Cloud can help speed FOIA response
Connecting state and local government leaders
Centralized, cloud-based repositories that consolidate information make it easier for agencies to search for data needed to fulfill Freedom of Information Act requests.
The backlog of Freedom of Information Act (FOIA) requests has grown during the pandemic. The Justice Department reports that the number of backlogged requests across federal agencies in fiscal 2020 was 141,762, compared to about 120,000 the year before. The disparate systems that shaped agencies’ quick shift from office to remote work is largely to blame, one expert says.
“In many cases the data that they’re receiving, generating [and] creating is remaining local to the employees instead of on an enterprise system,” said Bill Tolson, vice president of compliance and e-discovery at Archive 360. That makes it difficult for an agency to respond to a FOIA request that involves numerous agency employees with disparate data repositories. “We’ve found instances where many of the employees were storing agency material up in their personal cloud accounts because they had nowhere else to put it.”
Nationwide, the time frame that government entities legally have to respond to open records requests varies by state, with 13 having no response time requirement. As a result, not only is the number of backlogged requests growing, but government organizations at all levels are also facing a deluge of lawsuits for being out of compliance.
At the end of fiscal 2020, the number of FOIA cases pending in federal courts was 1,683 – 3.5 times more than the number of pending cases in fiscal 2010, according to the FOIA Project, a self-described FOIA accountability engine. That doesn’t account for backlogs and lawsuits at state and local levels.
“During 2020, as with the rest of the country, agency FOIA offices faced unprecedented challenges associated with balancing our important missions with necessary public health and safety precautions,” according to DOJ’s “FOIA 2020 Litigation and Compliance Report.”
To deal with the growing backlog, some state and local government leaders did away with legal requirements for timely responses to FOIA requests. For instance, Texas Gov. Greg Abbott exempted agencies from responding within 10 days until physical offices were reopened, Michigan Gov. Gretchen Whitmer offered temporary extensions for responses and the Columbia Journalism Review cited several cities that put their responses on hold.
The long-term answer, however, is better technology, Tolson said – specifically, centralized repositories that facilitate e-discovery.
“One of the things we’ve heard is that because employees are not in cubicles next to each other or down the hall, rounding up this data is tougher,” he said, because they may not be able to find the data they need. “Do [employees] know how to do a specific search for a specific FOIA request or was that agency dependent on the IT folks coming through and doing a search on somebody’s laptop or searching somebody’s email account looking for very specific data?” he asked. “Now in many cases they’re having to rely on the employee, who may not be very proficient in various types of search applications within different types of applications.”
One answer is cloud technology because it offers a way to consolidate information so that there is one central repository to search.
“In a FOIA request, when everything is consolidated in an information management system or an archive or in a cloud email system, then the agency IT [staff] can do a search on it and find everything,” Tolson said.
State-level executive orders have been pushing agencies to move the cloud, and the National Association of State Chief Information Officers names cloud its No. 3 priority for 2021. Still, agencies at all levels are at different stages of cloud adoption. Tolson said Archive 360 has been working with states on using funding from the Coronavirus Aid, Relief, and Economic Security Act to modernize information-handling systems.
Another technological consideration is privacy protections. Before some data – such as health data – can be made public, it must be anonymized.
COVID surfaced the issue of protecting health data. “Do we report specific health care information and if [so], how do we anonymize it?” Tolson said. “I’m sure many of the state agencies wouldn’t know how to anonymize it, don’t have the software to anonymize it or mask or even encrypt it, and I’m sure that’s causing a lot of the delays as well.”
Modern technology can help by recognizing sensitive data such as personally identifiable information and automatically anonymizing it. Role-based access further ensures that only the people with the right privileges can access the data.
“The movement to data consolidation is going to continue. It’s just not going to be an overnight thing,” Tolson said.
NEXT STORY: Rethinking backups to combat ransomware