Understanding FOIA IT Requirements

How to bring your network and data into compliance with the Freedom of Information Act

Background

The Freedom of Information Act (FOIA) is a United States federal law that gives individuals the right to access information from the federal government, except to the extent that such records or portions of them are protected from public disclosure by one of nine exemptions that might be harmful to the government or private interests.

Who Needs to Comply

FOIA applies to all federal agencies (for complete list, click here and scroll down to “View the full list of agencies…”). FOIA doesn’t not apply to The Judicial Branch, Federal Courts, The Legislative Branch, Congress, and State Government and Courts

Key IT Requirements

The following is a table containing sections of the FOIA and an explanation describing how Varonis solutions can help control how US agencies make public information available:

Requirement Description Varonis Product/Feature
How to Search for Records § 552. Public information; agency rules, opinions, orders, records, and proceedings(a) Each agency shall make available to the public information as follows: (C) In responding under this paragraph to a request for records, an agency shall make reasonable efforts to search for the records in electronic form or format, except when such efforts would significantly interfere with the operation of the agency’s automated information system.(D) For purposes of this paragraph, the term “search” means to review, manually or by automated means, agency records for the purpose of locating those records which are responsive to a request. Efforts To Search For Records In Electronic FormatDatAnswers provides relevant search results while keeping information secure. Users with relevant permissions will only see search results they have access to, thereby preventing unauthorized users from gaining access to information they should not see.
Nine Exemptions(7) Each agency shall— (3) specifically exempted from disclosure by statute (other than section 552b of this title), if that statute–(A)(i) requires that the matters be withheld from the public in such a manner as to leave no discretion on the issue; or (ii) establishes particular criteria for withholding or refers to particular types of matters to be withheld; (4) trade secrets and commercial or financial information obtained from a person and privileged or confidential; (5) inter-agency or intra-agency memorandums or letters which would not be available by law to a party other than an agency in litigation with the agency; (6) personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy; (7) records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information (A) could reasonably be expected to interfere with enforcement proceedings, (B) would deprive a person of a right to a fair trial or an impartial adjudication, (C) could reasonably be expected to constitute an unwarranted invasion of personal privacy, (D) could reasonably be expected to disclose the identity of a confidential source, including a State, local, or foreign agency or authority or any private institution which furnished information on a confidential basis, and, in the case of a record or information compiled by a criminal law enforcement authority in the course of a criminal investigation or by an agency conducting a lawful national security intelligence investigation, information furnished by a confidential source, (E) would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law, or (F) could reasonably be expected to endanger the life or physical safety of any individual; (8) contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions; or (9) geological and geophysical information and data, including maps, concerning wells. Preventing Harmful DisclosuresWith an efficient, incremental data classification and indexing engine like Varonis’ IDU Classification Framework and Varonis DatAnswers, you’ll be able to locate and retrieve all relevant information and records to prevent harmful to governmental or private interests.DatAnswers maintains an index so that electronic information containing specific terms can be found at any time. The IDU Classification Framework can automatically locate information, records and other sensitive data based on a multitude of criteria: keywords, patterns, date created, date last accessed, date modified, user access, owner, and many more.Once you have a high level overview of where relevant information and records are stored, there are additional steps that you can take to automate and prevent harmful disclosure. Varonis Data Transport Engine provides the flexibility to configure rules, based on your criteria, and then automatically move or copy relevant records to a secure folder or SharePoint site.

Request a demo

Interested in finding out how Varonis can help with your compliance initiatives?

Request a demo

Or contact sales at 877-292-8767