Finding it hard to keep up with this fast-paced industry?
The release of public information, enshrined in laws such as the United States’ Freedom of Information Act (FOIA), is vital for the functioning of a democratic society. But delivering the relevant information in a safe, compliant way can be complex, with challenges in finding all relevant information and correctly identifying what must be withheld.
As a result, responding to public information requests can take a lot of time and require significant resources and specialized knowledge, leading to backlogs, mistakes, and lower overall productivity for the records management team or end-user. In this blog post, learn more about the challenges public organizations face in providing public information, and learn how RecordPoint can help them overcome them.
All jurisdictions have their own public records laws. In the United States, Federal agencies are subject to FOIA, while state and local agencies have their own FOIA-type statutes. Such laws first require agencies to proactively release frequently requested records. For everything else, citizens can submit a request for public information, and an agency must respond with either the records requested, or an explanation for why some records were withheld.
The stakes are high: an agency which incorrectly releases information that should have been withheld may threaten national security, breach regulations, or threaten personal privacy. On the other hand, an agency that fails to release information that is legitimately in the public interest, and for which there is no relevant exception, risks reputational damage (cries of censorship), or legal challenges.
Given these stakes, records managers within these agencies must invest considerable time and effort into responding to public information requests to ensure they do so correctly. Agencies typically process requests in the order they are received, leading to an often-significant backlog of requests. This means they have less time to dedicate to tasks like data minimization, data disposition, or other proactive work to ensure compliance.
Challenges when responding to public information requests
FOIA requests can be simple (“provide the documents related to the tender process for the new stadium”) or complex (“provide all documents related to the agency’s consideration of climate change”).
Depending on the complexity of the request, a FOIA request may relate to tens of documents, or tens of thousands of documents. Simple requests are processed faster, but complex ones, especially those which require a search of multiple data sources, can take a lot of time.
To properly respond, records managers and others in the organization must find all information relevant to a request across their full range of data sources including databases, customer relationship management (CRM) systems, physical records, and legacy systems. Agencies must be thorough in this search, to ensure they have identified all records within the scope of the request.
Exceptions to disclosure
Once they have found the information, they must then review the records to make sure the information is available for disclosure. FOIA comes with nine exemptions, each covering a particular scenario that would prevent the agency from disclosing information. For example, the information may have been classified by an Executive Order in the interest of national defence or foreign policy, its release may be prevented by another statute, or a particular record may contain sensitive information.
Here again, volume is a challenge for agencies responding to a FOIA request. Responding to a complex request may have yielded thousands of documents. From this starting point, an agency must go through and correctly identify and withhold information that falls under an exemption or is prohibited by law.
This search and identification process becomes more difficult if an organization has poor data minimization practices, and a significant amount of Redundant, Obsolete or Trivial (ROT) data. But technological solutions for these issues do exist.
RecordPoint offers a solution
In-place records management
RecordPoint’s Records365 offers in-place records management to all your data sources, including physical records, allowing you to create an exhaustive data inventory. When a FOIA or other public information request is made, teams can search and find all records that match the query, regardless of data source. Because records are managed in-place, your data inventory is always up-to-date and accurate.
RecordPoint allows agencies to categorize their data, which means agencies can be confident they will not inadvertently provide information that is protected due to an exemption.
When responding to a request, agencies can say authoritatively that the requested information was marked with one or more of the categories related to an exemption, it was marked with that category before the FOIA request was made, and they can prove this if the decision is challenged in court. Such classification is automated, repeatable, and consistent, which means it is defensible and evidentiary.
Once agencies have identified the records that meet the criteria outlined in the public information request, Records365 can help agencies identify those with personally identifiable information (PII).
As part of reviewing the eligibility of the records for inclusion in the request, there will be a review period where the content and context of discovered records must be reviewed, and personal information redacted. The PII signalling capability helps agencies to home in on those records, allowing responders the ability to easily identify the type of personal information held within, and aid their analysis of the results.
RecordPoint’s data minimization solution ensures data is only retained for as long as required. When agencies are correctly implementing retention plans, they may proactively perform disposition of records that have a prescribed schedule. This reduces the total volume of data that must be reviewed, making sure anything that is held is done so legally and in line with compliance obligations. The identification and remediation of ROT also aids in reducing irrelevant and unimportant records from the overall data corpus.
Taken together, these features reduce the effort involved in fulfilling a request and ensure all decisions related to a request are informed and defensible, allowing your agency to fulfil its obligations under whatever public records act to which you are subject.
Why data minimization matters
Retaining redundant, obsolete or trivial data (ROT) raises costs and business risk. Data minimization is the answer, and can enable your team to achieve more.
Data privacy needs good data management
The solution to data privacy starts with good data management. Learn how scalable, consistent, and accurate governance enables teams to solve data privacy challenges