawsuits because the
FOIA is being used in an attempt to prevent rather than to
require the disclosure of information. A reverse FOIA lawsuit
may be filed when the submitter of documents and the government
disagree whether the information is exempt.
---------------------------------------------------------------------------
\28\ See Predisclosure Notification Procedures for Confidential
Commercial Information, Executive Order 12600, 3 C.F.R. 235 (1988).
---------------------------------------------------------------------------
5. Exemption 5.--Internal Government Communications
The FOIA's fifth exemption applies to internal government
documents. An example is a letter from one government
department to another about a joint decision that has not yet
been made. Another example is a memorandum from an agency
employee to his supervisor describing options for conducting
the agency's business.
The purpose of the fifth exemption is to safeguard the
deliberative policymaking process of government. The exemption
encourages frank discussion of policy matters between agency
officials by allowing supporting documents to be withheld from
public disclosure. The exemption also protects against
premature disclosure of policies before final adoption.
While the policy behind the fifth exemption is well
accepted, the application of the exemption is complicated. The
fifth exemption may be the most difficult FOIA exemption to
understand and apply. For example, the exemption protects the
policymaking process, but it does not protect purely factual
information related to the policy process. Factual information
must be disclosed unless it is inextricably intertwined with
protected information about an agency decision.
Protection for the decisionmaking process is appropriate
only for the period while decisions are being made. Thus, the
fifth exemption has been held to distinguish between documents
that are pre-decisional and therefore may be protected, and
those which are post-decisional and therefore not subject to
protection. Once a policy is adopted, the public has a greater
interest in knowing the basis for the decision.
The exemption also incorporates some of the privileges that
apply in litigation involving the government. For example,
papers prepared by the government's lawyers can be withheld in
the same way that papers prepared by private lawyers for
clients are not available through discovery in civil
litigation.
6. Exemption 6.--Personal Privacy
The sixth exemption covers personnel, medical, and similar
files the disclosure of which would constitute a clearly
unwarranted invasion of personal privacy. This exemption
protects the privacy interests of individuals by allowing an
agency to withhold personal data kept in government files. Only
individuals have privacy interests. Corporations and other
legal persons have no privacy rights under the sixth exemption.
The exemption requires agencies to strike a balance between
an individual's privacy interest and the public's right to
know. However, since only a clearly unwarranted invasion of
privacy is a basis for withholding, there is a perceptible tilt
in favor of disclosure in the exemption. Nevertheless, the
sixth exemption makes it harder to obtain information about
another individual without the consent of that individual.
The Privacy Act of 1974 also regulates the disclosure of
personal information about an individual. The FOIA and the
Privacy Act overlap in part, but there is no inconsistency. An
individual seeking records about himself or herself should cite
both laws when making a request. This ensures that the maximum
amount of disclosable information will be released. Records
that can be denied to an individual under the Privacy Act are
not necessarily exempt under the FOIA.
7. Exemption 7.--Law Enforcement
The seventh exemption allows agencies to withhold law
enforcement records in order to protect the law enforcement
process from interference. The exemption was amended slightly
in 1986, but it still retains six specific subexemptions.
Exemption (7)(A) allows the withholding of a law
enforcement record that could reasonably be expected to
interfere with enforcement proceedings. This exemption protects
an active law enforcement investigation from interference
through premature disclosure.
Exemption (7)(B) allows the withholding of information that
would deprive a person of a right to a fair trial or an
impartial adjudication. This exemption is rarely used.
Exemption (7)(C) recognizes that individuals have a privacy
interest in information maintained in law enforcement files. If
the disclosure of information could reasonably be expected to
constitute an unwarranted invasion of personal privacy, the
information is exempt from disclosure. The standards for
privacy protection in exemption 6 and exemption (7)(C) differ
slightly. Exemption (7)(C) protects against an unwarranted
invasion of personal privacy while exemption 6 protects against
a clearly unwarranted invasion. Also, exemption (7)(C) allows
the withholding of information that ``could reasonably be
expected to'' invade someone's privacy. Under exemption 6,
information can be withheld only if disclosure ``would'' invade
someone's privacy.
Exemption (7)(D) protects the identity of confidential
sources. Information that could reasonably be expected to
reveal the identity of a confidential source is exempt. A
confidential source can include a State, local, or foreign
agency or authority, or a private institution that furnished
information on a confidential basis. In addition, the exemption
protects information furnished by a confidential source if the
data was compiled by a criminal law enforcement authority
during a criminal investigation or by an agency conducting a
lawful national security intelligence investigation.
Exemption (7)(E) protects from disclosure information that
would reveal techniques and procedures for law enforcement
investigations or prosecutions or that would disclose
guidelines for law enforcement investigations or prosecutions
if disclosure of the information could reasonably be expected
to risk circumvention of the law.
Exemption (7)(F) protects law enforcement information that
could reasonably be expected to endanger the life or physical
safety of any individual.
8. Exemption 8.--Financial Institutions
The eighth exemption protects information that is contained
in or related to examination, operating, or condition reports
prepared by or for a bank supervisory agency such as the
Federal Deposit Insurance Corporation, the Federal Reserve, or
similar agencies.
9. Exemption 9.--Geological Information
The ninth FOIA exemption covers geological and geophysical
information, data, and maps about wells. This exemption is
rarely used.
G. FOIA EXCLUSIONS
The 1986 amendments to the FOIA gave limited authority to
agencies to respond to a request without confirming the
existence of the requested records. Ordinarily, any proper
request must receive an answer stating whether there is any
responsive information, even if the requested information is
exempt from disclosure.
In some narrow circumstances, acknowledgement of the
existence of a record can produce consequences similar to those
resulting from disclosure of the record itself. In order to
avoid this type of problem, the 1986 amendments established
three ``record exclusions.''
The exclusions allow an agency to treat certain exempt
records as if the records were not subject to the FOIA. An
agency is not required to confirm the existence of three
specific categories of records. If these records are requested,
the agency may respond that there are no disclosable records
responsive to the request. However, these exclusions do not
broaden the authority of any agency to withhold documents from
the public. The exclusions are only applicable to information
that is otherwise exempt from disclosure.
The first exclusion may be used when a request seeks
information that is exempt because disclosure could reasonably
be expected to interfere with a current law enforcement
investigation (exemption (7)(A)). There are three specific
prerequisites for the application of this exclusion. First, the
investigation in question must involve a possible violation of
criminal law. Second, there must be reason to believe that the
subject of the investigation is not already aware that the
investigation is underway. Third, disclosure of the existence
of the records--as distinguished from the contents of the
records--could reasonably be expected to interfere with
enforcement proceedings.
When all of these conditions exist, an agency may respond
to a FOIA request for investigatory records as if the records
are not subject to the requirements of the FOIA. In other
words, the agency's response does not have to reveal that it is
conducting an investigation.
The second exclusion applies to informant records
maintained by a criminal law enforcement agency under the
informant's name or personal identifier. The agency is not
required to confirm the existence of these records unless the
informant's status has been officially confirmed. This
exclusion helps agencies to protect the identity of
confidential informants. Information that might identify
informants has always been exempt under the FOIA.
The third exclusion only applies to records maintained by
the Federal Bureau of Investigation which pertain to foreign
intelligence, counterintelligence, or international terrorism.
When the existence of these types of records is classified, the
FBI may treat the records as not subject to the requirements of
FOIA.
This exclusion does not apply to all classified records on
the specific subjects. It only applies when the records are
classified and when the existence of the records is also
classified. Since the underlying records must be classified
before the exclusion is relevant, agencies have no new
substantive withholding authority.
In enacting these exclusions, congressional sponsors stated
that it was their intent that agencies must inform FOIA
requesters that these exclusions are available for agency use.
Requesters who believe that records were improperly withheld
because of the exclusions can seek judicial review.
H. ADMINISTRATIVE APPEAL PROCEDURES
Whenever a FOIA request is denied, the agency must inform
the requester of the reasons for the denial and the requester's
right to appeal the denial to the head of the agency. A
requester may appeal the denial of a request for a document or
for a fee waiver. A requester may contest the type or amount of
fees that were charged. A requester may appeal any other type
of adverse determination, including a rejection of a request
for failure to describe adequately the documents being
requested or a response indicating that no requested records
were located. A requester can also appeal because the agency
failed to conduct an adequate search for the documents that
were requested.
A person whose request was granted in part and denied in
part may appeal the part that was denied. If an agency has
agreed to disclose some but not all requested documents, the
filing of an appeal does not affect the release of the
documents that are disclosable. There is no risk to the
requester in filing an appeal.
The appeal to the head of the agency is a simple
administrative appeal. A lawyer can be helpful, but no one
needs a lawyer to file an appeal. Anyone who can write a letter
can file an appeal. Appeals to the head of the agency often
result in the disclosure of some records that had been
withheld. A requester who is not convinced that the agency's
initial decision is correct should appeal. There is no charge
for filing an administrative appeal.
An appeal is filed by sending a letter to the head of the
agency. The letter must identify the FOIA request that is being
appealed. The envelope containing the letter of appeal should
be marked in the lower left hand corner with the words
``Freedom of Information Act Appeal.'' \29\
---------------------------------------------------------------------------
\29\ Agency FOIA regulations will ordinarily describe the appeal
procedures and requirements with more specificity. At most agencies,
decisions on FOIA appeals have been delegated to other agency
officials. Requesters who have an opportunity to review agency
regulations in the Code of Federal Regulations (available in many
libraries and on the Office of the Federal Register website provided at
note 20) may be able to speed up the processing of the appeal. However,
following the simple procedures described in this Guide will be
sufficient to maintain a proper appeal.
---------------------------------------------------------------------------
Many agencies assign a number to all FOIA requests that are
received. The number should be included in the appeal letter,
along with the name and address of the requester. It is a
common practice to include a copy of the agency's initial
decision letter as part of the appeal, but this is not
ordinarily required. It can also be helpful for the requester
to include a telephone number in the appeal letter.
An appeal will normally include the requester's arguments
supporting disclosure of the documents. A requester may include
any facts or any arguments supporting the case for reversing
the initial decision. However, an appeal letter does not have
to contain any arguments at all. It is sufficient to state that
the agency's initial decision is being appealed. Appendix 1
includes a sample appeal letter.
The FOIA does not set a time limit for filing an
administrative appeal of a FOIA denial. However, it is good
practice to file an appeal promptly. Some agency regulations
establish a time limit for filing an administrative appeal. A
requester whose appeal is rejected by an agency because it is
too late may refile the original FOIA request and start the
process again.
A requester who delays filing an appeal runs the risk that
the documents could be destroyed. However, as long as an agency
is considering a request or an appeal, the agency must preserve
the documents.
An agency is required to make a decision on an appeal
within 20 days (excluding Saturdays, Sundays, and legal
holidays). It is possible for an agency to extend the time
limits by an additional 10 days. Once the time period has
elapsed, a requester may consider that the appeal has been
denied and may proceed with a judicial appeal. However, unless
there is an urgent need for records, this may not be the best
course of action. The courts are not sympathetic to appeals
based solely on an agency's failure to comply with the FOIA's
time limits.
I. FILING A JUDICIAL APPEAL
When an administrative appeal is denied, a requester has
the right to appeal the denial in court. A FOIA appeal lawsuit
can be filed in the U.S. District Court in the district where
the requester lives. The requester can also file suit in the
district where the documents are located or in the District of
Columbia. When a requester goes to court, the burden of
justifying the withholding of documents is on the government.
This is a distinct advantage for the requester.
Requesters are sometimes successful when they go to court,
but the results vary considerably. Some requesters who file
judicial appeals find that an agency will disclose some
documents previously withheld rather than fight about
disclosure in court. This does not always happen, and there is
no guarantee that the filing of a judicial appeal will result
in any additional disclosure.
Most requesters require the assistance of an attorney to
file a judicial appeal. A person who files a lawsuit and
substantially prevails may be awarded reasonable attorney fees
and litigation costs reasonably incurred. Some requesters may
be able to handle their own case without an attorney. Since
this is not a litigation guide, details of the judicial appeal
process have not been included. Anyone considering filing a
FOIA lawsuit can begin by reading the provisions of the FOIA on
judicial review.\30\
---------------------------------------------------------------------------
\30\ More information on judicial review under the FOIA and Privacy
Act can be found in Allan Adler, Litigation Under the Federal Open
Government Laws (American Civil Liberties Union Foundation) (last
published in 1995).
---------------------------------------------------------------------------
VII. The Privacy Act of 1974
A. THE SCOPE OF THE PRIVACY ACT OF 1974
The Privacy Act of 1974 provides safeguards against an
invasion of privacy through the misuse of records by Federal
agencies. In general, the act allows a citizen to learn how
records are collected, maintained, used, and disseminated by
the Federal Government. The act also permits an individual to
gain access to most personal information maintained by Federal
agencies and to seek amendment of any inaccurate, incomplete,
untimely, or irrelevant information.
The Privacy Act applies to personal information maintained
by agencies in the executive branch of the Federal Government.
The executive branch includes cabinet departments, military
departments, government corporations, government controlled
corporations, independent regulatory agencies, and other
establishments in the executive branch. Agencies subject to the
Freedom of Information Act are also subject to the Privacy Act.
The Privacy Act does not generally apply to records maintained
by State and local governments or private companies or
organizations.\31\
---------------------------------------------------------------------------
\31\ The Privacy Act applies to some records that are not
maintained by an agency. Subsection (m) of the act provides that, when
an agency provides by contract for the operation of a system of records
on its behalf, the requirements of the Privacy Act apply to those
records. As a result, some records maintained outside of a Federal
agency are subject to the Privacy Act. Descriptions of these systems
are published in the Federal Register. However, most records maintained
outside of Federal agencies are not subject to the Privacy Act.
---------------------------------------------------------------------------
The Privacy Act only grants rights to U.S. citizens and to
aliens lawfully admitted for permanent residence. As a result,
a nonresident foreign national cannot use the act's provisions.
However, a nonresident foreign national may use the FOIA to
request records about himself or herself.
In general, the only records subject to the Privacy Act are
records that are maintained in a system of records. The idea of
a ``system of records'' is unique to the Privacy Act and
requires explanation.
The act defines a ``record'' to include most personal
information maintained by an agency about an individual. A
record contains individually identifiable information,
including but not limited to information about education,
financial transactions, medical history, criminal history, or
employment history. A ``system of records'' is a group of
records from which information is actually retrieved by name,
Social Security number, or other identifying symbol assigned to
an individual.
Some personal information is not kept in a system of
records. This information is not subject to the provisions of
the Privacy Act, although access may be requested under the
FOIA. Most personal information in government files is subject
to the Privacy Act.
The Privacy Act also establishes general records management
requirements for Federal agencies. In summary, there are five
basic requirements that are most relevant to individuals.
First, each agency must establish procedures allowing
individuals to see and copy records about themselves. An
individual may also seek to amend any information that is not
accurate, relevant, timely, or complete. The rights to inspect
and to correct records are the most important provisions of the
Privacy Act. This Guide explains in more detail how an
individual can exercise these rights.
Second, each agency must publish notices describing all
systems of records. The notices include a complete description
of personal data recordkeeping policies, practices, and
systems. This requirement prevents the maintenance of secret
record systems.
Third, each agency must make reasonable efforts to maintain
accurate, relevant, timely, and complete records about
individuals. Agencies are prohibited from maintaining
information about how individuals exercise rights guaranteed by
the first amendment to the U.S. Constitution unless maintenance
of the information is specifically authorized by statute or by
the individual or relates to an authorized law enforcement
activity.
Fourth, the act establishes rules governing the use and
disclosure of personal information. The act specifies that
information collected for one purpose may not be used for
another purpose without notice to or the consent of the subject
of the record. The act also requires that each agency keep a
record of some disclosures of personal information.
Fifth, the act provides legal remedies that permit an
individual to seek enforcement of the rights granted under the
act. In addition, Federal employees who fail to comply with the
act's provisions may be subjected to criminal penalties.
B. THE COMPUTER MATCHING AND PRIVACY PROTECTION ACT
The Computer Matching and Privacy Protection Act of 1988
amended the Privacy Act by adding new provisions regulating the
use of computer matching. Records used during the conduct of a
matching program are subject to an additional set of
requirements.
Computer matching is the computerized comparison of
information about individuals for the purpose of determining
eligibility for Federal benefit programs. A matching program
can be subject to the requirements of the Computer Matching Act
if records from a Privacy Act system of records are used during
the program. If Federal Privacy Act records are matched against
State or local records, then the State or local matching
program can be subject to the new matching requirements.
In general, matching programs involving Federal records
must be conducted under a matching agreement between the source
and recipient agencies. The matching agreement describes the
purpose and procedures of the matching and establishes
protections for matching records. The agreement is subject to
review and approval by a Data Integrity Board. Each Federal
agency involved in a matching activity must establish a Data
Integrity Board.
For an individual seeking access to or correction of
records, the computer matching legislation provides no special
access rights. If matching records are Federal records, then
the access and correction provisions of the Privacy Act apply.
There is no general right of access or correction for matching
records of State and local agencies. It is possible that rights
are available under State or local laws. There is, however, a
requirement that an individual be notified of agency findings
prior to the taking of any adverse action as a result of a
computer matching program. An individual must also be given an
opportunity to contest such findings. The notice and
opportunity-to-contest provisions apply to matching records
whether the matching was done by the Federal Government or by a
State or local government. Section 7201 of Public Law 101-508
modified the due process notice requirement to permit the use
of statutory or regulatory notice periods.
The matching provisions also require that any agency--
Federal or non-Federal--involved in computer matching must
independently verify information used to take adverse action
against an individual. This requirement was included in order
to protect individuals from arbitrary or unjustified denials of
benefits. Independent verification includes independent
investigation and confirmation of information. Public Law 101-
508 also modified the independent verification requirement in
circumstances in which it was unnecessary.
Most of the provisions of the Computer Matching and Privacy
Protection Act of 1988 were originally scheduled to become
effective in July 1989. Public Law 101-56 delayed the effective
date for most matching programs until January 1, 1990.
C. LOCATING RECORDS
There is no central index of Federal Government records
about individuals. An individual who wants to inspect records
about himself or herself must first identify which agency has
the records. Often, this will not be difficult. For example, an
individual who was employed by the Federal Government knows
that the employing agency or the Office of Personnel Management
maintains personnel files.
Similarly, an individual who receives veterans' benefits
will normally find relevant records at the Department of
Veterans Affairs or at the Defense Department. Tax records are
maintained by the Internal Revenue Service, Social Security
records by the Social Security Administration, passport records
by the State Department, etc.
For those who are uncertain about which agency has the
records that are needed, there are several sources of
information. First, an individual can ask an agency that might
maintain the records. If that agency does not have the records,
it may be able to identify the proper agency.
Second, a government directory such as the United States
Government Manual \32\ contains a complete list of all Federal
agencies, a description of agency functions, and the address of
the agency and its field offices. An agency responsible for
operating a program normally maintains the records related to
that program.
---------------------------------------------------------------------------
\32\ The United States Government Manual is sold by the
Superintendent of Documents of the U.S. Government Printing Office.
Virtually every public library should have a copy. An electronic
version of the Manual may be found on the Office of the Federal
Register website provided at note 20.
---------------------------------------------------------------------------
Third, a Federal Information Center can help to identify
government agencies, their functions, and their records. These
Centers, which are operated by the General Services
Administration, serve as clearinghouses for information about
the Federal Government. There are Federal Information Centers
throughout the country.
Fourth, every 2 years, the Office of the Federal Register
publishes a compilation of system of records notices for all
agencies. These notices contain a complete description of each
record system maintained by each agency. The compilation--which
is published in five large volumes--is the most complete
reference for information about Federal agency personal
information practices.\33\ The information that appears in the
compilation also appears in various issues of the Federal
Register.\34\
---------------------------------------------------------------------------
\33\ Each system notice contains the name of the system; its
location; the categories of individuals covered by the system; the
categories of records in the system; the legal authority for
maintenance of the system; the routine disclosures that may be made for
records in the system; the policies and practices of storing,
retrieving, accessing, retaining, and disposing of records; the name
and address of the manager of the system; procedures for requesting
access to the records; procedures for requesting correction or
amendment of the records; the source of the information in the system;
and a description of any disclosure exemptions that may be applied to
the records in the system.
\34\ Agencies are required to publish in the Federal Register a
description of each system of records when the system is established or
amended. In the past, agencies were required to publish an annual
compilation in the Federal Register, but that requirement was
eliminated in 1982. As a result, it will be difficult to find a
complete list of all systems of records in the Federal Register. Some
agencies do, however, reprint all system notices from time to time. An
agency's Privacy Act/FOIA officer may be able to provide more
information about the agency's publication practices. An electronic
version of a 1995 compilation of Privacy Act regulations and systems of
records may be found on the Office of the Federal Register website
provided at note 20.
---------------------------------------------------------------------------
The compilation--formally called Privacy Act Issuances--may
be difficult to find and hard to use. It does not contain a
comprehensive index. Copies will be available in some Federal
depository libraries and possibly some other libraries as well
as the website maintained by the Office of the Federal Register
(see note 20). Although the compilation is the best single
source of detailed information about personal records
maintained by Federal agencies, it is not necessary to consult
the compilation before making a Privacy Act request. A
requester is not required to identify the specific system of
records that contains the information being sought. It is
sufficient to identify the agency that has the records. Using
information provided by the requester, the agency will
determine which system of records has the files that have been
requested.
Those who request records under the Privacy Act can help
the agency by identifying the type of records being sought.
Large agencies maintain hundreds of different record systems. A
request can be processed faster if the requester tells the
agency that he or she was employed by the agency, was the
recipient of benefits under an agency program, or had other
specific contacts with the agency.
D. MAKING A PRIVACY ACT REQUEST FOR ACCESS
The fastest way to make a Privacy Act request is to
identify the specific system of records. The request can be
addressed to the system manager. Few people do this. Instead,
most people address their requests to the head of the agency
that has the records or to the agency's Privacy Act/FOIA
officer. The envelope containing the written request should be
marked ``Privacy Act/FOIA Request'' in the bottom left-hand
corner.\35\
---------------------------------------------------------------------------
\35\ All agencies have Privacy Act regulations that describe the
request process in greater detail. Large agencies may have several
components, each of which has its own Privacy Act rules. Requesters who
can find agency Privacy Act regulations in the Code of Federal
Regulations (available in many libraries and an electronic version may
be found on the Office of the Federal Register website provided in note
20) might read these regulations before making a request. A requester
who follows the agency's specific procedures may receive a faster
response. However, the simple procedures suggested in this guide are
adequate to meet the minimum statutory requirements for a Privacy Act
request.
---------------------------------------------------------------------------
There are three basic elements to a request for records
under the Privacy Act. First, the letter should state that the
request is being made under the Privacy Act. Second, the letter
should include the name, address, and signature of the
requester. Third, the request should describe the records as
specifically as possible. Appendix 1 includes a sample Privacy
Act request letter.
It is a common practice for an individual seeking records
about himself or herself to make the request under both the
Privacy Act of 1974 and the Freedom of Information Act. See the
discussion in the front of this Guide about which act to use.
A requester can describe the records by identifying a
specific system of records, by describing his or her contacts
with an agency, or by simply asking for all records about
himself or herself. The broader and less specific a request is,
the longer it may take for an agency to respond.
It is a good practice for a requester to describe the type
of records that he or she expects to find. For example, an
individual seeking a copy of his service record in the Army
should state that he was in the Army and include the
approximate dates of service. This will help the Defense
Department narrow its search to record systems that are likely
to contain the information being sought. An individual seeking
records from the Federal Bureau of Investigation may ask that
files in specific field offices be searched in addition to the
FBI's central office files. The FBI does not routinely search
field office records without a specific request.
An agency will generally require a requester to provide
some proof of identity before records will be disclosed.
Agencies may have different requirements. Some agencies will
accept a signature; others may require certification of
identity by a notarized signature or by a declaration by the
requester under penalty of perjury. If an individual goes to
the agency to inspect records, standard personal identification
may be acceptable. More stringent requirements may apply if the
records being sought are especially sensitive.
An agency will inform requesters of any special
identification requirements. Requesters who need records
quickly should first consult agency regulations or talk to the
agency's Privacy Act/FOIA officer to find out how to provide
adequate identification.
An individual who visits an agency office to inspect a
Privacy Act record may bring along a friend or relative to
review the record. When a requester brings another person, the
agency may ask the requester to sign a written statement
authorizing discussion of the record in the presence of that
person.
It is a crime to knowingly and willfully request or obtain
records under the Privacy Act under false pretenses. A request
for access under the Privacy Act can only be made by the
subject of the record. An individual cannot make a request
under the Privacy Act for a record about another person. The
only exception is for a parent or legal guardian who may
request records on behalf of a minor or a person who has been
declared incompetent.
E. FEES
Under the Privacy Act, fees can only be charged for the
cost of copying records. No fees may be charged for the time it
takes to search for records or for the time it takes to review
the records to determine if any exemptions apply. This is a
major difference from the FOIA. Under the FOIA, fees can
sometimes be charged to recover search costs and review
costs.\36\ The different fee structure in the two laws is one
reason many requesters seeking records about themselves cite
both laws. This minimizes allowable fees.
---------------------------------------------------------------------------
\36\ An individual seeking records about himself or herself under
the FOIA should not be charged review charges. The only charges
applicable under the FOIA are search and copy charges.
---------------------------------------------------------------------------
Many agencies will not charge fees for making a copy of a
Privacy Act file, especially when the file is small. If paying
the copying charges is a problem, the requester should explain
in the request letter. An agency can waive fees under the
Privacy Act.
F. REQUIREMENTS FOR AGENCY RESPONSES
Unlike the FOIA, there is no fixed time when an agency must
respond to a request for access to records under the Privacy
Act. It is good practice for an agency to acknowledge receipt
of a Privacy Act request within 10 days and to provide the
requested records within 30 days.
At many agencies, FOIA and Privacy Act requests are
processed by the same personnel. When there is a backlog of
requests, it takes longer to receive a response. As a practical
matter, there is little that a requester can do when an agency
response is delayed. Requesters should be patient.
Agencies generally process requests in the order in which
they were received. Some agencies will expedite the processing
of urgent requests. Anyone with a pressing need for records
should consult with the agency Privacy Act/FOIA officer about
how to ask for expedited treatment of requests.
G. REASONS ACCESS MAY BE DENIED UNDER THE PRIVACY ACT
Not all records about an individual must be disclosed under
the Privacy Act. Some records may be withheld to protect
important government interests such as national security or law
enforcement.
The Privacy Act exemptions are different than the
exemptions of the FOIA. Under the FOIA, any record may be
withheld from disclosure if it contains exempt information when
a request is received. The decision to apply a FOIA exemption
is made only after a request has been made. In contrast,
Privacy Act exemptions apply not to a record but to a system of
records. Before an agency can apply a Privacy Act exemption,
the agency must first issue a regulation stating that there may
be exempt records in that system of records.
Without reviewing system notices or agency regulations, it
is hard to tell whether particular Privacy Act records are
exempt from disclosure. However, it is a safe assumption that
any system of records that qualifies for an exemption has been
exempted by the agency.
Since most record systems are not exempt, the exemptions
are not relevant to most requests. Also, agencies do not always
rely upon available Privacy Act exemptions unless there is a
specific reason to do so. Thus, some records that could be
withheld will nevertheless be disclosed upon request.
Because Privacy Act exemptions are complex and used
infrequently, most requesters need not worry about them. The
exemptions are discussed here for those interested in the act's
details and for reference when an agency withholds records.
Anyone needing more information about the Privacy Act's
exemptions can begin by reading the relevant sections of the
act. The complete text of the act is reprinted in an appendix
to this Guide.\37\
---------------------------------------------------------------------------
\37\ In 1975, the Office of Management and Budget (OMB) issued
guidance to Federal agencies on the Privacy Act of 1974. Those
guidelines are a good source of commentary and explanation for many of
the provisions of the act. The OMB guidelines can be found at 40
Federal Register 28948 (July 9, 1975).
---------------------------------------------------------------------------
The Privacy Act's exemptions differ from those of the FOIA
in another important way. The FOIA is a disclosure law.
Information exempt under the FOIA is exempt from disclosure
only. The Privacy Act, however, imposes many separate
requirements on personal records. Some systems of records are
exempt from the disclosure requirements, but no system is
exempt from all Privacy Act requirements.
For example, no system of records is ever exempt from the
requirement that a description of the system be published. No
system of records can be exempted from the limitations on
disclosure of the records outside of the agency. No system is
exempt from the requirement to maintain an accounting for
disclosures. No system is exempt from the restriction against
the maintenance of unauthorized information on the exercise of
first amendment rights. All systems are subject to the
requirement that reasonable efforts be taken to ensure that
records disclosed outside the agency be accurate, complete,
timely, and relevant. Each agency must maintain proper
administrative controls and security for all systems. Finally,
the Privacy Act's criminal penalties remain fully applicable to
each system of records.
1. General Exemptions
There are two general exemptions under the Privacy Act. The
first applies to all records maintained by the Central
Intelligence Agency. The second applies to selected records
maintained by an agency or component whose principal function
is any activity pertaining to criminal law enforcement. Records
of criminal law enforcement agencies can be exempt under the
Privacy Act if the records consist of (A) information compiled
to identify individual criminal offenders and which consists
only of identifying data and notations of arrests, the nature
and disposition of criminal charges, sentencing, confinement,
release, and parole and probation status; (B) criminal
investigatory records associated with an identifiable
individual; or (C) reports identifiable to a particular
individual compiled at any stage from arrest through release
from supervision.
Systems of records subject to the general exemptions may be
exempted from many of the Privacy Act's requirements. Exemption
from the act's access and correction provisions is the most
important. An individual has no right under the Privacy Act to
ask for a copy of or to seek correction of a record subject to
the general exemptions.
In practice, these exemptions are not as expansive as they
sound. Most agencies that have exempt records will accept and
process Privacy Act requests. The records will be reviewed on a
case-by-case basis. Agencies will often disclose any
information that does not require protection. Agencies also
tend to follow a similar policy for requests for correction.
Individuals interested in obtaining records from the
Central Intelligence Agency or from law enforcement agencies
should not be discouraged from making requests for access. Even
if the Privacy Act access exemption is applied, portions of the
record may still be disclosable under the FOIA. This is a
primary reason individuals should cite both the Privacy Act and
the FOIA when requesting records.
2. Specific Exemptions
There are seven specific Privacy Act exemptions that can be
applied to systems of records. Records subject to these
exemptions are not exempt from as many of the act's
requirements as are the records subject to the general
exemptions. However, records exempt under the specific
exemptions are likely to be exempt from the Privacy Act's
access and correction provisions. Nevertheless, since the
access and correction exemptions are not always applied when
available, those seeking records should not be discouraged from
making a request. Also, the FOIA can be used to seek access to
records exempt under the Privacy Act.
The first specific exemption covers record systems
containing information properly classified in the interest of
national defense or foreign policy. Classified information is
also exempt from disclosure under the FOIA and will normally be
unavailable under both the FOIA and Privacy Acts.
The second specific exemption applies to systems of records
containing investigatory material compiled for law enforcement
purposes other than material covered by the general law
enforcement exemption. The specific law enforcement exemption
is limited when--as a result of the maintenance of the
records--an individual is denied any right, privilege, or
benefit to which he or she would be entitled by Federal law or
for which he or she would otherwise be entitled. In such a
case, disclosure is required except where disclosure would
reveal the identity of a confidential source who furnished
information to the government under an express promise that the
identity of the source would be held in confidence. If the
information was collected from a confidential source before the
effective date of the Privacy Act (September 27, 1975), an
implied promise of confidentiality is sufficient to permit
withholding of the identity of the source.\38\
---------------------------------------------------------------------------
\38\ This distinction between express and implied promises of
confidentiality is repeated throughout the specific exemptions of the
Privacy Act.
---------------------------------------------------------------------------
The third specific exemption applies to systems of records
maintained in connection with providing protective services to
the President of the United States or other individuals who
receive protection from the Secret Service.
The fourth specific exemption applies to systems of records
required by statute to be maintained and used solely as
statistical records.
The fifth specific exemption covers investigatory material
compiled solely to determine suitability, eligibility, or
qualifications for Federal civilian employment, military
service, Federal contracts, or access to classified
information. However, this exemption applies only to the extent
that disclosure of information would reveal the identity of a
confidential source who provided the information under a
promise of confidentiality.
The sixth specific exemption applies to systems of records
that contain testing or examination material used solely to
determine individual qualifications for appointment or
promotion in Federal service, but only when disclosure would
compromise the objectivity or fairness of the testing or
examination process. Effectively, this exemption permits
withholding of questions used in employment tests.
The seventh specific exemption covers evaluation material
used to determine potential for promotion in the armed
services. The material is only exempt to the extent that
disclosure would reveal the identity of a confidential source
who provided the information under a promise of
confidentiality.
3. Medical Records
Medical records maintained by Federal agencies--for
example, records at Veterans Administration hospitals--are not
formally exempt from the Privacy Act's access provisions.
However, the Privacy Act authorizes a special procedure for
medical records that operates, at least in part, like an
exemption.
Agencies may deny individuals direct access to medical
records, including psychological records, if the agency deems
it necessary. An agency normally reviews medical records
requested by an individual. If the agency determines that
direct disclosure is unwise, it can arrange for disclosure to a
physician selected by the individual or possibly to another
person chosen by the individual.
4. Litigation Records
The Privacy Act's access provisions include a general
limitation on access to civil litigation records. The act does
not require an agency to disclose to an individual any
information compiled in reasonable anticipation of a civil
action or proceeding. This limitation operates like an
exemption, although there is no requirement that the exemption
be applied by regulation to a system of records before it can
be used.
H. ADMINISTRATIVE APPEAL PROCEDURES FOR DENIAL OF ACCESS
Unlike the FOIA, the Privacy Act does not provide for an
administrative appeal of the denial of access. However, many
agencies have established procedures that will allow Privacy
Act requesters to appeal a denial of access without going to
court. An administrative appeal is often allowed under the
Privacy Act, even though it is not required, because many
individuals cite both the FOIA and Privacy Act when making a
request. The FOIA provides specifically for an administrative
appeal, and agencies are required to consider an appeal under
the FOIA.
When a Privacy Act request for access is denied, agencies
usually inform the requester of any appeal rights that are
available. If no information on appeal rights is included in
the denial letter, the requester should ask the Privacy Act/
FOIA officer. Unless an agency has established an alternative
procedure, it is possible that an appeal filed directly with
the head of the agency will be considered by the agency.
When a request for access is denied under the Privacy Act,
the agency explains the reason for the denial. The explanation
must name the system of records and explain which exemption is
applicable to the system. An appeal may be made on the basis
that the record is not exempt, that the system of records has
not been properly exempted, or that the record is exempt but no
harm to an important interest will result if the record is
disclosed.
There are three basic elements to a Privacy Act appeal
letter. First, the letter should state that the appeal is being
made under the Privacy Act of 1974. If the FOIA was cited when
the request for access was made, the letter should state that
the appeal is also being made under the FOIA. This is important
because the FOIA grants requesters statutory appeal rights.
Second, a Privacy Act appeal letter should identify the
denial that is being appealed and the records that were
withheld. The appeal letter should also explain why the denial
of access was improper or unnecessary.
Third, the appeal should include the requester's name and
address. It is a good practice for a requester to also include
a telephone number when making an appeal.
Appendix 1 includes a sample letter of appeal.
I. AMENDING RECORDS UNDER THE PRIVACY ACT
The Privacy Act grants an important right in addition to
the ability to inspect records. The act permits an individual
to request a correction of a record that is not accurate,
relevant, timely, or complete. This remedy allows an individual
to correct errors and to prevent incorrect information from
being disseminated by the agency or used unfairly against the
individual.
The right to seek a correction extends only to records
subject to the Privacy Act. Also, an individual can only
correct errors contained in a record that pertains to himself
or herself. Records disclosed under the FOIA cannot be amended
through the Privacy Act unless the records are also subject to
the Privacy Act. Records about unrelated events or about other
people cannot be amended unless the records are in a Privacy
Act file maintained under the name of the individual who is
seeking to make the correction.
A request to amend a record should be in writing. Agency
regulations explain the procedure in greater detail, but the
process is not complicated. A letter requesting an amendment of
a record will normally be addressed to the Privacy Act/FOIA
officer of the agency or to the agency official responsible for
the maintenance of the record system containing the erroneous
information. The envelope containing the request should be
marked ``Privacy Act Amendment Request'' on the lower left
corner.
There are five basic elements to a request for amending a
Privacy Act record.
First, the letter should state that it is a request to
amend a record under the Privacy Act of 1974.
Second, the request should identify the specific record and
the specific information in the record for which an amendment
is being sought. Copies of the records sought to be amended may
be included.
Third, the request should state why the information is not
accurate, relevant, timely, or complete. Supporting evidence
may be included with the request.
Fourth, the request should state what new or additional
information, if any, should be included in place of the
erroneous information. Evidence of the validity of the new or
additional information should be included. If the information
in the file is wrong and needs to be removed rather than
supplemented or corrected, the request should make this clear.
Fifth, the request should include the name and address of
the requester. It is a good idea for a requester to include a
telephone number.
Appendix 1 includes a sample letter requesting amendment of
a Privacy Act record.
J. APPEALS AND REQUIREMENTS FOR AGENCY RESPONSES
An agency that receives a request for amendment under the
Privacy Act must acknowledge receipt of the request within 10
days (not including Saturdays, Sundays, and legal holidays).
The agency must promptly rule on the request.
The agency may make the amendment requested. If so, the
agency must notify any person or agency to which the record had
previously been disclosed of the correction.
If the agency refuses to make the change requested, the
agency must inform the requester of: (1) the agency's refusal
to amend the record; (2) the reason for refusing to amend the
request; and (3) the procedures for requesting a review of the
denial. The agency must provide the name and business address
of the official responsible for conducting the review.
An agency must decide an appeal of a denial of a request
for amendment within 30 days (excluding Saturdays, Sundays, and
legal holidays), unless the time period is extended by the
agency for good cause. If the appeal is granted, the record
will be corrected.
If the appeal is denied, the agency must inform the
requester of the right to judicial review. In addition, a
requester whose appeal has been denied also has the right to
place in the agency file a concise statement of disagreement
with the information that was the subject of the request for
amendment.
When a statement of disagreement has been filed and an
agency is disclosing the disputed information, the agency must
mark the information and provide copies of the statement of
disagreement. The agency may also include a concise statement
of its reasons for not making the requested amendments. The
agency must also give a copy of the statement of disagreement
to any person or agency to whom the record had previously been
disclosed.
K. FILING FOR JUDICIAL APPEAL
The Privacy Act provides a civil remedy whenever an agency
denies access to a record or refuses to amend a record. An
individual may sue an agency if the agency fails to maintain
records with accuracy, relevance, timeliness, and completeness
as is necessary to assure fairness in any agency determination
and the agency makes a determination that is adverse to the
individual. An individual may also sue an agency if the agency
fails to comply with any other Privacy Act provision in a
manner that has an adverse effect on the individual.
The Privacy Act protects a wide range of rights about
personal records maintained by Federal agencies. The most
important are the right to inspect records and the right to
seek correction of records. Other rights have also been
mentioned here, and still others can be found in the text of
the act. Most of these rights can become the subject of
litigation.
An individual may file a lawsuit against an agency in the
Federal District Court in which the individual lives, in which
the records are situated, or in the District of Columbia. A
lawsuit must be filed within 2 years from the date on which the
basis for the lawsuit arose.
Most individuals require the assistance of an attorney to
file a lawsuit. An individual who files a lawsuit and
substantially prevails may be awarded reasonable attorney fees
and litigation costs reasonably incurred. Some requesters may
be able to handle their own case without an attorney. Since
this is not a litigation guide, details about the judicial
appeal process have not been included. Anyone considering
filing a Privacy Act lawsuit can begin by reviewing the
provisions of the Privacy Act on civil remedies.\39\
---------------------------------------------------------------------------
\39\ See note 30.
A P P E N D I X E S
----------
Appendix 1.--Sample Request and Appeal Letters
A. Freedom of Information Act Request Letter
Agency Head [or Freedom of Information Act Officer]
Name of Agency
Address of Agency
City, State, Zip Code
Re: Freedom of Information Act Request
Dear :
This is a request under the Freedom of Information Act.
I request that a copy of the following documents [or
documents containing the following information] be provided to
me: [identify the documents or information as specifically as
possible].
In order to help to determine my status for purposes of
determining the applicability of any fees, you should know that
I am (insert a suitable description of the requester and the
purpose of the request).
[Sample requester descriptions:
a representative of the news media affiliated with the
________ newspaper (magazine, television station,
etc.), and this request is made as part of news
gathering and not for a commercial use.
affiliated with an educational or noncommercial
scientific institution, and this request is made for a
scholarly or scientific purpose and not for a
commercial use.
an individual seeking information for personal use and
not for a commercial use.
affiliated with a private corporation and am seeking
information for use in the company's business.]
[Optional] I am willing to pay fees for this request up to
a maximum of $____. If you estimate that the fees will exceed
this limit, please inform me first.
[Optional] I request a waiver of all fees for this request.
Disclosure of the requested information to me is in the public
interest because it is likely to contribute significantly to
public understanding of the operations or activities of the
government and is not primarily in my commercial interest.
[Include specific details, including how the requested
information will be disseminated by the requester for public
benefit.]
[Optional] I request that the information I seek be
provided in electronic format, and I would like to receive it
on a personal computer disk [or a CD-ROM].
[Optional] I ask that my request receive expedited
processing because ________. [Include specific details
concerning your ``compelling need,'' such as being someone
``primarily engaged in disseminating information'' and
specifics concerning your ``urgency to inform the public
concerning actual or alleged Federal Government activity.'']
[Optional] I also include a telephone number at which I can
be contacted during the hours of ________, if necessary, to
discuss any aspect of my request.
Thank you for your consideration of this request.
Sincerely,
Name
Address
City, State, Zip Code
Telephone number
[Optional]
B. Freedom of Information Act Appeal Letter
Agency Head or Appeal Officer
Name of Agency
Address of Agency
City, State, Zip Code
Re: Freedom of Information Act Appeal
Dear :
This is an appeal under the Freedom of Information Act.
On (date), I requested documents under the Freedom of
Information Act. My request was assigned the following
identification number: ________. On (date), I received a
response to my request in a letter signed by (name of
official). I appeal the denial of my request.
[Optional] The documents that were withheld must be
disclosed under the FOIA because . . . .
[Optional] I appeal the decision to deny my request for a
waiver of fees. I believe that I am entitled to a waiver of
fees. Disclosure of the documents I requested is in the public
interest because it is likely to contribute significantly to
public understanding of the operations or activities of the
government and is not primarily in my commercial interest.
(Provide details)
[Optional] I appeal the decision to require me to pay
review costs for this request. I am not seeking the documents
for a commercial use. (Provide details)
[Optional] I appeal the decision to require me to pay
search and/or review charges for this request. I am a
representative of the news media seeking information as part of
news gathering and not for commercial use.
[Optional] I appeal the decision to require me to pay
search and/or review charges for this request. I am a
representative of an educational institution seeking
information for a scholarly purpose.
[Optional] I appeal the decision to require me to accept
the information I seek in a paper or hardcopy format. I
requested this information, which the agency maintains in an
electronic form, in an electronic format, specifically on a
personal computer disk [or a CD-ROM].
[Optional] I also include a telephone number at which I can
be contacted during the hours of ________, if necessary, to
discuss any
aspect of my appeal.
Thank you for your consideration of this appeal.
Sincerely,
Name
Address
City, State, Zip Code
Telephone number
[Optional]
C. Privacy Act Request for Access Letter
Privacy Act or Freedom of Information Officer
Name of Agency
Address of Agency
City, State, Zip Code
Re: Privacy Act and Freedom of Information Act Request for
Access
Dear :
This is a request under the Privacy Act of 1974 and the
Freedom of Information Act.
I request a copy of any records [or specifically named
records] about me maintained at your agency.
[Optional] To help you to locate my records, I have had the
following contacts with your agency: [mention job applications,
periods of employment, loans or agency programs applied for,
etc.].
[Optional] I am willing to pay fees for this request up to
a maximum of $____. If you estimate that the fees will exceed
this limit please inform me first.
[Optional] Enclosed is [a notarized signature or other
identifying document] that will verify my identity.
[Optional] I also include a telephone number at which I can
be contacted during the hours of ________, if necessary, to
discuss any aspect of my request.
Thank you for your consideration of this request.
Sincerely,
Name
Address
City, State, Zip Code
Telephone number
[Optional]
D. Privacy Act Denial of Access Appeal
Agency Head or Appeal Officer
Name of Agency
Address of Agency
City, State, Zip Code
Re: Appeal of Denial of Privacy Act and Freedom of Information
Act Access Request
Dear :
This is an appeal under the Privacy Act and the Freedom of
Information Act of the denial of my request for access to
records.
On (date), I requested access to records under the Privacy
Act of 1974. My request was assigned the following
identification number: ________. On (date), I received a
response to my request in a letter signed by (name of
official). I appeal the denial of my request.
[Optional] The records that were withheld should be
disclosed to me because . . . .
[Optional] Please consider that this appeal is also made
under the Freedom of Information Act. Please provide any
additional information that may be available under the FOIA.
[Optional] I also include a telephone number at which I can
be contacted during the hours of ________, if necessary, to
discuss any aspect of my appeal.
Thank you for your consideration of this appeal.
Sincerely,
Name
Address
City, State, Zip Code
