Building at the Speed of Thought.

AINS specializes in innovative solutions for Enterprise Information Management (EIM) » More
Need help? » Contact Us

AINS Blog - FOIA and Case Management

Entries in FOIA (38)


Q&A Series with Fred Sadler

Frederick Sadler retired after serving 40 years with the Food and Drug Administration (FDA). As the Director of its Freedom of Information Act (FOIA) office, he was responsible for administration and implementation of FOIA and Privacy Act (PA) programs.


Question #6: Now that Exemption 5 requires that FOIA Officers establish “foreseeable harm,” what advice can you offer to help them identify the specific harm that would result from release of deliberative and pre-decisional information and documentation needed to support it?

Answer: This is a challenging responsibility for FOIA Officers and my advice is three-fold. 

  1. Seek input first

The larger an agency’s FOI program, the greater the variation in the types of records that exist, or the nature of the subjects that you deal with, so more often than not, you’ll need someone else’s input before releasing a record to the public. 

Input might be from a subject matter specialist, who can offer some input on what not to release, or it might be “insider” knowledge on the status of a program, policy, pending decision, etc.   

The bottom line, is that a FOIA officer simply can’t be expected to know the status of every data element, policy development, or program under consideration in an entire agency.   And, in a time when we’re seeing decreases in staff, and many FOI offices are being moved under managers who lack a FOIA background, the more likely it is that these new or temporary managers won’t understand this critical part of the redaction process. 

TIP #1: Make sure that your managers know that this type of communication is both time consuming and may well depend on the cooperation of the other component offices in your agency. This could take the form of making sure your performance evaluation contracts reflect a need to connect with internal contacts, and that any delays that might result from non-responses shouldn’t result in a negative evaluation.

  1. Review the requirements to meet the Foreseeable Harm Test carefully

 There are three things that have to be taken into account when you redact subject to Exemption 5:

1. You may only withhold all or part of a record “… if the agency reasonably foresees that disclosure would harm an interest protected by an exemption,” and:
2. You must “consider whether partial disclosure of information is possible” even if the entire record cannot be released; and therefore:
3. You must “…segregate and release nonexempt information,” meaning that the record you release may end up looking like Swiss cheese, which is perfectly acceptable under the statute.


If you aren’t sure whether the data meets the above criteria, don’t take an entire record to the individual whose assistance you need.  They may not have time to review an entire record, especially if it’s a voluminous record.   Rather, you should meet with your contact and ask if specific information (identifying a line, word, category of information, or whatever meets your needs) can be protected, as defined in the 3 criteria.   Then, put that in writing – if it’s not in writing, it didn’t happen. Which leads us to…   


  1. Be Meticulous about Documentation


Some agencies have created internal forms to accommodate this need, which include the advising staffer’s name, the date of your meeting, and the specific harm that would result.   Alternatively, you can prepare a memo yourself, or just email your contacts, thanking them for their time and re-stating the advice  you received.   

TIP #2: If litigation results, your documentation may be used in court as part of your agency’s defense.   Hopefully, that won’t be necessary, but if it is, then you’ll be able to demonstrate that you exercised “due diligence” and made a reasonable effort to obtain the most professional, up-to-date information, which you relied on.   

TIP #3: Confidentiality can change with time.  So, for instance, an internal deliberative and predecisional record may lose its protection over time after the agency makes a final decision, and that decision is publicly communicated. This can be a complicated issue, so you may also consider contacting the requester.  Education and outreach to the requester community can help them understand how FOI works, and what the legal requirements are.   


I would recommend against identifying your internal sources, however, if only to ensure that they don’t receive unwelcomed calls from a disgruntled requester (and we all know that some litigation results not from a FOI officer having done something incorrectly, but because a requester doesn’t like the response that they receive).



If you’re a FOIA Officer with experience establishing foreseeable harm, share it here!


Are You Ready for FOInado? Take these 4 Steps to Manage a Whirlwind of FOIA Requests.

Crises are defining moments for public agencies. How officials respond, react or retreat
leaves a trail of paper.
Every crisis, investigation or presumed activity–real or imagined–is subject to request
through the Freedom of Information Act (FOIA). We call the increase of FOIA requests after a crisis or major event a “FOInado.”
When disaster strikes or a UFO is spotted, is your organization ready for the FOInado
that follows?

Here are 4 steps your organization can take now to manage the whirlwind. 
  1. Automated case tracking can keep you out of court

What if it takes an agency a year or more to respond to the request? Don’t expect sympathy, expect a lawsuit.

During a FOInado it is easy to get overwhelmed. Want to stay out of court over your backlog? A clear, documented and automated process for case tracking is your best defense. eFOIA software, like FOIAXpress®, automates the full lifecycle of FOIA from inquiry to archive. It speeds up the process and requires less resources—freeing up your staff and budget.

Automated case tracking creates an electronic trail and follows cases digitally from review to correspondence to submission, archiving and appeals. With allinformation in one place, there is no more confusion over who has the manila file folder or where responsive records are located.

Need to get ready for court? Avoid the probe by quickly generating litigation ready reports such as a Vaughn Index for Federal Agencies

  1. eDiscovery pays for itself

So, what happens when a FOInado results in combing through an entire inbox? Technology provides a simple, cost effective solution to solving this challenge.

eDiscovery apps that integrate with eFOIA software can drive the cost down to pennies and reduce processing time by up to 80%.

Apps, like FOIAXpress® ADR, identify duplicate documents and emails to create a manageable, clean report to review. The software enables users to quickly find responsive content and apply consistent redactions with the click of a button.

The app automatically creates audit logs for accountability as well as reports and graphic models. eDiscovery tools produce faster, more accurate reviews and takes the burden off of your team.

  1. eFOIA must include document management

The worst thing that can happen during a FOInado is not being able to find the document you need. Having a centralized electronic repository for current and past artifacts is critical to managing response loads.

FOIAXpress® goes beyond tracking to include workflows, digital tools and a complete system for creating, delivering and archiving responses. This means never opening another program or shuffling papers from person to person. 

Document Management sets the bar higher. It enables users to store, search, redact and create correspondence within the system. By digitizing all documents, the software makes it easier for staff to respond now and save for later. Automated redaction ensuresconsistency throughout all documents and removes content pixel by pixel.

Moving work to the web enables teams in different locations to collaborate instantly instead of waiting for FedEx® or faxes to deliver critical information.

  1. Every organization needs a one-stop portal

As shoppers, we expect retailers to be available 24/7. Fast, digital responses are the norm. This expectation continues into our public lives as we hold agencies to the same level of service. And when they don’t…expect a FOInado.

Adding a web portal connected to your eFOIA software can decrease strain. FOIAXpress® has a customized web portal called Public Access Link (PAL). It provides both requesters

and responders a centralized space to submit/receive requests, communicate and track. Automated responses indicate requests received and provides status updates. With an

electronic reading room component, PAL gives requesters 24/7 access to information.

PAL can improve customer service. The technology makes the process easier for all parties and enables greater transparency. 

Use technology to ease the FOInado

You never know when a crisis will occur. Prepare in advance by assembling your digital toolkit. Choosing the right eFOIA solution can help your organization quickly recover from a FOInado.

FOIAXpress® –The #1 eFOIA Solution

FOIAXpress® transforms the way organizations manage Freedom of Information Act(FOIA), Privacy Act and Open Records requests. FOIAXpress® digitizes and automates the full lifecycle of FOIA from inquiry to delivery and archiving. That’s why it’s the leading eFOIA solution in North America.

Save time, lower cost and improve transparency with one easy to use web-based app. 

Download Full PDF here.


Q&A Series with Fred Sadler

Frederick Sadler retired after serving 40 years with the Food and Drug Administration (FDA). As the Director of its Freedom of Information Act (FOIA) office, he was responsible for administration and implementation of FOIA and Privacy Act (PA) programs.


Question #5: How do today’s non-technical FOI Program Officers fulfill growing technology-specific demands such as e-searching, e-redaction, e-posting and 508 remediation? 

Answer: For any FOI program to be successful and meet today’s demands from a tech standpoint, there’s no question that officers need to seek and obtain management support.

A year ago, I had the pleasure of speaking at the AINS FOIAXpress Annual User Conference. In one of my presentations, I raised some concepts which I felt had the potential to become “challenges” and potential issues within an agency's FOIA program implementation, in the near future.  One point that I raised was that for a FOIA program to be successful, i.e. manage its workloads, decrease backlogs, and avoid litigation, there needs to be management support and commitment to provide the necessary human and IT resources.  

The challenge is that in most FOI offices, agency IT components aren't part of the FOIA process. FOIA offices, in many instances, function with only minimal IT support for areas such as Capstone, 508 remediation, internet posting, or just scanning for e-redaction. I think there's a tendency to provide basic level services, after which the IT or CIO component diverts resources to address other program areas, for example cyber-security, which is outside FOIA.  

How does a program obtain that support, especially with scarce resources? 
You’ve heard it before – numbers don’t lie. So, make your case with them! The FOIA offices need to present workload statistics, and not just the type of numbers that are collected for the Annual Report. Some ways to get your case going are to start counting:


  1. The volume of responsive records, and numbers of redactions needed
  2. The time for consultation with subject matter experts to document what needs to be redacted (which you may need later, to support an Exemption 5 claim)
  3. The average number of requests that an experienced FOI officer can fulfill over time (short term counts aren’t of much help, because the volume and complexity of requests varies so much)
Once you’ve done this, compare your findings to your staff size, taking into account both attrition and any increase in your FOIA workloads. The data should illustrate an accurate picture and validate your request for additional IT support, because without it the agency will not be able to maintain sufficient output, therefore fewer responses to issues and growing backlogs. 


The same situation occurs as you act to pro-actively post records; remediate records to meet the requirements of Section 508; post records that were requested 3 or more times; and for ensuring that FOI officers have full access to any and all records retained under Capstone.

E-searching the new Capstone databases alone has already begun to change the way that FOIA officers conduct reasonable, comprehensive searches.  And, since most of the responsibility for Capstone data storage falls within the CIO’s office, it is incumbent on the FOI officer to establish and maintain close working relationships with that office.

TIP: If an initial attempt to connect the IT/CIO staff aren’t immediately successful, talk with your Privacy Act (PA) office. 

After all, FOIA and PA occasionally intersect, and in my experience, responses can issue under either/both programs in response to a single request, so connecting isn’t outside the bounds of normal program management. Notice that the PA requires that databases have a privacy impact assessment (PIA) completed, and that always requires IT input, for data security, access, life-cycle management, etc. You should expect that the PA offices already have an established line of contact with IT, so it makes sense to tap into their suggestions on compliance, facilitate a meeting with IT regarding your specific program needs, or just to share their knowledge.

Meet those FOIA Improvement Act of 2016 Requirements
By now, agencies should also have made significant strides to meet the requirements of the FOIA Improvement Act of 2016. Those statutory changes require every agency to:
  • Review and update its FOI regulations
  • Enhance your pro-active posting program
  • Make frequently requested records available in an e-format (i.e., on line)
  • Update form letters to include optional mediation services through OGIS
  • Expand your Annual Report
  • Implement the "foreseeable harm" test, when an agency applies Exemption 5.  

A significant part of this data gathering and documentation clearly requires IT support. To accomplish this:

  1. Prioritize your specific needs.
  2. Talk with your IT contacts and get their input on what can be done quickly and easily.
  3. Ask what authorization or funding would be needed, in order to meet the 2016 FOIA program requirements, or to support any additional documentation you need to justify a request for additional resources.  

The key is to ask for more than you expect to get - even if you just obtain assistance in document scanning and conversion. It can save a FOI officer a significant amount of time, and that time can be spent responding to FOIA requests. You’ll still have to review every record line-by-line before it’s released, but at least the document preparation will have been done for you, and that will also simplify compliance with the posting requirements.

Are you being asked to do more with the FOI program, but don’t know enough about technology to know what needs to be done, or how to do it? 

Share your experience here and Fred will address your challenge with a possible solution.


The Role of Automation in FOIA Compliance

AINS is proud to announce the publication of the article "The Role of Automation in FOIA Compliance" by employee and FOIA software expert Cindy Dillow in Information Management Magazine.

In the article, Dillow explains how automation technology can improve transparency, efficiency, and record-keeping in FOIA processing.


Join our Expert Speakers at the FOIAXpress User Conference and Tech Summit

Join these top government experts at the 12th Annual FOIAXpress User Conference & Tech Summit as they cover the latest FOIA topics and how they will impact your job and your agency. Head into 2018 armed with the proper education to be effective and prepared for any opportunity and challenge with presentations from: 

Fred Sadler, FOIA Consultant

Fred Sadler served as the Director of the FDA's Freedom of Information Act (FOIA) office, responsible for administration and implementation of FOIA and Privacy Act (PA) programs.

Gain his seasoned insight and perspective on the most important FOIA issues, including backlogs, Capstone and 18F.  


Dick Huff, FOIA Instructor

Dick Huff served as served as one of two co-directors of the U.S. Department of Justice’s Office of Information and Privacy from 1982 until his retirement in 2005.

Learn significant FOIA decisions from law cases in the past year to avoid similar pitfalls and protect your agency. 



Nikki Gramian, Deputy Director, OGIS

Nikki Gramian is Deputy Director of the Office of Government Information Services (OGIS), the federal FOIA ombudsman’s office. Ms. Gramian joined OGIS after 7 years at DHS’ Office of Inspector General where she oversaw the administrative function of the FOIA process and prepared the Office for litigation. 

Understand best practices and lessons learned in mediation.  


Register now to join these experts - we look forward to seeing you there!