Browse Definitions :
Definition

Freedom of Information Act

The Freedom of Information Act (FOIA) is a United States federal law that grants the public access to information possessed by government agencies. Upon written request, U.S. government agencies are required to release information unless it falls under one of nine exemptions listed in the Act. All Executive Branch departments, agencies and offices, federal regulatory agencies and federal corporations are subject to the Freedom of Information Act. However, it does not apply to Congress, federal courts and parts of the Executive Office of the President that serve only to advise and assist the President. The law is enforceable in a court of law.

Anyone can request information, including U.S. citizens, foreign nationals, organizations, associations and universities, and all agency records that were created or obtained by a federal agency can be requested. This includes print documents, photographs, videos, maps, e-mail, and electronic records.  In addition to releasing information upon written request, agencies are required to publish instructions on how to make a FOIA request and automatically publish certain information in online 'reading rooms.' This information includes records that affect the public, such as regulations, policy statements and staff instructions, as well as information that is or is likely to be frequently requested by the public.

While any information can be requested, government agencies can withhold information that it determines falls under one of nine categories that is exempt under FOI. These categories, as outlined by the Electronic Frontier Foundation, are as follows:

  • Classified information that would damage national security
  • Internal information involving personnel rules and agency practices
  • Material specifically shielded from disclosure by another law
  • Confidential commercial or financial data, like trade secrets
  • Records that would be privileged in litigation
  • Information that would invade someone’s privacy
  • Law enforcement records
  • Information related to government regulation of financial institutions
  • Certain geological/geographical data

These exemptions are intended to protect sensitive information, but agencies have been accused of using the Act’s vague language to withhold information. There is also concern that sensitive information given to government agencies by corporations or individuals will be disclosed without first notifying the corporation or individual. (For example, a credit bureau may request sensitive information pertaining to individuals.) Because FOIA is not a “line-item” appropriation, agencies are responsible for funding their FOIA offices out of their general operating funds. This means funds can be diverted away from the information office when they are needed elsewhere. Some agencies that have a backlog of FOIA requests blame the lack of resources for the long wait times.

If a requester feels that a request has been tampered with or delayed, he/she can file a lawsuit. If the requester receives a favorable judgment from the court, then attorney fees can be recouped. However, if the agency in question decides to hand over information before the judge announces a ruling, then the attorney fees cannot be recouped. Moreover, any denial with a “sound legal basis” is defended in court by the Department of Justice as instructed in a 2001 memo by former Attorney General John Ashcroft.

See also: Open Government Directive, Government Information Awareness

Learn more:

The National Security Archive has information on making and tracking FOIA requests

This was last updated in June 2010
SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • shadow password file

    A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is ...

  • browser hijacker (browser hijacking)

    A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user ...

  • Kerberos

    Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the ...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • bare-metal restore

    A bare-metal restore (also referred to as bare-metal recovery or bare-metal backup) is a data recovery and restoration process ...

  • mSATA SSD (mSATA solid-state drive)

    An mSATA SSD is a solid-state drive (SSD) that conforms to the mSATA interface specification developed by the Serial ATA (SATA) ...

  • network-attached storage (NAS)

    Network-attached storage (NAS) is dedicated file storage that enables multiple users and heterogeneous client devices to retrieve...

Close