3 Steps to Prepare Your Organization to Respond to FOIA Requests

If you are the person responsible for Freedom of Information Act (FOIA) or eDiscovery requests at your organization, you’re probably following the events at the EPA closely. If you’re not, you’re missing an excellent example of the potential hazards of working in a public organization and having to respond to information requests.

In short, Lisa Jackson, the EPA Chief for the past four years has announced she will step down next month. This announcement comes shortly after her admission in December 2012 to having used “Richard Windsor” as a non de plume to conduct “internal discussions” via email.

The subsequent scandal being dubbed “Windsorgate,” has highlighted the issue of employees proactively taking steps to prevent information generated by their institutions from being publicly discoverable; a process that would require them to break the law to do so.

The issue is not of accessing the information, but rather of finding the right information to comply with FOIA requests. By using an alias account, Lisa Jackson and anyone doing so, are effectively hiding emails from legitimate FOIA requests.

Fortunately for the EPA, they do use an email archiving solution and are responding to a Federal lawsuit that requires them to deliver approximately 12,000 emails related to this request in four tranches containing about 3,000 emails each.  It will be an interesting case to follow as the EPA’s initial tranche delivered 2,100 emails all of which were nebulous and none of which were To or From “Richard Windsor.”

For those of us on the outside looking in, this should serve as a wakeup call for how to manage not only our own information repositories, but also how we communicate the necessity of doing so with our employees. Below are 3 steps to prepare your organization to respond to FOIA requests and handle these types of situations if they should ever arise in your organization.

  1. Have clear policies that communicate the acceptable use of electronic communication such as email when conducting official business for your institution
  2. Make sure your employees understand these policies and that you document their acknowledgement of these policies
  3. Have the appropriate technology solutions in place to collect, archive and retrieve your electronic communications to enable the accurate, efficient and timely response to legitimate requests for information

At the end of the day, your organization’s ability to comply with information requests will depend on the lawful actions of your employees and your ability to deliver the information requested. Implementing the three recommendations outlined above however should establish a solid foundation for doing this and put you and your institution above reproach.