💾 Archived View for spam.works › mirrors › textfiles › law › foiacit.txt captured on 2023-06-16 at 18:58:30.
-=-=-=-=-=-=-
Copies of the original document can be ordered from the Government
Printing Office (202) - - for $3.00 each?. Document #
A Citizens Guide on Using the Freedom of Information Act and the
Privacy Act of 1974 to Request Government Records
102nd Congress
House Report. 102-146
July 10, 1991
Committed to the Committee of the Whole House on the State of the Union
and ordered to be printed
Sponsor: Mr. Conyers, from the Committee on Government Operations,
submitted the following:
Fourth Report
Conference Report
based on a study by the government information, justice, and
agriculture subcommittee
On June 26, 1991, the Committee on Government Operations approved
and adopted a report entitled "A Citizens Guide on Using the Freedom of
Information Act and the Privacy Act of 1974 to Request Government
Records." The chairman was directed to transmit a copy to the Speaker
of the House.
I. Preface
In 1977, the House Committee on Government Operations issued the
first Citizens Guide on how to request records from federal agencies.
The original Guide was reprinted many times and widely distributed. The
Superintendent of Documents at the Government Printing Office reported
that almost 50,000 copies were sold between 1977 and 1986 when the
guide went out of print. In addition, thousands of copies were
distributed by the House Committee on Government Operations, Members of
Congress, the Congressional Research Service, and other federal
agencies. The original Citizens Guide is one of the most widely read
congressional committee reports in history. A Citizens Guide on How to
Use the Freedom of Information Act and the Privacy Act in Requesting
Government Documents, House Report No. 95-796, 95th Cong., 1st Sess.
(1977).
In 1987, the Committee issued a revised Citizens Guide. The new
edition was prepared to reflect changes to the Freedom of Information
Act made during 1986. As a result of special efforts by the
Superintendent of Documents at the Government Printing Office, the
availability of the new Guide was well publicized. The 1987 edition
appeared on GPOs "Best Seller" list in the months following its
issuance. A Citizens Guide on Using the Freedom of Information Act and
the Privacy Act of 1974 To Request Government Records, House Report
No. 100-199, 100th Cong., 1st Sess. (1987).
During the 100th Congress, major amendments were made to the
Privacy Act of 1974. The Computer Matching and Privacy Protection
Act of 1988 added new provisions to the Privacy Act and changed
several existing requirements.
None of the changes affects a citizens rights to request or see
records held by federal agencies. However, some of the information in
the 1987 Guide became outdated as a result, and a third edition was
issued in 1989. Public Law 100-503. A Citizens Guide on Using the
Freedom of Information Act and the Privacy Act of 1974 To Request
Government Records, House Report No. 101-193, 101st Cong., 1st Sess.
(1989).
During the 101st Congress, the Privacy Act of 1974 was amended
through further adjustments to the Computer Matching and Privacy
Protection Act of 1988. The changes do not affect access rights. This
fourth edition of the Citizens Guide reflects all changes to the FOIA
and Privacy Act made through the end of 1990. Minor editorial changes
have also been made.
II. Introduction
A popular Government without popular information or the means of
acquiring it, is but a Prologue to a Farce or a Tragedy or perhaps
both. Knowledge will forever govern ignorance, and a people who mean
to be their own Governors, must arm themselves with the power knowledge
gives. James Madison Letter to W.T. Barry, August 4, 1822, in G.P.
Hunt, ed., IX The Writings of James Madison 103 (1910).
The Committee wishes to acknowledge the assistance of Harold C.
Relyea, Specialist, American National Government, Government Division,
Congressional Research Service, in the preparation of this report.
The Freedom of Information Act (FOIA) establishes a presumption that
records in the possession of agencies and departments of the Executive
Branch of the United States government are accessible to the people.
This was not always the approach to federal information disclosure
policy. Before enactment of the FOIA in 1966, the burden was on the
individual to establish a right to examine these government records.
There were no statutory guidelines or procedures to help a person
seeking information. There were no judicial remedies for those denied
access.
With the passage of the FOIA, the burden of proof shifted from the
individual to the government. Those seeking information are no longer
required to show a need for information. Instead, the "need to know"
standard has been replaced by a "right to know" doctrine. The
government now has to justify the need for secrecy.
The FOIA sets standards for determining which records must be
disclosed and which records can be withheld. The law also provides
administrative and judicial remedies for those denied access to
records. Above all, the statute requires federal agencies to provide
the fullest possible disclosure of information to the public.
The Privacy Act of 1974 is a companion to the FOIA. The Privacy
Act regulates federal government agency record keeping and disclosure
practices. The Act allows most individuals to seek access to federal
agency records about themselves. The Act requires that personal
information in agency files be accurate, complete, relevant, and
timely. The subject of a record may challenge the accuracy of
information. The Act requires that agencies obtain information directly
from the subject of the record and that information gathered for one
purpose not be used for another purpose. As with the FOIA, the
Privacy Act provides civil remedies for individuals whose rights have
been violated.
Another important feature of the Privacy Act is the requirement
that each federal agency publish a description of each system of
records maintained by the agency that contains personal information.
This prevents agencies from keeping secret records.
The Privacy Act also restricts the disclosure of personally
identifiable information by federal agencies. Together with the FOIA,
the Privacy Act permits disclosure of most personal files to the
individual who is the subject of the files. The two laws restrict
disclosure of personal information to others when disclosure would
violate privacy interests.
While both the FOIA and the Privacy Act support the disclosure of
agency records, both laws also recognize the legitimate need to
restrict disclosure of some information. For example, agencies may
withhold information properly classified in the interest of national
defense or foreign policy, trade secrets, and criminal investigatory
files. Other specifically defined categories of confidential
information may also be withheld.
The essential feature of both laws is that they make federal
agencies accountable for information disclosure policies and practices.
While neither law grants an absolute right to examine government
documents, both laws establish the right to request records and to
receive a response to the request. If a record cannot be released, the
requester is entitled to be told the reason for the denial. The
requester also has a right to appeal the denial and, if necessary, to
challenge it in court.
These procedural rights granted by the FOIA and the Privacy Act
make the laws valuable and workable. As a result, the disclosure of
federal government information cannot be controlled by arbitrary or
unreviewable actions.
III. Recommendations
The Committee recommends that this Citizens Guide be made widely
available at low cost to anyone who has an interest in obtaining
documents from the federal government. The Government Printing Office
and federal agencies subject to the Freedom of Information Act and the
Privacy Act of 1974 should distribute this report widely.
The Committee also recommends that this Citizens Guide be used by
federal agencies in training programs for government employees who are
responsible for administering the Freedom of Information Act and the
Privacy Act of 1974. The Guide should also be used by those government
employees who only occasionally work with these two laws.
IV. How To Use This Guide
This report explains how to use the Freedom of Information Act and
the
Privacy Act of 1974. It reflects all changes to the laws made since
1977. Major amendments to the Freedom of Information Act passed in 1974
and 1986. A major addition to the Privacy Act of 1974 was enacted in
1988. Minor amendments to the Privacy Act were made in 1989 and 1990.
This Guide is intended to serve as a general introduction to the
Freedom of Information Act and the Privacy Act. It offers neither a
comprehensive explanation of the details of these Acts nor an analysis
of case law. The Guide will enable those who are unfamiliar with the
laws to understand the process and to make a request. In addition, the
complete text of each law is included in an appendix. This Guide is
primarily intended to help the general public. It includes a complete
explanation of the basics of the two laws. In the interest of producing
a guide that would be both simple and useful to the intended audience,
the Committee deliberately avoided addressing some of the issues that
are highly controversial. The Committee cautions against treating the
neutrally written descriptions contained in this report as definitive
expressions of the Committees views of the law or congressional intent.
The Committee has expressed its views on some of these issues in other
reports. See, for example, Security Classification Policy and Executive
Order 12356, House Report No. 97-731, 97th Cong., 2d Sess. (1982); Who
Cares About Privacy? Oversight of the Privacy Act of 1974 by the
Office of Management and Budget and by the Congress, House Report
98-455, 98th Cong., 1st Sess. (1983); Electronic Collection and
Dissemination of Information by Federal Agencies: A Policy Overview,
House Report 99-560, 99th Cong., 2d Sess. (1986); Freedom of
Information Act Amendments of 1986, House Report 99-832, 99th Cong., 2d
Sess. (1986) (report to accompany H.R. 4862). The latter report is a
legislative report for a bill reforming the business procedures of the
FOIA. The bill did not become law. The 1986 amendments to the FOIA were
made by the Freedom of Information Reform Act of 1986, Public Law
99-570. There were no committee reports in either House or Senate
accompanying the Freedom of Information Reform Act.
Readers should be aware that FOIA litigation is a complex area of
law. There are thousands of court decisions interpreting the FOIA.
These decisions must be considered in order to develop a complete
understanding of the principles governing disclosure of government
information. Anyone requiring more details about the FOIA, its history,
or the case law should consult other sources. There has been less
controversy and less litigation over the Privacy Act, but there is
nevertheless a considerable body of case law for the Privacy Act as
well. There are other sources of information on the Privacy Act as
well. See, e.g., U.S. Department of Justice, Freedom of Information
Case List (published annually).
However, no one should be discouraged from making a request under
either law. No special expertise is required. Using the Freedom of
Information Act and the Privacy Act is as simple as writing a letter.
This Citizens Guide explains the essentials.
V. Which Act To Use
The access provisions of the FOIA and the Privacy Act overlap in
part. The two laws have different procedures and different exemptions.
As a result, sometimes information exempt under one law will be
disclosable under the other.
In order to take maximum advantage of the laws, an individual
seeking information about himself or herself should normally cite both
laws. Requests by an individual for information that does not relate
solely to himself or herself should be made only under the FOIA.
Congress intended that the two laws be considered together in the
processing of requests for information. Many government agencies will
automatically handle requests from individuals in a way that will
maximize the amount of information that is disclosable. However, a
requester should still make a request in a manner that is most
advantageous and that fully protects all available legal rights. A
requester who has any doubts about which law to use should always cite
both the FOIA and the Privacy Act when seeking documents from the
federal government.
VI. The Freedom of Information Act
A. The Scope Of The Freedom of Information Act
The federal Freedom of Information Act applies to documents held by
agencies in the executive branch of the federal government. The
executive branch includes cabinet departments, military departments,
government corporations, government controlled corporations,
independent regulatory agencies, and other establishments in the
executive branch.
The FOIA does not apply to elected officials of the federal
government, including the President, Vice President, Senators, and
Congressmen. The FOIA does not apply to the federal judiciary. The FOIA
does not apply to private companies; persons who receive federal
contracts or grants; tax-exempt organizations; or state or local
governments. The Presidential Records Act of 1978, 44 U.S.C.
2201-2207 (1982), does make the documentary materials of former
Presidents subject to the FOIA in part. Presidential papers and
documents generated after January 20, 1981, will be available subject
to certain restrictions and delays under the general framework of the
FOIA. Virtually all official records of the Congress are available to
the public. The Congressional Record, all bills introduced in the House
and the Senate, and all committee reports (except for those containing
classified information) are printed and disseminated. Most committee
hearings are also printed and available. Copies of most congressional
publications are available at federal depository libraries throughout
the county. Historical records of the Congress are made available in
accordance with procedures established by House and Senate rules. In
addition, almost all activities of the Congress take place in public.
The sessions of the House and Senate are normally open to the public
and televised. Most committee hearings and markups are open to the
public, and some are televised.
All States and some localities have passed laws like the FOIA that
allow people to request access to records. In addition, there are other
federal and state laws that may permit access to documents held by
organizations not covered by the federal FOIA. See, e.g., the Federal
Fair Credit Reporting Act, 15 U.S.C. 1681 et seq. (1982) (providing
for access to files of credit bureaus); the Federal Family Educational
Rights and Privacy Act of 1974, 20 U.S.C. 1232g (1982) (providing
for access to records maintained by schools and colleges). Some states
have enacted laws allowing individuals to have access to personnel
records maintained by employers. See, e.g., Michigan Compiled Laws
Annotated 423.501.
B. What Records Can Be Requested Under The FOIA?
The FOIA requires agencies to publish or make available for public
inspection several types of information. This includes: (1)
descriptions of agency organization and office addresses; (2)
statements of the general course and method of agency operation; (3)
rules of procedure and descriptions of forms; (4) substantive rules of
general applicability and general policy statements; (5) final opinions
made in the adjudication of cases; and (6) administrative staff manuals
that affect the public. This information must either be published in
the Federal Register or made available for inspection and copying
without the formality of an FOIA request.
All other "records" of a federal agency may be requested under the
FOIA. However, the FOIA does not define "record." Any item containing
information that is in the possession, custody, or control of an agency
is usually considered to be an agency record under the FOIA. Personal
notes of agency employees may not be agency records. A document that is
not a "record" will not be available under the FOIA.
The form in which a record is maintained by an agency does not
affect its availability. A request may seek a printed or typed
document, tape recording, map, photograph, computer printout, computer
tape or disk, or a similar item.
Of course, not all records that can be requested must be disclosed.
Information that is exempt from disclosure is described below in the
section entitled "Reasons Access May Be Denied Under the FOIA."
The FOIA carefully provides that a requester may ask for records
rather than information. This means that an agency is only required to
look for an existing record or document in response to an FOIA request.
An agency is not obliged to create a new record to comply with a
request. An agency is not required to collect information it does not
have. Nor must an agency do research or analyze data for a requester.
When records are maintained in a computer, an agency is required to
retrieve information in response to an FOIA request. The process of
retrieving the information may result in the creation of a new document
when the data is printed out on paper or written on computer tape or
disk. Since this may be the only way computerized data can be
disclosed, agencies are required to provide the data even if it means a
new document must be created.
Requesters must ask for existing records. Requests may have to be
carefully written in order to obtain the desired information.
Sometimes, an agency will help a requester identify a specific document
that contains the information being sought. Other times, a requester
may need to be creative when writing an FOIA request in order to
identify an existing document or set of documents containing the
desired information.
There is a second general limitation on FOIA requests. The law
requires that each request must reasonably describe the records being
sought. This means that a request must be specific enough to permit a
professional employee of the agency who is familiar with the subject
matter to locate the record in a reasonable period of time.
Because agencies organize and index records in different ways, one
agency may consider a request to be reasonably descriptive while
another agency may reject
a similar request as too vague. For example, the Federal Bureau of
Investigation has a central index for its primary record system. As a
result, the FBI is able to search for records about a specific person.
However, agencies that do not maintain a central name index may be
unable to conduct the same type of search. These agencies may reject a
similar request because the request does not describe records that can
be identified.
Requesters should make requests as specific as possible. If a
particular document is required, it should be identified precisely,
preferably by date and title. However, a request does not always have
to be that specific. A requester who cannot identify a specific record
should clearly explain his or her needs. A requester should make sure,
however, that a request is broad enough to include all desired
information.
For example, assume that a requester wants to obtain a list of toxic
waste sites near his home. A request to the Environmental Protection
Agency for all records on toxic waste would cover many more records
than are needed. The fees for such a request might be very high, and it
is possible that the request might be rejected as too vague.
A request for all toxic waste sites within three miles of a
particular address is very specific. But it is unlikely that EPA would
have an existing record containing data organized in that fashion. As a
result, the request might be denied because there is no existing record
containing the information.
The requester might do better to ask for a list of toxic waste sites
in his city, county, or state. It is more likely that existing records
might contain this information. The requester might also want to tell
the agency in the request letter exactly what information is desired.
This additional explanation may help the agency to find a record that
meets the request.
Many people include their telephone number with their requests. Some
questions about the scope of a request can be resolved quickly when an
agency employee and the requester talk. This is an efficient way to
resolve questions that arise during the processing of FOIA requests.
It is to everyone's advantage if requests are as precise and as
narrow as possible. The requester benefits because the request can be
processed faster and cheaper. The agency benefits because it can do a
better job of responding to the request. The agency will also be able
to use its resources to respond to more requests. The FOIA works best
when both the requester and the agency act cooperatively.
C. Making an FOIA Request
The first step in making a request under the FOIA is to identify the
agency that has the records. An FOIA request must be addressed to a
specific agency. There is no central government records office that
services FOIA requests.
Often, a requester knows beforehand which agency has the desired
records. If not, a requester can consult a government directory such
as the United States Government Manual. This manual has a complete
list of all federal agencies, a description of agency functions, and
the address of each agency. A requester who is uncertain about which
agency has the records that are needed can make FOIA requests at more
than one agency. The United States Government Manual is sold by the
Superintendent of Documents of the U.S. Government Printing Office.
Virtually every public library should have a copy on its shelves.
Agencies normally require that FOIA requests be in writing. Letters
requesting records under the FOIA can be short and simple. No one needs
a lawyer
to make an FOIA request. Appendix 1 of this Guide contains a sample
request letter.
The request letter should be addressed to the agency's FOIA Officer
or to the head of the agency. The envelope containing the written
request should be marked Freedom of Information Act Request in the
bottom left-hand corner.
All agencies have issued FOIA regulations that describe the request
process in greater detail. For example, large agencies may have several
components each of which has its own FOIA rules. A requester who can
find agency FOIA regulations in the Code of Federal Regulations
(available in many libraries) might find it useful to check these
regulations before making a request. A requester who follows the
agency's specific procedures may receive a faster response. However,
the simple procedures suggested in this guide will be adequate to meet
the minimum requirements for an FOIA request.
There are three basic elements to an FOIA request letter. First, the
letter should state that the request is being made under the Freedom of
Information Act. Second, the request should identify the records that
are being sought as specifically as possible. Third, the name and
address of the requester must be included.
Under the 1986 amendments to the FOIA, fees chargeable vary with the
status or purpose of the requester. As a result, a requester may have
to provide additional information to permit the agency to determine the
appropriate fees. Different fees can be charged to commercial users,
representatives of the news media, educational or noncommercial
scientific institutions, and individuals. The next section explains the
fee structure in more detail.
There are several optional items that are often included in an FOIA
request. The first is the telephone number of the requester. This
permits an agency employee processing a request to speak with the
requester if necessary.
A second optional item is a limitation on the fees that the
requester is willing to pay. It is common for a requester to ask to be
notified in advance if the charges will exceed a fixed amount. This
allows the requester to modify or withdraw a request if the cost may be
too high. Also, by stating a willingness to pay a set amount of fees
in the original request letter, a requester may avoid the necessity of
additional correspondence and delay.
A third optional item sometimes included in an FOIA request is a
request for a waiver or reduction of fees. The 1986 amendments to the
FOIA changed the rules for fee waivers. Fees must be waived or reduced
if disclosure of the information is in the public interest because it
is likely to contribute significantly to public understanding of the
operations or activities of the government and is not primarily in the
commercial interest of the requester. Decisions about granting fee
waivers are separate from and different than decisions about the amount
of fees that can be charged to a requester.
A requester should keep a copy of the request letter and related
correspondence until the request has been finally resolved.
D. Fees and Fee Waivers
FOIA requesters may have to pay fees covering some or all of the
costs of processing their requests. As amended in 1986, the law
establishes three types of fees that may be charged. The 1986 law makes
the process of determining the applicable fees more complicated.
However, the 1986 rules reduce or eliminate entirely the cost for
small, non-commercial requests.
First, fees can be imposed to recover the cost of copying documents.
All agencies have a fixed price for making copies using copying
machines. A requester is usually charged the actual cost of copying
computer tapes, photographs, and other nonstandard documents.
Second, fees can also be imposed to recover the costs of searching
for documents. This includes the time spent looking for material
responsive to a request. A requester can minimize search charges by
making clear, narrow requests for identifiable documents whenever
possible.
Third, fees can be charged to recover review costs. Review is the
process of examining documents to determine whether any portion is
exempt from disclosure. Before the 1986 amendments took effect, no
review costs were charged to any requester. Effective on April 25,
1987, review costs may be charged to commercial requesters only. Review
charges only include costs incurred during the initial examination of a
document. An agency may not charge for any costs incurred in resolving
issues of law or policy that may arise while processing a request.
Different fees apply to different requesters. There are three
categories of FOIA requesters. The first includes representatives of
the news media, and educational or noncommercial scientific
institutions whose purpose is scholarly or scientific research. A
requester in this category who is not seeking records for commercial
use can only be billed for reasonable standard document duplication
charges. A request for information from a representative of the news
media is not considered to be for commercial use if the request is in
support of a news gathering or dissemination function.
The second category includes FOIA requesters seeking records for
commercial use. Commercial use is not defined in the law, but it
generally includes profit making activities. A commercial user can be
charged reasonable standard charges for document duplication, search,
and review.
The third category of FOIA requesters includes everyone not in the
first two categories. People seeking information for personal use,
public interest groups, and non-profit organizations are examples of
requesters who fall into the third group. Charges for these requesters
are limited to reasonable standard charges for document duplication and
search. Review costs may not be charged. The 1986 amendments did not
change the fees charged to these requesters.
Small requests are free for a requester in the first and third
categories. This includes all requesters except commercial users. There
is no charge for the first two hours of search time and for the first
100 pages of documents. A non-commercial requester who limits a request
to a small number of easily found records will not pay any fees at all.
In addition, the law also prevents agencies from charging fees if
the cost of collecting the fee would exceed the amount collected. This
limitation applies to all requests, including those seeking documents
for commercial use. Thus, if the allowable charges for any FOIA request
are small, no fees are imposed.
Each agency sets charges for duplication, search, and review based
on its own costs. The amount of these charges is listed in agency FOIA
regulations. Each agency also sets its own threshold for minimum
charges.
The 1986 FOIA amendments also changed the law on fee waivers. Fees
now must be waived or reduced if disclosure of the information is in
the public interest because it is likely to contribute significantly to
public understanding of the operations or activities of the government
and is not primarily in the commercial interest of the requester.
The 1986 amendments on fees and fee waivers have created some
confusion. Determinations about fees are separate and distinct from
determinations about fee waivers. For example, a requester who can
demonstrate that he or she is a news reporter may only be charged
duplication fees. But a requester found to be a reporter is not
automatically entitled to a waiver of those fees. A reporter who seeks
a waiver must demonstrate that the request also meets the standards for
waivers.
Normally, only after a requester has been categorized to determine
the applicable fees does the issue of a fee waiver arise. A requester
who seeks a fee waiver should ask for a waiver in the original request
letter. However, a request for a waiver can be made at a later time.
The requester should describe how disclosure will contribute to public
understanding of the operations or activities of the government. The
sample request letter in the appendix includes optional language asking
for a fee waiver.
Any requester may ask for a fee waiver. Some will find it easier to
qualify than others. A news reporter who is only charged duplication
costs may still ask that the charges be waived because of the public
benefits that will result from disclosure. A representative of the news
media, a scholar, or a public interest group are more likely to qualify
for a waiver of fees. A commercial user may find it difficult to
qualify for waivers.
The eligibility of other requesters will vary. A key element in
qualifying for a fee waiver is the relationship of the information to
public understanding of the operations or activities of government.
Another important factor is the ability of the requester to convey that
information to other interested members of the public. A requester is
not eligible for a fee waiver solely because of indigence.
E. Requirements for Agency Responses
Each agency is required to determine within ten days (excluding
Saturdays, Sundays, and legal holidays) after the receipt of a request
whether to comply with the request. The actual disclosure of documents
is required to follow promptly thereafter. If a request is denied in
whole or in part, the agency must tell the requester the reasons for
the denial. The agency must also tell the requester that there is a
right to appeal any adverse determination to the head of the agency.
The FOIA permits an agency to extend the time limits up to ten days
in unusual circumstances. These circumstances include the need to
collect records from remote locations, review large numbers of records,
and consult with other agencies. The agency is supposed to notify the
requester whenever an extension is invoked. Agencies that take more
than ten days to respond to a request do not always notify each
requester that an extension has been invoked.
The statutory time limits for responses are not always met. An
agency sometimes receives an unexpectedly large number of FOIA requests
at one time and is unable to meet the deadlines. Some agencies assign
inadequate resources to FOIA offices. The Congress does not condone the
failure of any agency to meet the laws time limits. However, as a
practical matter, there is little that a requester can do about it. The
courts have been reluctant to provide relief solely because the FOIA's
time limits have not been met.
The best advice to requesters is to be patient. The law allows a
requester to consider that his or her request has been denied if it has
not been decided within the time limits. This permits the requester to
file an administrative appeal or file a lawsuit in federal district
court. However, this is not always the best course of action. The
filing of an administrative or judicial appeal will not necessarily
result in any faster processing of the request.
Each agency generally processes requests in the order of receipt.
Some agencies will expedite the processing of urgent requests. Anyone
with a pressing need for records should consult with the agency FOIA
officer about how to ask for expedited treatment of requests.
F. Reasons Access May Be Denied Under the FOIA
An agency may refuse to disclose an agency record that falls within
any of the FOIA's nine statutory exemptions. The exemptions protect
against the disclosure of information that would harm national defense
or foreign policy,
privacy of individuals, proprietary interests of business,
functioning of the government, and other important interests. A
document that does not qualify as an "agency record" may be denied on
this basis. However, most records in the possession of an agency are
"agency records" within the meaning of the FOIA.
An agency may withhold exempt information, but it is not always
required to do so. For example, an agency may disclose an exempt
internal memorandum because no harm would result from its disclosure.
However, an agency is not likely to agree to disclose an exempt
document that is classified or that contains a trade secret.
When a record contains some information that qualifies as exempt,
the entire record is not necessarily exempt. Instead, the FOIA
specifically provides that any reasonably segregable portions of a
record must be provided to a requester after the deletion of the
portions that are exempt. This is a very important requirement because
it prevents an agency from withholding an entire document simply
because one line or one page is exempt.
Exemption 1. Classified Documents
The first FOIA exemption permits the withholding of properly
classified documents. Information may be classified in the interest of
national defense or foreign policy.
The rules for classification are established by the President and
not the FOIA or other law. The FOIA provides that, if a document has
been properly classified under a presidential Executive Order, the
document can be withheld from disclosure.
Classified documents may be requested under the FOIA. An agency can
review the document to determine if it still requires protection. In
addition, the Executive Order on Security Classification establishes a
special procedure for requesting the declassification of documents. If
a requested document is declassified, it can be released in response to
an FOIA request. However, a document that is declassified may still be
exempt under other FOIA exemptions. At the time that this guide was
prepared, the current Executive Order on Security Classification was
E.O. 12356 which was promulgated by President Reagan on April 2, 1982.
The text of the order can be found at 47 Federal Register 14874-84
(April 6, 1982). The rules for mandatory review for declassification
are in Section 3.4 of the Executive Order.
Exemption 2. Internal Personnel Rules and Practices
The second FOIA exemption covers matters that are related solely to
an agency's internal personnel rules and practices. As interpreted by
the courts, there are two separate classes of documents that are
generally held to fall within exemption two.
First, information relating to personnel rules or internal agency
practices is exempt if it is trivial administrative matter of no
genuine public interest. A rule governing lunch hours for agency
employees is an example.
Second, an internal administrative manual can be exempt if
disclosure would risk circumvention of law or agency regulations. In
order to fall into this category, the material will normally have to
regulate internal agency conduct rather than public behavior.
Exemption 3. Information Exempt Under Other Laws
The third exemption incorporates into the FOIA other laws that
restrict the availability of information. To qualify under this
exemption, a statute must require that matters be withheld from the
public in such a manner as to leave no discretion to the agency.
Alternatively, the statute must establish particular criteria for
withholding or refer to particular types of matters to be withheld.
One example of a qualifying statute is the provision of the Tax Code
prohibiting the public disclosure of tax returns and tax return
information. Another qualifying Exemption 3 statute is the law
designating identifiable census data as confidential. Whether a
particular statute qualifies under Exemption 3 can be a difficult legal
question. 26 U.S.C. 6103 (1982). 8517 13 U.S.C. 9 (1982). 4.
Exemption 4. Confidential Business Information
The fourth exemption protects from public disclosure two types of
information: trade secrets and confidential business information. A
trade secret is a commercially valuable plan, formula, process, or
device. This is a narrow category of information. An example of a trade
secret is the recipe for a commercial food product.
The second type of protected data is commercial or financial
information obtained from a person and privileged or confidential. The
courts have held that data qualifies for withholding if disclosure by
the government would be likely to harm the competitive position of the
person who submitted the information. Detailed information on a
company's marketing plans, profits, or costs can qualify as
confidential business information. Information may also be withheld if
disclosure would be likely to impair the governments ability to obtain
similar information in the future.
Only information obtained from a person other than a government
agency qualifies under the fourth exemption. A person is an individual,
a partnership, or a corporation. Information that an agency created on
its own cannot normally be withheld under exemption four.
Although there is no formal requirement under the FOIA, many
agencies will notify a submitter of business information that
disclosure of the information is being considered. The submitter then
has an opportunity to convince the agency that the information
qualifies for withholding. A submitter can also file suit to block
disclosure under the FOIA. Such lawsuits are generally referred to as
"reverse" FOIA lawsuits because the FOIA is being used in an attempt to
prevent rather than to require the disclosure of information. A reverse
FOIA lawsuit may be filed when the submitter of documents and the
government disagree whether the information is confidential. See
"Predisclosure Notification Procedures for Confidential Commercial
Information," Executive Order 12600 (June 23, 1987).
Exemption 5. Internal Government Communications
The FOIA?s fifth exemption applies to internal government documents.
An example is a letter from one government department to another about
a joint decision that has not yet been made. Another example is a
memorandum from an agency employee to his supervisor describing options
for conducting the agency's business.
The purpose of the fifth exemption is to safeguard the deliberative
policy making process of government. The exemption encourages frank
discussion of policy matters between agency officials by allowing
supporting documents to be withheld from public disclosure. The
exemption also protects against premature disclosure of policies before
final adoption.
While the policy behind the fifth exemption is well-accepted, the
application of the exemption is complicated. The fifth exemption may be
the most difficult FOIA exemption to understand and apply. For example,
the exemption protects the policy making process, but it does not
protect purely factual information related to the policy process.
Factual information must be disclosed unless it is inextricably
intertwined with protected information about an agency decision.
Protection for the decision making process is appropriate only for
the period while decisions are being made. Thus, the fifth exemption
has been held to distinguish between documents that are pre-decisional
and therefore may be protected, and those which are post-decisional and
therefore not subject to protection. Once a policy is adopted, the
public has a greater interest in knowing the basis for the decision.
The exemption also incorporates some of the privileges that apply in
litigation involving the government. For example, papers prepared by
the governments lawyers can be withheld in the same way that papers
prepared by private lawyers for clients are not available through
discovery in civil litigation.
Exemption 6. Personal Privacy
The sixth exemption covers personnel, medical, and similar files the
disclosure of which would constitute a clearly unwarranted invasion of
personal privacy. This exemption protects the privacy interests of
individuals by allowing an agency to withhold intimate personal data
kept in government files. Only individuals have privacy interests.
Corporations and other legal persons have no privacy rights under the
sixth exemption.
The exemption requires agencies to strike a balance between an
individual?s privacy interest and the publics right to know. However,
since only a clearly unwarranted invasion of privacy is a basis for
withholding, there is a perceptible tilt in favor of disclosure in the
exemption. Nevertheless, the sixth exemption makes it harder to obtain
information about another individual without the consent of that
individual.
The Privacy Act of 1974 also regulates the disclosure of personal
information about an individual. The FOIA and the Privacy Act overlap
in part, but there is no inconsistency. An individual seeking records
about himself or herself should cite both laws when making a request.
This ensures that the maximum amount of disclosable information will be
released. Records that can be denied to an individual under the
Privacy Act are not necessarily exempt under the FOIA.
Exemption 7. Law Enforcement
The seventh exemption allows agencies to withhold law enforcement
records in order to protect the law enforcement process from
interference. The exemption was amended slightly in 1986, but it still
retains six specific subexemptions.
Exemption (7)(A) allows the withholding of a law enforcement record
that could reasonably be expected to interfere with enforcement
proceedings. This exemption protects an active law enforcement
investigation from interference through premature disclosure.
Exemption (7)(B) allows the withholding of information that would
deprive a person of a right to a fair trial or an impartial
adjudication. This exemption is rarely used.
Exemption (7)(C) recognizes that individuals have a privacy
interest in information maintained in law enforcement files. If the
disclosure of information could reasonably be expected to constitute an
unwarranted invasion of personal privacy, the information is exempt
from disclosure. The standards for privacy protection in Exemption 6
and Exemption (7)(C) differ slightly. Exemption (7)(C) protects against
an unwarranted invasion of personal privacy while Exemption 6 protects
against clearly a unwarranted invasion. Also, Exemption (7)(C) allows
the withholding of information that "could reasonably be expected to"
invade someone's privacy. Under Exemption 6, information can be
withheld only if disclosure "would" invade someone's privacy.
Exemption (7)(D) protects the identity of confidential sources.
Information that could reasonably be expected to reveal the identity of
a confidential source is exempt. A confidential source can include a
state, local, or foreign agency or authority, or a private institution
that furnished information on a confidential basis. In addition, the
exemption protects information furnished by a confidential source if
the data was compiled by a criminal law enforcement authority during a
criminal investigation or by an agency conducting a lawful national
security intelligence investigation.
Exemption (7)(E) protects from disclosure information that would
reveal techniques and procedures for law enforcement investigations or
prosecutions or that would disclose guidelines for law enforcement
investigations or prosecutions if disclosure of the information could
reasonably be expected to risk circumvention of the law.
Exemption (7)(F) protects law enforcement information that could
reasonably be expected to endanger the life or physical safety of any
individual. 8. Exemption 8. Financial Institutions
The eighth exemption protects information that is contained in or
related to examination, operating, or condition reports prepared by or
for a bank supervisory agency such as the Federal Deposit Insurance
Corporation, the Federal Reserve, or similar agencies. 9. Exemption 9.
Geological Information
The ninth FOIA exemption covers geological and geophysical
information, data, and maps about wells. This exemption is rarely used.
G. FOIA Exclusions
The 1986 amendments to the FOIA gave limited authority to agencies
to respond to a request without confirming the existence of the
requested records. Ordinarily, any proper request must receive an
answer stating whether there is any responsive information, even if the
requested information is exempt from disclosure.
In some narrow circumstances, acknowledgment of the existence of a
record can produce consequences similar to those resulting from
disclosure of the record itself. In order to avoid this type of
problem, the 1986 amendments established three "record exclusions."
The exclusions allow an agency to treat certain exempt records as if
the records were not subject to the FOIA. An agency is not required to
confirm the existence of three specific categories of records. If these
records are requested, the agency may respond that there are no
disclosable records responsive to the request. However, these
exclusions do not broaden the authority of any agency to withhold
documents from the public. The exclusions are only applicable to
information that is otherwise exempt from disclosure.
The first exclusion may be used when a request seeks information
that is exempt because disclosure could reasonably be expected to
interfere with a current law enforcement investigation (exemption
(7)(A)). There are three specific prerequisites for the application of
this exclusion. First, the investigation in question must involve a
possible violation of criminal law. Second, there must be reason to
believe that the subject of the investigation is not already aware that
the investigation is underway. Third, disclosure of the existence of
the records as distinguished from the contents of the records could
reasonably be expected to interfere with enforcement proceedings.
When all of these conditions exist, an agency may respond to an FOIA
request for investigatory records as if the records are not subject to
the requirements of the FOIA. In other words, the agency's response
does not have to reveal that it is conducting an investigation.
The second exclusion applies to informant records maintained by a
criminal law enforcement agency under the informants name or personal
identifier. The agency is not required to confirm the existence of
these records unless the informants status has been officially
confirmed. This exclusion helps agencies to protect the identity of
confidential informants. Information that might identify informants has
always been exempt under the FOIA.
The third exclusion only applies to records maintained by the
Federal Bureau of Investigation which pertain to foreign intelligence,
counterintelligence, or international terrorism. When the existence of
these types of records is classified, the FBI may treat the records as
not subject to the requirements of FOIA.
This exclusion does not apply to all classified records on the
specific subjects. It only applies when the records are classified and
when the existence of the records is also classified. Since the
underlying records must be classified before the exclusion is relevant,
agencies have no new substantive withholding authority.
In enacting these exclusions, congressional sponsors stated that it
was their intent that agencies must inform FOIA requesters that these
exclusions are available for agency use. Requesters who believe that
records were improperly withheld because of the exclusions can seek
judicial review.
H. Administrative Appeal Procedures
Whenever an FOIA request is denied, the agency must inform the
requester of the reasons for the denial and the requesters right to
appeal the denial to the head of the agency. A requester may appeal the
denial of a request for a document or for a fee waiver. A requester may
contest the type or amount of fees that were charged. A requester may
appeal any other type of adverse determination including a rejection of
a request for failure to describe adequately the documents being
requested. A requester can also appeal because the agency failed to
conduct an adequate search for the documents that were requested.
A person whose request was granted in part and denied in part may
appeal the part that was denied. If an agency has agreed to disclose
some but not all requested documents, the filing of an appeal does not
affect the release of the documents that are disclosable. There is no
risk to the requester in filing an appeal.
The appeal to the head of the agency is a simple administrative
appeal. A lawyer can be helpful, but no one needs a lawyer to file an
appeal. Anyone who can write a letter can file an appeal. Appeals to
the head of the agency often result in the disclosure of some records
that had been withheld. A requester who is not convinced that the
agency's initial decision is correct should appeal. There is no charge
for filing an administrative appeal.
An appeal is filed by sending a letter to the head of the agency.
The letter must identify the FOIA request that is being appealed. The
envelope containing the letter of appeal should be marked in the lower
left hand corner with the words "Freedom of Information Act Appeal."
Agency FOIA regulations will normally describe the appeal procedures
and requirements with more specificity. At some agencies, decisions on
FOIA appeals have been delegated to other agency officials. Requesters
who have an opportunity to review agency regulations in the Code of
Federal Regulations (available in many libraries) may be able to speed
up the processing of the appeal. However, following the simple
procedures described in this Guide will be sufficient to maintain a
proper appeal.
Many agencies assign a number to all FOIA requests that are
received. The number should be included in the appeal letter, along
with the name and address of the requester. It is a common practice to
include a copy of the agency's initial decision letter as part of the
appeal, but this is not required. It can also be helpful for the
requester to include a telephone number in the appeal letter.
An appeal will normally include the requesters arguments supporting
disclosure of the documents. A requester may include any facts or any
arguments supporting the case for reversing the initial decision.
However, an appeal letter does not have to contain any arguments at
all. It is sufficient to state that the agency's initial decision is
being appealed. Appendix 1 includes a sample appeal letter.
The FOIA does not set a time limit for filing an administrative
appeal of an FOIA denial. However, it is good practice to file an
appeal promptly. Some agency regulations establish a time limit for
filing an administrative appeal. A requester whose appeal is rejected
by an agency because it is too late may refile the original FOIA
request and start the process again.
A requester who delays filing an appeal runs the risk that the
documents could be destroyed. However, as long as an agency is
considering a request or an appeal, the agency must preserve the
documents.
An agency is required to make a decision on an appeal within twenty
days (excluding Saturdays, Sundays, and federal holidays). It is
possible for an agency to extend the time limits by an additional ten
days. Once the time period has elapsed, a requester may consider that
the appeal has been denied and may proceed with a judicial appeal.
However, unless there is an urgent need for records, this may not be
the best course of action. The courts are not sympathetic to appeals
based solely on an agency's failure to comply with the FOIA?s time
limits.
I. Filing a Judicial Appeal
When an administrative appeal is denied, a requester has the right
to appeal the denial in court. An FOIA appeal can be filed in the
United States District Court in the district where the requester lives.
The requester can also file suit in the district where the documents
are located or in the District of Columbia. When a requester goes to
court, the burden of justifying the withholding of documents is on the
government. This is a distinct advantage for the requester.
Requesters are sometimes successful when they go to court, but the
results vary considerably. Some requesters who file judicial appeals
find that an agency will disclose some documents previously withheld
rather than fight about disclosure in court. This does not always
happen, and there is no guarantee that the filing of a judicial appeal
will result in any additional disclosure.
Most requesters require the assistance of an attorney to file a
judicial appeal. A person who files a lawsuit and substantially
prevails may be awarded reasonable attorney fees and litigation costs
reasonably incurred. Some requesters may be able to handle their own
appeal without an attorney. Since this is not a litigation guide,
details of the judicial appeal process have not been included. Anyone
considering filing an appeal can begin by reading the provisions of the
FOIA on judicial review.
More information on judicial review under the FOIA and Privacy Act
can be found in Adler, Litigation Under the Federal Freedom of
Information Act and Privacy Act (American Civil Liberties Union
Foundation) (published annually).
VII. The Privacy Act of 1974
A. The Scope of the Privacy Act of 1974
The Privacy Act of 1974 provides safeguards against an invasion of
privacy through the misuse of records by federal agencies. In
general, the Act allows a citizen to learn how records are collected,
maintained, used, and disseminated by the federal government. The Act
also permits an individual to gain access to most personal information
maintained by federal agencies and to seek amendment of any incorrect
or incomplete information.
The Privacy Act applies to personal information maintained by
agencies in the executive branch of the federal government. The
executive branch includes cabinet departments, military departments,
government corporations, government controlled corporations,
independent regulatory agencies, and other establishments in the
executive branch. Agencies subject to the Freedom of Information Act
(FOIA) are also subject to the Privacy Act. The Privacy Act does
not generally apply to records maintained by state and local
governments or private companies or organizations. The Privacy Act
applies to some records that are not maintained by an agency.
Subsection (m) of the Act provides that, when an agency provides by
contract for the operation of a system of records on its behalf, the
requirements of the Privacy Act apply to those records. As a result,
some records maintained outside of a federal agency are subject to the
Privacy Act. Descriptions of these systems are published in the
Federal Register. However, most records maintained outside of federal
agencies are not subject to the Privacy Act.
The Privacy Act only grants rights to United States citizens and
to aliens lawfully admitted for permanent residence. As a result, a
foreign national cannot use the Acts provisions. However, a foreigner
may use the FOIA to request records about himself or herself.
In general, the only records subject to the Privacy Act are
records that are maintained in a system of records. The idea of a
"system of records" is unique to the Privacy Act and requires
explanation.
The Act defines a "record" to include most personal information
maintained by an agency about an individual. A record contains
individually identifiable information, including but not limited to
information about education, financial transactions, medical history,
criminal history, or employment history. A "system of records" is a
group of records from which information is actually retrieved by name,
social security number, or other identifying symbol assigned to an
individual.
Some personal information is not kept in a system of records. This
information is not subject to the provisions of the Privacy Act,
although access may be requested under the FOIA. Most personal
information in government files is subject to the Privacy Act.
The Privacy Act also establishes general records management
requirements for federal agencies. In summary, there are five basic
requirements that are most relevant to individuals.
First, each agency must establish procedures allowing individuals to
see and copy records about themselves. An individual may also seek to
amend any information that is not accurate, relevant, timely, or
complete. The rights to inspect and to correct records are the most
important provisions of the Privacy Act. This guide explains in more
detail how an individual can exercise these rights.
Second, each agency must publish notices describing all systems of
records. The notices include a complete description of personal-data
record keeping policies, practices, and systems. This requirement
prevents the maintenance of secret record systems.
Third, each agency must make reasonable efforts to maintain
accurate, relevant, timely, and complete records about individuals.
Agencies are prohibited from maintaining information about how
individuals exercise rights guaranteed by the First Amendment to the
U.S. Constitution unless maintenance of the information is specifically
authorized by statute or relates to an authorized law enforcement
activity.
Fourth, the Act establishes rules governing the use and disclosure
of personal information. The Act specifies that information collected
for one purpose may not be used for another purpose without notice to
or the consent of the subject of the record. The Act also requires that
each agency keep a record of some disclosures of personal information.
Fifth, the Act provides legal remedies that permit an individual to
seek enforcement of the rights granted under the Act. In addition,
federal employees who fail to comply with the Acts provisions may be
subjected to criminal penalties.
B. The Computer Matching and Privacy Protection Act
The Computer Matching and Privacy Protection Act of 1988 (Public
Law 100-503) amended the Privacy Act by adding new provisions
regulating the use of computer matching. Records used during the
conduct of a matching program are subject to an additional set of
requirements.
Computer matching is the computerized comparison of information
about individuals for the purpose of determining eligibility for
federal benefit programs. A matching program can be subject to the
requirements of the Computer Matching Act if records from a Privacy
Act system of records are used during the program. If federal Privacy
Act records are matched against state or local records, then the state
or local matching program can be subject to the new matching
requirements.
In general, matching programs involving federal records must be
conducted under a matching agreement between the source and recipient
agencies. The matching agreement describes the purpose and procedures
of the matching and establishes protections for matching records. The
agreement is subject to review and approval by a Data Integrity Board.
Each federal agency involved in a matching activity must establish a
Data Integrity Board.
For an individual seeking access to or correction of records, the
computer matching legislation provides no special access rights. If
matching records are federal records, then the access and correction
provisions of the Privacy Act apply. There is no general right of
access or correction for matching records of state and local agencies.
It is possible that rights are available under state or local laws.
There is, however, a requirement that an individual be notified of
agency findings prior to the taking of any adverse action as a result
of a computer matching program. An individual must also be given an
opportunity to contest such findings. The notice and
opportunity-to-contest provisions apply to matching records whether the
matching was done by the federal government or by a state or local
government. Section 7201 of Public Law 101-508 modified the due process
notice requirement to permit the use of statutory or regulatory notice
periods.
The matching provisions also require that any agency federal or
non-federal involved in computer matching must independently verify
information used to take adverse action against an individual. This
requirement was included in order to protect individuals from arbitrary
or unjustified denials of benefits. Independent verification includes
independent investigation and confirmation of information. Public Law
101-508 also modified the independent verification requirement in
circumstances in which it was unnecessary.
Most of the provisions of the Computer Matching and Privacy
Protection Act of 1988 were originally scheduled to become effective in
July 1989. Public Law 101-56 delayed the effective date for most
matching programs until January 1, 1990.
C. Locating Records
There is no central index of federal government records about
individuals. An individual who wants to inspect records about himself
or herself must first identify which agency has the records. Often,
this will not be difficult. For example, an individual who was employed
by the federal government knows that the employing agency or the Office
of Personnel Management maintains personnel files.
Similarly, an individual who receives veterans benefits will
normally find relevant records at the Department of Veterans Affairs or
at the Defense Department. Tax records are maintained by the Internal
Revenue Service, social security records by the Social Security
Administration, passport records by the State Department, etc.
For those who are uncertain about which agency has the records that
are needed, there are several sources of information. First, an
individual can ask an agency that might maintain the records. If that
agency does not have the records, it may be able to identify the proper
agency.
Second, a government directory such as the United States Government
Manual 22 contains a complete list of all federal agencies, a
description of agency functions, and the address of the agency and its
field offices. An agency responsible for operating a program normally
maintains the records related to that program. The United States
Government Manual is sold by the Superintendent of Documents of the
U.S. Government Printing Office. Virtually every public library should
have a copy.
Third, a Federal Information Center can help to identify government
agencies, their functions, and their records. These Centers, which are
operated by the General Services Administration, serve as
clearinghouses for information about the federal government. There are
Federal Information Centers throughout the country.
Fourth, every two years, the Office of the Federal Register
publishes a compilation of system of records notices for all agencies.
These notices contain a complete description of each record system
maintained by each agency. The compilation which is published in five
large volumes is the most complete reference for information about
federal agency personal information practices. The information that
appears in the compilation also appears sometimes in the Federal
Register. Each system notice contains the name of the system; its
location; the categories of individuals covered by the system; the
categories of records in the system; the legal authority for
maintenance of the system; the routine disclosures that may be made for
records in the system; the policies and practices of storing,
retrieving, accessing, retaining, and disposing of records; the name
and address of the manager of the system; procedures for requesting
access to the records; procedures for requesting correction or
amendment of the records; the source of the information in the system;
and a description of any disclosure exemptions that may be applied to
the records in the system. Agencies are required to publish in the
Federal Register a description of each system of records when the
system is established or amended. In the past, agencies were required
to publish an annual compilation in the Federal Register, but that
requirement was eliminated in 1982. As a result, for most agencies it
will be difficult to find a complete list of all systems of records in
the Federal Register. Some agencies do, however, reprint all system
notices from time to time. An agency's Privacy Act officer may be
able to provide more information about the agency's publication
practices.
The compilation formally called Privacy Act Issuances may be
difficult to find and hard to use. It does not contain a comprehensive
index. Copies will be available in some federal depository libraries
and possibly in other libraries as well. Although the compilation is
the best single source of detailed information about personal records
maintained by federal agencies, it is not necessary to consult the
compilation before making a Privacy Act request. A requester is not
required to identify the specific system of records that contains the
information being sought. It is sufficient to identify the agency that
has the records. Using information provided by the requester, the
agency will determine which system of records has the files that have
been requested.
Those who request records under the Privacy Act can help the
agency by identifying the type of records being sought. Large agencies
maintain hundreds of different record systems. A request can be
processed faster if the requester tells the agency that he or she was
employed by the agency, was the recipient of benefits under an agency
program, or had other specific contacts with the agency.
D. Making a Privacy Act Request for Access
The fastest way to make a Privacy Act request is to identify the
specific system of records. The request can be addressed to the system
manager. Few people do this. Instead, most people address their
requests to the head of the agency that has the records or to the
agency's Privacy Act Officer. The envelope containing the written
request should be marked " Privacy Act Request" in the bottom
left-hand corner. All agencies have Privacy Act regulations that
describe the request process in greater detail. Large agencies may have
several components, each of which has its own Privacy Act rules.
Requesters who can find agency Privacy Act regulations in the Code of
Federal Regulations (available in many libraries) might read these
regulations before making a request. A requester who follows the
agency's specific procedures may receive a faster response. However,
the simple procedures suggested in this guide are adequate to meet the
minimum statutory requirements for a Privacy Act request.
There are three basic elements to a request for records under the
Privacy Act. First, the letter should state that the request is being
made under the Privacy Act. Second, the letter should include the
name, address, and signature of the requester. Third, the request
should describe the records as specifically as possible. Appendix 1
includes a sample Privacy Act request letter.
It is a common practice for an individual seeking records about
himself or herself to make the request under both the Privacy Act of
1974 and the Freedom of Information Act. See the discussion in the
front of this guide about which act to use.
A requester can describe the records by identifying a specific
system of records, by describing his or her contacts with an agency, or
by simply asking for all records about himself or herself. The broader
and less specific a request is, the longer it may take for an agency to
respond.
It is a good practice for a requester to describe the type of
records that he or she expects to find. For example, an individual
seeking a copy of his service record in the Army should state that he
was in the Army and include the approximate dates of service. This will
help the Defense Department narrow its search to record systems that
are likely to contain the information being sought. An individual
seeking records from the Federal Bureau of Investigation may ask that
files in specific field offices be searched in addition to the FBI's
central office files. The FBI does not routinely search field office
records without a specific request.
An agency will generally require a requester to provide some proof
of identity before records will be disclosed. Agencies may have
different requirements. Some agencies will accept a signature; others
may require a notarized signature. If an individual goes to the agency
to inspect records, standard personal identification may be acceptable.
More stringent requirements may apply if the records being sought are
especially sensitive.
An agency will inform requesters of any special identification
requirements. Requesters who need records quickly should first consult
agency regulations or talk to the agency's Privacy Act Officer to
find out how to provide adequate identification.
An individual who visits an agency office to inspect a Privacy Act
record may bring along a friend or relative to review the record. When
a requester brings another person, the agency may ask the requester to
sign a written statement authorizing discussion of the record in the
presence of that person.
It is a crime to knowingly and willfully request or obtain records
under the
Privacy Act under false pretenses. A request for access under the
Privacy Act can only be made by the subject of the record. An
individual cannot make a request under the Privacy Act for a record
about another person. The only exception is for a parent or legal
guardian who can request records for a minor or a person who has been
declared incompetent.
E. Fees
Under the Privacy Act, fees can only be charged for the cost of
copying records. No fees may be charged for the time it takes to search
for records or for the time it takes to review the records to determine
if any exemptions apply. This is a major difference from the FOIA.
Under the FOIA, fees can sometimes be charged to recover search costs
and review costs. The different fee structure in the two laws is one
reason many requesters seeking records about themselves cite both laws.
This minimizes allowable fees. An individual seeking records about
himself or herself under the FOIA should not be charged review charges.
The only charges applicable under the FOIA are search and copy charges.
Many agencies will not charge fees for making a copy of a Privacy
Act file, especially when the file is small. If paying the copying
charges is a problem, the requester should explain in the request
letter. An agency can waive fees under the Privacy Act.
F. Requirements for agency responses
Unlike the FOIA, there is no fixed time when an agency must respond
to a request for access to records under the Privacy Act. It is good
practice for an agency to acknowledge receipt of a Privacy Act
request within ten days and to provide the requested records within
thirty days.
At many agencies, FOIA and Privacy Act requests are processed by
the same personnel. When there is a backlog of requests, it takes
longer to receive a response. As a practical matter, there is little
that a requester can do when an agency response is delayed. Requesters
should be patient.
Agencies generally process requests in the order in which they were
received. Some agencies will expedite the processing of urgent
requests. Anyone with a pressing need for records should consult with
the agency Privacy Act officer about how to ask for expedited
treatment of requests.
G. Reasons access may be denied under the Privacy Act
Not all records about an individual must be disclosed under the
Privacy Act. Some records may be withheld to protect important
government interests such as national security or law enforcement.
The Privacy Act exemptions are different than the exemptions of
the FOIA. Under the FOIA, any record may be withheld from disclosure if
it contains exempt information when a request is received. The decision
to apply an FOIA exemption is made only after a request has been made.
In contrast, Privacy Act exemptions apply not to a record but to a
system of records. Before an agency can apply a Privacy Act
exemption, the agency must first issue a regulation stating that there
may be exempt records in that system of records.
Without reviewing system notices or agency regulations, it is hard
to tell whether particular Privacy Act records are exempt from
disclosure. However, it is a safe assumption that any system of
records that qualifies for an exemption has been exempted by the
agency.
Since most record systems are not exempt, the exemptions are not
relevant to most requests. Also, agencies do not always rely upon
available Privacy Act exemptions unless there is a specific reason to
do so. Thus, some records that could be withheld will nevertheless be
disclosed upon request.
Because Privacy Act exemptions are complex and used infrequently,
most requesters need not worry about them. The exemptions are discussed
here for those interested in the Acts details and for reference when an
agency withholds records. Anyone needing more information about the
Privacy Acts exemptions can begin by reading the relevant sections of
the Act. The complete text of the Act is reprinted in an appendix to
this guide. In 1975, the Office of Management and Budget issued
guidance to federal agencies on the Privacy Act of 1974. Those
guidelines are a good source of commentary and explanation for many of
the provisions of the Act. The OMB guidelines can be found at 40
Federal Register 28948 (July 9, 1975).
The Privacy Acts exemptions differ from those of the FOIA in
another important way. The FOIA is mostly a disclosure law. Information
exempt under the FOIA is exempt from disclosure only. The Privacy
Act, however, imposes many separate requirements on personal records.
Some systems of records are exempt from the disclosure requirements,
but no system is exempt from all Privacy Act requirements.
For example, no system of records is ever exempt from the
requirement that a description of the system be published. No system of
records can be exempted from the limitations on disclosure of the
records outside of the agency. No system is exempt from the requirement
to maintain an accounting for disclosures. No system is exempt from the
restriction against the maintenance of unauthorized information on the
exercise of First Amendment rights. All systems are subject to the
requirement that reasonable efforts be taken to assure that records
disclosed outside the agency be accurate, complete, timely, and
relevant. Each agency must maintain proper administrative controls and
security for all systems. Finally, the Privacy Acts criminal
penalties remain fully applicable to each system of records.
1. General Exemptions
There are two general exemptions under the Privacy Act. The first
applies to all records maintained by the Central Intelligence Agency.
The second applies to selected records maintained by an agency or
component whose principal function is any activity pertaining to
criminal law enforcement. Records of criminal law enforcement agencies
can be exempt under the Privacy Act if the records consist of (A)
information compiled to identify individual criminal offenders and
which consists only of identifying data and notations of arrests, the
nature and disposition of criminal charges, sentencing, confinement,
release, and parole and probation status; (B) criminal investigatory
records associated with an identifiable individual; or (C) reports
identifiable to a particular individual compiled at any stage from
arrest through release from supervision.
Systems of records subject to the general exemptions may be exempted
from many of the Privacy Acts requirements. Exemption from the Acts
access and correction provisions is the most important. An individual
has no right under the Privacy Act to ask for a copy of or to seek
correction of a record subject to the general exemptions.
In practice, these exemptions are not as expansive as they sound.
Most agencies that have exempt records will accept and process Privacy
Act requests. The records will be reviewed on a case-by-case basis.
Agencies will often disclose any information that does not require
protection. Agencies also tend to follow a similar policy for requests
for correction.
Individuals interested in obtaining records from the Central
Intelligence Agency or from law enforcement agencies should not be
discouraged from making requests for access. Even if the Privacy Act
access exemption is applied, portions of the record may still be
disclosable under the FOIA. This is a primary reason individuals
should cite both the Privacy Act and the FOIA when requesting
records.
The general exemption from access does prevent requesters from
filing a lawsuit under the Privacy Act when access is denied. The
right to sue under the FOIA is not changed because of a Privacy Act
exemption.
2. Specific Exemptions
There are seven specific Privacy Act exemptions that can be
applied to systems of records. Records subject to these exemptions are
not exempt from as many of the Acts requirements as are the records
subject to the general exemptions. However, records exempt under the
specific exemptions are likely to be exempt from the Privacy Acts
access and correction provisions. Nevertheless, since the access and
correction exemptions are not always applied when available, those
seeking records should not be discouraged from making a request. Also,
the FOIA can be used to seek access to records exempt under the Privacy
Act.
The first specific exemption covers record systems containing
information properly classified in the interest of national defense or
foreign policy. Classified information is also exempt from disclosure
under the FOIA and will normally be unavailable under either the FOIA
and Privacy Acts.
The second specific exemption applies to systems of records
containing investigatory material compiled for law enforcement purposes
other than material covered by the general law enforcement exemption.
The specific law enforcement exemption is limited when as a result of
the maintenance of the records an individual is denied any right,
privilege, or benefit to which he or she would be entitled by federal
law or for which he or she would otherwise be entitled. In such a case,
disclosure is required except where disclosure would reveal the
identity of a confidential source who furnished information to the
government under an express promise that the identity of the source
would be held in confidence. If the information was collected from a
confidential source before the effective date of the Privacy Act
(September 27, 1975), an implied promise of confidentiality is
sufficient to permit withholding of the identity of the source. This
distinction between express and implied promises of confidentiality is
repeated throughout the specific exemptions of the Privacy Act.
The third specific exemption applies to systems of records
maintained in connection with providing protective services to the
President of the United States or other individuals who receive
protection from the Secret Service.
The fourth specific exemption applies to systems of records required
by statute to be maintained and used solely as statistical records.
The fifth specific exemption covers investigatory material compiled
solely to determine suitability, eligibility, or qualifications for
federal civilian employment, military service, federal contracts, or
access to classified information. However, this exemption applies only
to the extent that disclosure of information would reveal the identity
of a confidential source who provided the information under a promise
of confidentiality.
The sixth specific exemption applies to systems of records that
contain testing or examination material used solely to determine
individual qualifications for appointment or promotion in federal
service, but only when disclosure would compromise the objectivity or
fairness of the testing or examination process. Effectively, this
exemption permits withholding of questions used in employment tests.
The seventh specific exemption covers evaluation material used to
determine potential for promotion in the armed services. The material
is only exempt to the extent that disclosure would reveal the identity
of a confidential source who provided the information under a promise
of confidentiality.
3. Medical Records
Medical records maintained by federal agencies for example, records
at Veterans Administration hospitals are not formally exempt from the
Privacy Acts access provisions. However, the Privacy Act authorizes a
special procedure for medical records that operates, at least in part,
like an exemption.
Agencies may deny individuals direct access to medical records,
including psychological records, if the agency deems it necessary. An
agency normally reviews medical records requested by an individual. If
the agency determines that direct disclosure is unwise, it can arrange
for disclosure to a physician selected by the individual or possibly to
another person chosen by the individual.
4. Litigation Records
The Privacy Acts access provisions include a general limitation on
access to litigation records. The Act does not require an agency to
disclose to an individual any information compiled in reasonable
anticipation of a civil action or proceeding. This limitation operates
like an exemption, although there is no requirement that the exemption
be applied by regulation to a system of records before it can be used.
H. Administrative appeal procedures for denial of access
Unlike the FOIA, the Privacy Act does not provide for an
administrative appeal of the denial of access. However, many agencies
have established procedures that will allow Privacy Act requesters to
appeal a denial of access without going to court. An administrative
appeal is often allowed under the Privacy Act, even though it is not
required, because many individuals cite both the FOIA and Privacy Act
when making a request. The FOIA provides specifically for an
administrative appeal, and agencies are required to consider an appeal
under the FOIA.
When a Privacy Act request for access is denied, agencies usually
inform the requester of any appeal rights that are available. If no
information on appeal rights is included in the denial letter, the
requester should ask the Privacy Act Officer. Unless an agency has
established an alternative procedure, it is possible that an appeal
filed directly with the head of the agency will be considered by the
agency.
When a request for access is denied under the Privacy Act, the
agency explains the reason for the denial. The explanation must name
the system of records and explain which exemption is applicable to the
system. An appeal may be made on the basis that the record is not
exempt, that the system of records has not been properly exempted, or
that the record is exempt but no harm to an important interest will
result if the record is disclosed.
There are three basic elements to a Privacy Act appeal letter.
First, the letter should state that the appeal is being made under the
Privacy Act of 1974. If the FOIA was cited when the request for access
was made, the letter should state that the appeal is also being made
under the FOIA. This is important because the FOIA grants requesters
statutory appeal rights.
Second, a Privacy Act appeal letter should identify the denial
that is being appealed and the records that were withheld. The appeal
letter should also explain why the denial of access was improper or
unnecessary.
Third, the appeal should include the requesters name and address. It
is a good practice for a requester to also include a telephone number
when making an appeal.
Appendix 1 includes a sample letter of appeal.
I. Amending records under the privacy act
The Privacy Act grants an important right in addition to the
ability to inspect records. The Act permits an individual to request a
correction of a record that is not accurate, relevant, timely, or
complete. This remedy allows an individual to correct errors and to
prevent incorrect information from being disseminated by the agency or
used unfairly against the individual.
The right to seek a correction extends only to records subject to
the Privacy Act. Also, an individual can only correct errors contained
in a record that pertains to himself or herself. Records disclosed
under the FOIA cannot be amended through the Privacy Act unless the
records are also subject to the Privacy Act. Records about unrelated
events or about other people cannot be amended unless the records are
in a Privacy Act file maintained under the name of the individual who
is seeking to make the correction.
A request to amend a record should be in writing. Agency regulations
explain the procedure in greater detail, but the process is not
complicated. A letter requesting an amendment of a record will normally
be addressed to the Privacy Act officer of the agency or to the agency
official responsible for the maintenance of the record system
containing the erroneous information. The envelope containing the
request should be marked " Privacy Act Amendment Request" on the lower
left corner.
There are five basic elements to a request for amending a Privacy
Act record.
First, the letter should state that it is a request to amend a
record under the Privacy Act of 1974.
Second, the request should identify the specific record and the
specific information in the record for which an amendment is being
sought.
Third, the request should state why the information is not accurate,
relevant, timely, or complete. Supporting evidence may be included with
the request.
Fourth, the request should state what new or additional information,
if any, should be included in place of the erroneous information.
Evidence of the validity of the new or additional information should be
included. If the information in the file is wrong and needs to be
removed rather than supplemented or corrected, the request should make
this clear.
Fifth, the request should include the name and address of the
requester. It is a good idea for a requester to include a telephone
number.
Appendix 1 includes a sample letter requesting amendment of a
Privacy Act record.
J. Appeals and Requirements For Agency Responses
An agency that receives a request for amendment under the Privacy
Act must acknowledge receipt of the request within ten days (not
including Saturdays, Sundays, and legal holidays). The agency must
promptly rule on the request.
The agency may make the amendment requested. If so, the agency must
notify any person or agency to which the record had previously been
disclosed of the correction.
If the agency refuses to make the change requested, the agency must
inform the requester of: (1) the agency's refusal to amend the record;
(2) the reason for refusing to amend the request; and (3) the
procedures for requesting a review of the denial. The agency must
provide the name and business address of the official responsible for
conducting the review.
An agency must decide an appeal of a denial of a request for
amendment within thirty days (excluding Saturdays, Sundays, and legal
holidays), unless the time period is extended by the agency for good
cause. If the appeal is granted, the record will be corrected.
If the appeal is denied, the agency must inform the requester of the
right to judicial review. In addition, a requester whose appeal has
been denied also has the right to place in the agency file a concise
statement of disagreement with the information that was the subject of
the request for amendment.
When a statement of disagreement has been filed and an agency is
disclosing the disputed information, the agency must mark the
information and provide copies of the statement of disagreement. The
agency may also include a concise statement of its reasons for not
making the requested amendments. The agency must also give a copy of
the statement of disagreement to any person or agency to whom the
record had previously been disclosed.
K. Filing a Judicial Appeal
The Privacy Act provides a civil remedy whenever an agency denies
access to a record or refuses to amend a record. An individual may sue
an agency if the agency fails to maintain records with accuracy,
relevance, timeliness, and completeness as is necessary to assure
fairness in any agency determination and the agency makes a
determination that is adverse to the individual. An individual may also
sue an agency if the agency fails to comply with any other
Privacy Act provision in a manner that has an adverse effect on the
individual.
The Privacy Act protects a wide range of rights about personal
records maintained by federal agencies. The most important are the
right to inspect records and the right to seek correction of records.
Other rights have also been mentioned here, and still others can be
found in the text of the Act. Most of these rights can become the
subject of litigation.
An individual may file a lawsuit against an agency in the federal
district court in which the individual lives, in which the records are
situated, or in the District of Columbia. A lawsuit must be filed
within two years from the date on which the basis for the lawsuit
arose.
Most individuals require the assistance of an attorney to file a
judicial appeal. An individual who files a lawsuit and substantially
prevails may be awarded reasonable attorney fees and litigation costs
reasonably incurred. Some requesters may be able to handle their own
appeal without an attorney. Since this is not a litigation guide,
details about the judicial appeal process have not been included.
Anyone considering filing an appeal can begin by reviewing the
provisions of the Privacy Act on civil remedies. See note 20.