Congress created the Freedom of Information Act (FOIA), 5 U.S.C. § 552, to allow any person to request access to records of the executive branch agencies or entities. “Any person” includes U.S. citizens, foreign nationals, organizations, associations and universities. FOIA also requires agencies to make certain information available to the public on agency web sites.
FOIA is a disclosure statute and requires agencies to disclose records upon receiving a written request for them. This right of access is enforceable in Federal court. However, the FOIA does contain nine specific exemptions under which Federal agencies may or must withhold information. The government carries the burden of showing why information cannot be disclosed.
OGIS plays a unique role within the Federal FOIA landscape, complementing other offices and agency professionals. We work across all Federal departments and agencies to provide an alternative to litigation in resolving FOIA disputes. We work alongside the Department of Justice’s (DOJ's) Office of Information Policy (OIP), which provides policy guidance on FOIA matters on behalf of the U.S. Attorney General. Through these roles and functions we support the President’s Open Government Initiative.
For more detailed information about FOIA, see the Department of Justice Guide to the Freedom of Information Act.
There are nine exemptions to the Freedom of Information Act (FOIA); each of which allows agencies to withhold specific types of information to protect government and/or personal privacy interests.
Protects from disclosure information that is deemed classified "under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy" and is "in fact properly classified pursuant to such Executive order. 5 U.S.C. § 552 (b)(1).
The types of information agencies may withhold under Exemption 1, pursuant to Executive Order 13526 (Classified National Security Information), signed by President Barack Obama on December 29, 2009, are:
- Military plans, weapons systems or operations
- Foreign government information
- Intelligence activities (including covert action), intelligence sources or methods, or cryptology
- Foreign relations or foreign activities of the United States, including confidential sources
- Scientific, technological or economic matters relating to the national security
- U.S. Government programs for safeguarding nuclear materials or facilities
- Vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans or protection services relating to the national security
- The development, production or use of weapons of mass destruction
Covers records that are “related solely to the internal personnel rules and practices of an agency.” 5 U.S.C. § 552 (b)(2).
On March 7, 2011, the United States Supreme Court issued a landmark opinion pertaining to Exemption 2 that significantly narrowed the scope of this exemption. See Milner v. Department of the Navy, 131 S.Ct. 1259, 562 U.S. (2011). The Supreme Court limited the scope of Exemption 2 to encompass only records relating to issues of employee relations and human resources. Id. at 1271. The Court held that all the rules and practices covered by this exemption “share a critical feature: They concern the conditions of employment in federal agencies—such matters as hiring and firing, work rules and discipline, compensation and benefits.” Id.
Department of Justice, Office of Information Policy (OIP) Guidance, "Exemption 2 After the Supreme Court's Ruling in Milner v. Department of the Navy" (May 10, 2011)
OIP Training Slides, "Exemption 2 After the Supreme Court’s Ruling in Milner v. Department of the Navy"
Incorporates nondisclosure provisions contained in other Federal statutes. See 5 U.S.C. § 552(b)(3). Agencies invoked 150 such statutes in the year ending September 30, 2010, according to the Department of Justice (DOJ). Federal district courts, Federal appellate courts or the U.S. Supreme Court have upheld 67 Exemption 3 statutes, including two in which another Federal court found the statutes not to qualify as Exemption 3 statutes, according to DOJ. Some examples of information exempted from disclosure under Exemption 3 include:
- Financial disclosure information pertaining to certain government employees (5 U.S.C. app. § 107(a))
- Certain census data (13 U.S.C. §§ 8(b), 9(a))
- Information pertaining to the nature and location of certain archaeological resources (16 U.S.C.§ 470hh)
- Wiretap requests and the contents of any wire, oral or electronic communication obtained through wiretaps (18 U.S. C. §§ 2510-20)
- Contractor proposals possessed or controlled by a Federal agency and that have not been incorporated into contracts (41 U.S.C. § 253b(m)(1))
- Certain records pertaining to grand jury proceedings (Federal Rules of Criminal Procedure 6(e))
- Tax return information (26 U.S.C. § 6103)
OIP, "Statutes Found to Qualify under Exemption 3 of the FOIA"
Protects trade secrets and commercial or financial information that is obtained from a person and that is privileged or confidential. See 5 U.S.C. § 552(b)(4). The exemption is intended to protect the interests of both the government and individuals and companies who submit commercial or financial information to the government. Executive Order 12600 describes the government’s notification procedures when Exemption 4 applies.
OIP Guidance, "Exemption 4 after the Supreme Court's Ruling in Food Marketing Institute v. Argus Leader Media" (October 3, 2019)
OIP Guidance, "Step-by-Step Guide for Determining if Commercial or Financial Information Obtained from a Person is Confidential Under Exemption 4 of the FOIA" (Updated October 7, 2019)
Protects “inter-agency or intra-agency memorandums or letters which would not be available by law to a party other than an agency in litigation with the agency.” 5 U.S.C. § 552 (b)(5). Courts have interpreted this exemption to incorporate privileges recognized in civil discovery. Even though discovery is intended to promote the exchange of information to avoid surprises at trial, privileges allow one party in litigation not to disclose certain information to the other party. Privileges often used by the government include the deliberative process privilege (referred to by some courts as “executive privilege”), the attorney-work product privilege and the attorney-client privilege. The deliberative process privilege cannot be used to withhold records that are more than 25 years old.
OIP Training Slides, "Exemption 5 The Civil Discovery Privileges"
Protects information about individuals in “personnel and medical files and similar files” when the disclosure of such information “would constitute a clearly unwarranted invasion of personal privacy.” 5 U.S.C. § 552 (b)(6).
OIP Training Slides, "Exemptions 6 & 7(C)"
Protects from disclosure “records or information compiled for law enforcement purposes” if disclosure would cause one or more of the harms enumerated in the six sub-sections of this exemption. 5 U.S.C. § 552 (b)(7).
OIP Training Slides, "Exemption 7" (these slides cover Exemption 7 and its six subparts, A through F)
Protects from disclosure "records or information compiled for law enforcement purposes, but only to the extent that production of such law enforcement records or information ... could reasonably be expected to interfere with enforcement proceedings." 5 U.S.C. § 552(b)(7)(A)
Protects "records or information compiled for law enforcement purposes [the disclosure of which] would deprive a person of a right to a fair trial or an impartial adjudication." 5 U.S.C. § 552(b)(7)(B)
Protects law enforcement information the disclosure of which "could reasonably be expected to constitute an unwarranted invasion of personal privacy." 5 U.S.C. § 552(b)(7)(C)
OIP Training Slides, "Exemptions 6 & 7(C)"
Protects "records or information compiled for law enforcement purposes [which] could reasonably be expected to disclose the identity of a confidential source, including a state, local, or foreign agency or authority or any private institution which furnished information on a confidential basis, and, in the case of a record or information compiled by a criminal law enforcement authority in the course of a criminal investigation or by an agency conducting a lawful national security intelligence investigation, information furnished by a confidential source." 5 U.S.C. § 552(b)(7)(D).
Protects law enforcement information that "would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law."5 U.S.C. § 552(b)(7)(E).
Protects "records or information compiled for law enforcement purposes [the disclosure of which] could reasonably be expected to endanger the life or physical safety of any individual." 5 U.S.C. § 552(b)(7)(F)
Protects information “contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions.” 5 U.S.C. § 552 (b)(8)
Allows agencies to withhold “geological and geophysical information and data, including maps, concerning wells.” 5 U.S.C. § 552 (b)(9).
Agency record: Any information that would be an agency record subject to the requirements of the Freedom of Information Act (FOIA) when maintained by an agency in any format, including an electronic format.
Administrative appeal: A request to an agency asking that it review at a higher administrative level a determination it has made in the processing of a FOIA request. Determinations include full denial or partial denial of access to records under the FOIA, matters pertaining to fees, and other decisions in the processing of the FOIA request.
A request to an agency asking that it review at a higher administrative level a determination it has made in the processing of a FOIA request. Determinations include full denial or partial denial of access to records under the FOIA, matters pertaining to fees, and other decisions in the processing of the FOIA request.
Backlog: the number of requests or administrative appeals that are pending at an agency at the end of the fiscal year that are beyond the statutory time period for a response.
Chief FOIA Officer: a senior official within an agency who monitors agency compliance with FOIA, recommends adjustments to agency practices related to improving the efficiency of FOIA processes, and designates FOIA Public Liaisons within the agency.
Component: For agencies that process requests on a decentralized basis, a "component" is an entity, also sometimes referred to as an Office, Division, Bureau, Center, or Directorate, within the agency that processes FOIA requests. The FOIA requires that agencies include in their Annual FOIA Report data for both the agency overall and for each principal component of the agency.
Consent: OGIS must receive a customer’s formal consent under the Privacy Act of 1974 to discuss his or her specific FOIA request or issue with an agency so as not to violate the Privacy Act.
Consultation: the procedure whereby the agency responding to a FOIA request first forwards a record to another agency or component within the same agency for its review because that other agency has an interest in the document. Once the agency in receipt of the consultation finishes its review of the record, it responds back to the agency or component within the same agency that forwarded it. That agency, in turn, will then respond to the FOIA requester.
Dispute: When two or more parties cannot agree on an outcome. OGIS assists with resolving disputes as a neutral, independent third party by helping the parties to the dispute try to reach a mutually agreeable solution.
FOIA Public Liaison: A point of contact within each Federal agency, whose role is to assist FOIA requesters in making requests, appeals, and resolving FOIA disputes between requesters and agencies.
FOIA Electronic Reading Room: The place on an agency’s website where frequently requested records and other agency documents are posted for the public to see.
FOIA request: A written request for access to agency records pertaining to general topics of interest, including requests for access to another individual's records. The FOIA does not require that a request state that it is being made under the FOIA.
FOIA Requester Service Center: The office within each agency where requesters can go for assistance with any part of the FOIA process.
Frequently requested records: Under FOIA, any record requested three or more times is considered a “frequently requested record” and should be posted online in the agency’s FOIA Reading Room.
Multi-Track Processing: a system in which simple requests requiring relatively minimal review are placed in one processing track and more voluminous and complex requests are placed in one or more other tracks. Requests granted expedited processing are placed in yet another track. Requests in each track are processed on a first in/first out basis.
- Expedited Processing: an agency will process a FOIA request on an expedited basis when a requester satisfies the requirements for expedited processing as set forth in the statute and in agency regulations.
- Simple Request: a FOIA request that an agency using multi-track processing places in its fastest (non-expedited) track based on the low volume and/or simplicity of the records requested.
- Complex Request: a FOIA request that an agency using multi-track processing places in a slower track based on the high volume and/or complexity of the records requested.
Ombudsman: This person is typically an independent, neutral party who logs complaints, provides information and assists with resolving disputes. As the FOIA Ombudsman, OGIS provides these services in the FOIA context.
Perfected request: a request for records which reasonably describes such records and is made in accordance with published rules stating the time, place, fees (if any) and procedures to be followed.
Privacy Act request: A written request for access to a person's own records that are maintained by the Federal government (first party request). To protect personal privacy interests, most agencies require requesters seeking access to their own records to provide either a notarized statement or a statement signed under penalty of perjury stating that they are who they claim to be. Requesters may meet this requirement by completing and signing particular certification of identity or verification of identity form that is available on the agency's website or having their signatures on their request letters witnessed by a notary, or including the following statement immediately above their signatures on your request letters: "I declare under penalty of perjury that the foregoing is true and correct. Executed on [date]." Agencies require requesters to provide verification of their identity when requesting their own records helps to ensure that the government does not inappropriately disclose their private information.
Requester: Any person or organization requesting records from a Federal agency under the FOIA.
FOIA and The Privacy Act
Both FOIA and the Privacy Act of 1974 (Privacy Act) grant a right of access to Federal records. FOIA applies to all executive branch agency records and “any person” can request records under FOIA. FOIA applies to records that are either created or maintained by an agency or under the agency’s control. The Privacy Act grants individuals access to their own records that are maintained by the Federal government. Most often, but not always, requests for one’s own records are considered Privacy Act requests, or first-party requests. The Privacy Act’s access provisions apply only to U.S. citizens and lawful permanent residents. The Privacy Act applies to any item, collection or grouping of information about an individual that is maintained in a “system of records.” A Privacy Act “system of records” exists when information from this system is retrieved using an individual’s name or personal identifier (case file number, Social Security number, etc.)
Federal agencies process access requests under both FOIA and the Privacy Act to provide requesters with the greatest degree of access. When requests are processed under both laws, information may be withheld only if it is exempt under both laws – if only one of the laws declares the information exempt, it must be released.
OGIS and the Privacy Act
OGIS does not have statutory authority regarding Privacy Act requests. However, many Privacy Act requests overlap with FOIA; therefore, OGIS provides ombuds services for these types of requests. OGIS provides Privacy Act requesters with information about the status of requests and/or about the Privacy Act/FOIA process within an agency. OGIS does not have a statutory role in reviewing policies, procedures and compliance with the Privacy Act as it does with FOIA.
Additional Privacy Act Information
The Privacy Act requires the Office of Management and Budget (OMB) to develop and, prescribe guidelines and regulations for the use of agencies in implementing the Act; and provide continuing assistance to and oversight of the implementation of the Act by agencies ( 5 U.S.C. § 552a(v)). The majority of OMB guidelines for the Privacy Act can be found online, however, many areas have been supplemented through the years.
The Department of Justice’s Office of Privacy and Civil Liberties has compiled an Overview of the Privacy Act of 1974, which contains a summary of the Privacy Act as well as a discussion of its disclosure prohibition, its access and amendment provisions, and its agency recordkeeping requirements.
Amending your own records
Unlike FOIA, the Privacy Act allows for an individual to request an amendment to records that are not accurate, relevant, timely or complete. To request to amend your records, contact the Privacy Office of the agency where the records are kept. An agency has 30 working days to review a requested amendment and make a final determination. If the agency refuses to amend the record, you may submit a concise statement regarding the reasons for the disagreement that will be included in any future disclosures of the record. If an agency officially determines that it will not amend the record, you also may seek judicial review.
If there is an unlawful release of Privacy Act-protected information, both the affected individual and the agency can take action. If you believe that there has been a breach of Privacy Act-protected records, please contact the agency’s Privacy Officer to report the breach. Once the agency is aware of a breach, it must provide notice to affected individuals and possibly take additional measures such as provide credit monitoring for a specific period of time.
Generally, each agency has specific contacts to whom requesters should submit FOIA requests. The contact information on an agency’s FOIA website should include the agency’s FOIA contact’s name, mailing address, telephone and fax number, an email address, the name and contact information for the agency’s FOIA Public Liaison, and the name and contact information for the agency’s Chief FOIA Officer. Some departments have components with separate FOIA contacts to whom requesters should submit FOIA requests. The contact information for filing a request is available in the agency’s FOIA regulations, which are published in the Federal Register, and on the agency’s FOIA website. Additionally, FOIA.gov – a Department of Justice web site - also lists contacts for each agency.
FOIA provides requesters with the right to file an appeal from an agency’s denial of a request. 5 U.S.C. § 552(a)(6)(A)(i). If you receive a response to a FOIA request that results in the denial of information, either by citing an exemption to FOIA, by stating that the agency does not have any responsive records or by stating the agency cannot confirm or deny the existence of records, you may appeal that denial. An agency’s final response letter should contain information on where to send the appeal and give the time limit for filing the appeal. That information should also be available on agencies’ FOIA web pages or by calling agencies’ FOIA Service Centers. This information is agency-specific, so you will want to confirm it for the agency at issue prior to filing the appeal.
In your appeal, you should state that you are appealing the agency’s release determination and reference the agency’s FOIA request number and the date of the correspondence. You may also explain the reasons why you believe the agency’s response was improper and explain why you believe you should receive the records requested. After submitting your appeal, you should receive an acknowledgment from the agency that it has been received and you may be assigned a FOIA appeal number that is separate from your FOIA request number. You should reference that number when contacting the agency to check the status of your appeal.
The Office of Government Information Services (OGIS) is not a replacement or substitute for the FOIA administrative appeal process available to requesters. If an agency's action on your request dissatisfies you and you are at the stage in the FOIA process where you are able to file an appeal, we strongly encourage you to do so. By filing an appeal, you preserve your administrative rights and give the agency a chance to review and reconsider every part of its initial response.
The Office of Government Information Services (OGIS) is guided by the provisions of the Administrative Dispute Resolution Act of 1996 (ADRA), 5 U.S.C. §§ 571-84, including the confidentiality provision. This guidance helps to ensure that OGIS can effectively and impartially work to facilitate resolutions of FOIA disputes through alternative dispute resolution (ADR).
Confidentiality is a key to successful use of ADR. In the interest of promoting open and candid dialogue with all parties involved in a dispute, OGIS, at its discretion, may grant an express request to speak to the Office in confidence. At the same time, OGIS is committed to conducting proceedings in a manner that promotes openness and transparency. Notwithstanding the requirements of the ADRA and requirements protecting materials reflecting Office deliberations, OGIS will endeavor to make available as much information as lawfully possible.
- About FOIA
- Advisory Opinions
- Agency Best Practices: FOIA and Database Requests
- Agency Best Practices: Chart for Agencies (02/25/11)
- FOIA Ombuds Observer
- OGIS Recommendations
- Request OGIS Assistance
- Requester Best Practices: Filing a FOIA Request
- FOIA FAQs
- Training Opportunities for FOIA Professionals