Browse Definitions :
Definition

Freedom of Information Act

The Freedom of Information Act (FOIA) is a United States federal law that grants the public access to information possessed by government agencies. Upon written request, U.S. government agencies are required to release information unless it falls under one of nine exemptions listed in the Act. All Executive Branch departments, agencies and offices, federal regulatory agencies and federal corporations are subject to the Freedom of Information Act. However, it does not apply to Congress, federal courts and parts of the Executive Office of the President that serve only to advise and assist the President. The law is enforceable in a court of law.

Anyone can request information, including U.S. citizens, foreign nationals, organizations, associations and universities, and all agency records that were created or obtained by a federal agency can be requested. This includes print documents, photographs, videos, maps, e-mail, and electronic records.  In addition to releasing information upon written request, agencies are required to publish instructions on how to make a FOIA request and automatically publish certain information in online 'reading rooms.' This information includes records that affect the public, such as regulations, policy statements and staff instructions, as well as information that is or is likely to be frequently requested by the public.

While any information can be requested, government agencies can withhold information that it determines falls under one of nine categories that is exempt under FOI. These categories, as outlined by the Electronic Frontier Foundation, are as follows:

  • Classified information that would damage national security
  • Internal information involving personnel rules and agency practices
  • Material specifically shielded from disclosure by another law
  • Confidential commercial or financial data, like trade secrets
  • Records that would be privileged in litigation
  • Information that would invade someone’s privacy
  • Law enforcement records
  • Information related to government regulation of financial institutions
  • Certain geological/geographical data

These exemptions are intended to protect sensitive information, but agencies have been accused of using the Act’s vague language to withhold information. There is also concern that sensitive information given to government agencies by corporations or individuals will be disclosed without first notifying the corporation or individual. (For example, a credit bureau may request sensitive information pertaining to individuals.) Because FOIA is not a “line-item” appropriation, agencies are responsible for funding their FOIA offices out of their general operating funds. This means funds can be diverted away from the information office when they are needed elsewhere. Some agencies that have a backlog of FOIA requests blame the lack of resources for the long wait times.

If a requester feels that a request has been tampered with or delayed, he/she can file a lawsuit. If the requester receives a favorable judgment from the court, then attorney fees can be recouped. However, if the agency in question decides to hand over information before the judge announces a ruling, then the attorney fees cannot be recouped. Moreover, any denial with a “sound legal basis” is defended in court by the Department of Justice as instructed in a 2001 memo by former Attorney General John Ashcroft.

See also: Open Government Directive, Government Information Awareness

Learn more:

The National Security Archive has information on making and tracking FOIA requests

This was last updated in June 2010

SearchCompliance

  • information governance

    Information governance is a holistic approach to managing corporate information by implementing processes, roles, controls and ...

  • enterprise document management (EDM)

    Enterprise document management (EDM) is a strategy for overseeing an organization's paper and electronic documents so they can be...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • PKI (public key infrastructure)

    PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange ...

  • obfuscation

    Obfuscation means to make something difficult to understand.

  • dumpster diving

    Dumpster diving is looking for treasure in someone else's trash.

SearchHealthIT

SearchDisasterRecovery

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

SearchStorage

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

  • cloud testing

    Cloud testing is the process of using the cloud computing resources of a third-party service provider to test software ...

  • storage virtualization

    Storage virtualization is the pooling of physical storage from multiple storage devices into what appears to be a single storage ...

Close