Skip to main content

Freedom of Information Act: Additional Actions Can Strengthen Agency Efforts to Improve Management

GAO-12-828 Published: Jul 31, 2012. Publicly Released: Aug 30, 2012.
Jump To:
Skip to Highlights

Highlights

What GAO Found

The major components of the Departments of Homeland Security, Defense, Justice, and Health and Human Services have taken a variety of actions to improve management of their Freedom of Information Act (FOIA) programs. To reduce their backlogs of outstanding requests, agencies have taken actions that include regularly reporting to management, mobilizing extra resources, and streamlining procedures for responding to requests. These actions have had mixed results. For example, since 2009, 10 of the 16 agency components in GAO’s study succeeded in decreasing their backlogs, 2 had no material change, and the remaining 4 had larger backlogs. The agencies have also taken actions to reduce their use of exemptions—provisions of FOIA that allow agencies to withhold certain types of information. Agencies’ actions to reduce their use of exemptions included training, reviews, and guidance. While 7 components reduced the rate at which they applied exemptions, 3 stayed about the same, and 6 had an increase.

The agency components are generally making records available to the public online, either in their FOIA libraries (dedicated sections of their websites for FOIA-related records) or elsewhere on their agency websites, as required by amendments to the act, referred to as e-FOIA. However, GAO’s review of FOIA libraries found that records may not be easy for the public to locate when they are not in a library. Agency components have used a variety of approaches, including frequent content reviews, to proactively manage their libraries. However, GAO determined that not all agency components are giving sufficient attention to ensuring that frequently requested records are identified and posted online, which has resulted in sparsely populated FOIA libraries. Without consistent oversight and review of the information posted to FOIA libraries, the most current agency efforts or decisions may not be reflected and information can be difficult for the public to locate. This can result in increased FOIA requests, contributing to backlogs and administrative costs.

The agency components’ implementation of technology capabilities that have been identified as best practices for FOIA processing—such as the use of a single tracking system and providing requesters the ability to track the status of requests online—has varied. The agencies that have not yet implemented these capabilities generally intend to do so. In addition, the agencies that GAO studied use different FOIA processing systems that do not electronically exchange data, which may necessitate manual exchanges of information among agencies to process FOIA requests.

Why GAO Did This Study

In March 2009, the Attorney General issued guidelines that encouraged agencies to release records requested under FOIA, improve administration of their FOIA operations, and ensure timely disclosure of information to the public. In light of this guidance, GAO was asked to determine: (1) What actions have agencies taken to manage their FOIA programs, including reducing backlogs and use of exemptions, pursuant to the Attorney General’s 2009 FOIA guidelines, and what have been the results of these actions? (2) What actions have agencies taken to make records available to the public by electronic means, pursuant to the e-FOIA Amendments of 1996? (3) To what extent have agencies implemented technology to support FOIA processing?

To respond to this request, GAO analyzed statistics and documents, reviewed FOIA libraries, and conducted interviews with officials at 16 agency components within the Departments of Homeland Security, Defense, Justice, and Health and Human Services—the four agencies that received the most FOIA requests in fiscal year 2010.

Recommendations

GAO is recommending that the four agencies improve the management of their FOIA programs by ensuring that actions are taken to reduce backlogs and use of exemptions, improve FOIA libraries, and implement technology. In written comments on a draft of the report, the four agencies agreed or generally agreed with the recommendations.

Recommendations for Executive Action

Agency Affected Sort descending Recommendation Status
Department of Defense To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments.
Closed – Implemented
DOD concurred with our recommendation and in response took action to identify approaches for electronic exchange of data. In its 2013 Chief FOIA Officer report, DOD noted that its components identified and began using the Safe Access File Exchange (SAFE) website, and various tools within INTELINK to share information. According to the report, the INTELDOCS feature within INTELINK is used for the consultation referral process. SAFE is available for DOD and other federal government agencies, while INTELINK is only available for DOD, agencies that have components that are members of the Intelligence Community and the Law Enforcement community. According to our review of the SAFE website, it allows its users to transfer and receive files up to 2 gigabytes.
Department of Defense To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as appropriate, conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance to reduce their use of exemptions.
Closed – Implemented
The Department of Defense(DOD) concurred with our recommendation and in response took steps to establish various training programs. For example, in June 2013 the department held a training workshop that included a class on compliance with the U.S. Supreme Court Milner decision. In July 2013, DOD also began offering a one-hour class on the use of exemption 5. In addition, according to our review of the department's Chief FOIA Officer report for 2016, the department held two three-day FOIA/Privacy Act training workshops in June and September 2015. The workshops focused on DOD's FOIA policy, the use of exemptions 4, 5, 6 and 7, document declassification, fees and fee waivers, litigation considerations, and best practices in redacting documents.
Department of Defense To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as needed, take actions--report backlog status, redirect resources, change procedures, and negotiate to simplify requests--to reduce their backlogs of FOIA requests.
Closed – Implemented
The Department of Defense (DOD) concurred with our recommendation and, in response, took steps to reduce the backlogs of the military services in our review. For example, the department's Chief FOIA Officer report for 2016 showed that the U.S. Navy reported that it identified the components with the highest backlogs and began tracking the backlog metrics on a monthly basis. In addition, the U.S. Army, despite its decentralization, began monitoring the individual plans of its components to reduce backlogs and report the metrics established to senior leadership on a monthly and quarterly basis. Further, the Office of the Secretary of Defense/Joint Staff began having their FOIA action officers set weekly backlog closure goals. Lastly, the Directorate for Oversight and Compliance, which oversees all FOIA policy matters within DOD, hosted a "FOIA backlog root cause analysis" workshop to identify the root causes of the steady increase in the backlog of FOIA requests and develop proposed countermeasures. The U.S. Air Force, among other DOD components, participated in the workshop. The Directorate for Oversight and Compliance also established metrics and reports the metrics monthly to leadership.
Department of Defense To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries.
Closed – Implemented
DOD concurred with our recommendation and, in response, the Navy (which was the DOD component in our review that had not disclosed the required categories of records) took action to create a new FOIA website. Our review of the website found that the Navy's reading room (FOIA library) provides information on its records related to (1) policy and interpretations that have been adopted by the agency and are not published in the Federal Register and (2) records released to the public, under FOIA, that are or will likely become the subject of subsequent requests. In addition, according to the web site, records related to final opinions and orders made in the adjudication of cases are located in Navy's Judge Advocate General's FOIA website reading room.
Department of Defense To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have.
Closed – Implemented
DOD concurred with our recommendation and in response took actions to implement new systems that have the recommended and required technology capabilities. For example, the Office of the Secretary of Defense and Joint Staff purchased a vendor supplied solution that provides the capability for FOIA requesters to track the status of their requests online. In addition, the Army began using its Freedom of Information Case Tracking System (FACTS) to track FOIA cases and to generate metrics. To share and transfer documents electronically, selected Army commands are using the U.S. Army Aviation and Missile Research Development and Engineering Center Safe File Access Exchange (AMRDEC SAFE). Lastly, the Navy purchased and began using a FOIA on line tool in October 2013. The tool provides several capabilities such as accepting and tracking requests online, and calculating fees.
Department of Health and Human Services To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have.
Closed – Implemented
HHS concurred with our recommendation and a key component agency, the Centers for Medicare and Medicaid Services (CMS), began using a tool that allows all regions to use a centralized system for reporting metrics. The data in the system can be entered, viewed, and queried by multiple staff across CMS regions. In addition, the Office of the Secretary implemented FOIAXpress, which allows a requester to track the status of a request online once a requester establishes an online account. Further, each National Institutes of Health (NIH) component has a FOIA Requester Service Center available to answer questions or to provide a status regarding a pending request. The contacts for the service centers are listed on NIH's FOIA website.
Department of Health and Human Services To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments.
Closed – Implemented
HHS concurred with our recommendation and the department's component agencies took several actions. For example, the Centers for Disease Control and Prevention (CDC) developed a system that allows for the bi-directional exchange of records responsive to the FOIA request between CDC Program Offices and the CDC FOIA Office. In addition, the Health Resources and Services Administration (HSRA) obtained a dedicated shared drive to receive and store responsive records more reliably and securely. Lastly, the Administration for Children and Families (ACF) explored several document sharing platforms for use in streamlining the referral and document consultation process.
Department of Health and Human Services To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as appropriate, conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance to reduce their use of exemptions.
Closed – Implemented
HHS concurred with our recommendation and the Centers for Medicare and Medicaid Services, Food and Drug Administration, and National Institutes of Health were among the department's component agencies that held FOIA-related training in 2015 for their FOIA staff. In addition, CMS staff attended Department of Justice semi-annual training on the application of the FOIA administrative process and exemptions.
Department of Health and Human Services To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as needed, take actions--report backlog status, redirect resources, change procedures, and negotiate to simplify requests--to reduce their backlogs of FOIA requests.
Closed – Implemented
Health and Human Services (HHS) concurred with our recommendation and has taken actions to reduce the department's backlog of FOIA requests. For example, management meets regularly with the FOIA staff to address metrics related to pending requests, and to discuss the methods and best practices to reduce backlogs. In addition, according to the 2016 Chief FOIA Officer's Report, HHS's Office of the Secretary as well as the Centers for Medicare & Medicaid Services (CMS), Food and Drug Administration, and National Institutes of Health were among nine components that reduced backlogs during FY 2015. Specifically, the report stated that CMS, the component that received the largest number of FOIA requests, initiated a pilot program with a regional office that served as a request "clearinghouse" and forwarded requests to the appropriate region.
Department of Health and Human Services To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries.
Closed – Implemented
HHS concurred with our recommendation and we verified, in September 2016, that a key component agency, the Centers for Medicare and Medicaid Services (CMS), had updated its FOIA library (reading room) so that users of the website could easily locate information. The reading room includes links to, for example, CMS's FOIA Policy and Procedures Guides, CMS Rulings, and transmittals of new or changed policies or procedures incorporated in the CMS Online Manual system.
Department of Homeland Security To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments.
Closed – Implemented
DHS concurred with our recommendation and we verified that the department provided training to several of its components in 2013 and 2014 regarding the use of a new processing tool, FOIAXpress. The tool, according to DHS's 2016 Chief FOIA Officer Report, allows for document sharing and complete interoperability between all DHS components that use the application. In addition, in other actions taken by the department, the Immigration and Customs Enforcement (ICE) agency provided the Government Information Law Division attorneys access to its tool, thus enabling them to collaborate, consult, and review records maintained by ICE.
Department of Homeland Security To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as appropriate, conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance to reduce their use of exemptions.
Closed – Implemented
DHS concurred with our recommendation and, in response, took several actions. In May 2013, we verified that DHS held training related to the use of exemption 4. Also, in June 2013, we verified that the department issued a policy related to the use of exemption 6. Lastly, on March 11, 2014, we verified that DHS issued a memorandum to all FOIA officers regarding the use of exemptions and foreseeable harm analyses.
Department of Homeland Security To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as needed, take actions--report backlog status, redirect resources, change procedures, and negotiate to simplify requests--to reduce their backlogs of FOIA requests.
Closed – Implemented
DHS concurred with our recommendation and, in response, took steps across the department to periodically report on the status of its Freedom of Information Act (FOIA) request backlogs. The department also took steps to monitor the status of backlog caseloads and redirect resources toward reducing backlogs by, among other things, hiring additional staff and contractors and offering paid overtime to workload volunteers. In addition, the department issued new guidance on the disclosure of frequently requested FOIA records, misdirected FOIA requests, and the proper way to inquire as to whether a FOIA requester remains interested in the information originally requested. Lastly, DHS FOIA officers negotiated with high-volume requesters to simplify requests.
Department of Homeland Security To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries.
Closed – Implemented
DHS, in response to our recommendation, required its FOIA Officers to conduct a review of their component agency's FOIA libraries, address the deficiencies identified, notify the Privacy Office about library requirements that were not being met, and identify actions to be taken to comply with the legal requirements for FOIA Reading Rooms. In addition, DHS expanded its FOIA library content to include information previously available only through a formal request such as daily schedules of senior leaders, management directives, and procurement records, among others.
Department of Homeland Security To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have.
Closed – Implemented
In July 2016, we verified that DHS implemented new technology capabilities to improve the efficiency of their FOIA processing. For example, the DHS Privacy Office implemented a feature on its FOIA webpage that allows requesters to check the status of their requests online. As a result, DHS is better positioned to more efficiently respond to inquiries related to FOIA requests.
Department of Justice To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to evaluate whether the agency components within their departments could improve the efficiency of their FOIA processing by implementing each of the technology capabilities that they do not already have.
Closed – Implemented
The Department of Justice generally concurred with our recommendation and subsequently implemented essential elements of the recommendation. Specifically, the Federal Bureau of Prisons (BOP), which was one of the key Justice components that did not implement all of the technology capabilities discussed in our report, took action and implemented the missing capability--that is, the ability for requesters to track the status of their FOIA requests online. Our review of BOP's FOIA website shows that a requester now has the ability to track FOIA requests online using the assigned request number. Further, while FOIA requests made by another Justice component in our review, the Executive Office for Immigration Review (EOIR), still cannot be tracked online, administrative appeals made to EOIR can be tracked using Justice's FOIAonline tool implemented by the Office of Information Policy in February 2016.
Department of Justice To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to identify and evaluate potential approaches (e.g., enhancements to or replacement of existing systems) for enabling the electronic exchange of data between the FOIA processing systems of the agency components within their departments.
Closed – Implemented
The Department of Justice generally agreed with our recommendation and, in response, took several actions. For example, the Office of Information Policy replaced its FOIA system and began using FOIAonline in February 2016. In addition, the Federal Bureau of Investigations (FBI) established an eFOIA strategic initiative in fiscal year 2015 to enhance its existing FOIA case management system. The enhancement allows the FBI case management system to ingest FOIA requests from a web portal, provide correspondence regarding the request to the requester, and deliver final products to the requester community digitally. Lastly, several components within the department are now using tools to search, sort, and de-duplicate documents responsive to a FOIA request.
Department of Justice To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as needed, take actions--report backlog status, redirect resources, change procedures, and negotiate to simplify requests--to reduce their backlogs of FOIA requests.
Closed – Implemented
In response to our recommendation, Justice has taken actions to reduce the department's FOIA request backlog. Specifically, the department developed and implemented a plan for reducing backlogs, issued FOIA guidance, and held FOIA best practices workshops on reducing request backlogs. In addition, the department established FOIA regulations containing provisions that promote efficiency and emphasize greater communication with requesters to simplify requests.
Department of Justice To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments, as appropriate, conduct training, perform foreseeable harm analyses, complete reviews, comply with the Milner decision, and distribute guidance to reduce their use of exemptions.
Closed – Implemented
In response to our recommendation, Justice issued guidance on the importance of FOIA training and provided training to FOIA professions within the department, as well as across the government. Furthermore, the department issued guidance related to applying the President's presumption of openness, the foreseeable harm analyses, and the proper application of Exemption 2 after the Milner decision. Lastly, the department stated that it added a step in its FOIA processing to review information for discretionary release, and it requires agencies to report on its processes, if any, to review information for discretionary release.
Department of Justice To improve the management of FOIA processing, the Secretaries of DHS, DOD, and HHS and the Attorney General should direct their respective Chief FOIA Officers to ensure that the agency components within their departments address the deficiencies in their FOIA libraries by making required categories of records easier to locate, clearly indicating when records in required categories do not exist, and expanding the content of FOIA libraries.
Closed – Implemented
The Department of Justice generally concurred with our recommendation and in response took several actions. For example, the Office of Information Policy (OIP) redesigned its FOIA library website and separated documents into two functional categories: Operational Documents and FOIA-Processed Documents. In addition, the department issued an updated FOIA regulation which took effect in May 2015, which, according to our review of the regulation, includes a provision that requires components to ensure that their FOIA library websites are reviewed and updated on an ongoing basis. Further, according to the Department's 2015 Chief FOIA Officer report, various Justice components took steps to increase proactively disclosing information. Specifically, among other things, the department (1) created a processes to identify records of public interest that can be proactively posted online, and (2) developed best practice workshops specific to proactive disclosures. Lastly, in July 2015, OIP launched a new pilot program at seven agencies designed to test the feasibility of posting online FOIA responses so that they are available not just to the individual requester, but to the general public as well.

Full Report

GAO Contacts

Office of Public Affairs

Topics

LibrariesInformation disclosureFreedom of information requestsFederal agenciesTechnologyFreedom of informationInformation technologyHomeland securityHealth careWebsites