How to ease the eDiscovery impact of FOIA requests

Originally published on FCW.

The expanding reach of the Freedom of Information Act has introduced a new dynamic at federal agencies, and it is driving the need for IT professionals in the public sector to understand and conduct electronic discovery for records being requested by individuals and private parties under FOIA.

According to the Justice Department, more than 440,000 FOIA requests were fulfilled (either in full or partially) in 2013, yet a backlog of more than 95,000 from that year remains. The Department of Health and Human Services, the Social Security Administration and Justice fulfilled the most requests, but nearly all federal agencies are subject to the law.

The broadening scope and scale of eDiscovery in the public sector brings a new onslaught of challenges and considerations that are well-known among corporate legal and IT teams but relatively new to government agencies.

Compounding the issue is the continued growth of regulatory activity imposed by agencies such as Justice and the Securities and Exchange Commission, which adds a high volume of data to the pool of information from which FOIA requests can be made.

Regulatory activity stemming from the Foreign Corrupt Practices Act, antitrust laws and others often spans international borders, with the corporations under investigation collecting electronic documents from sources in foreign countries and producing that data for U.S. government agencies. Any agency that has regulatory oversight of corporations that do business globally will likely end up in possession of some of this data.

In many cases, FOIA requests can involve millions of documents and impose a significant financial and operational impact on the producing entity. Given the process of searching, reviewing and redacting documents for confidential information, fulfilling those requests can be time-consuming and costly, and many public entities are ill equipped to respond to those requests.

Nevertheless, agencies have a responsibility under FOIA to efficiently and cost-effectively respond, and although agencies may charge the requesting party for responding to the request, the cost of labor for producing the disclosures must not exceed the hourly wage of the lowest-paid public employee who performs the document retrieval. This is nearly impossible with manual review.

Further, FOIA states that agencies must acknowledge and respond to requests within 20 days. That requirement is often violated, as evidenced by the tens of thousands of backlogged requests noted above. Agencies that do not comply with the regulations for responding to requests are subject to judicial review, and new legislation is being proposed — in the form of the FOIA Oversight and Implementation Act — that would tighten the regulations and more clearly define the penalties for non-compliance.

Technology can eliminate the need for human reviewers to look at every document, thereby increasing the accuracy of the response and enabling automatic identification of exempt categories of information — such as personally identifiable information and certain state secrets — that must be redacted before the documents can be released.

However, it is important to understand which types of requests are better suited for the different tools. Use of data analytics can have a big impact even on small requests, while large requests that involve identifying a high volume of confidential data are often better served by using predictive coding technology. Both types of tools can dramatically improve speed and reduce the costs of disclosure.

Some disclosures can be surprisingly complex. For example, consider a scenario in which a human rights organization makes a FOIA query to Immigration and Customs Enforcement. Given the nature of that agency’s oversight, the information being requested might include data that originated in a foreign country and was collected as part of an investigation into a global corporation.

That is a common workflow for a handful of federal agencies that touch international relations, and the introduction of cross-border data complicates the matter because of privacy laws in foreign countries. Agencies that deal with such matters must become familiar with the data protection requirements in countries that might be home to information that has come under examination for a FOIA query, and the agencies must be aware of the technology available for streamlining the process of fulfilling a request.

Technology-assisted review and the use of advanced analytics tools require a paradigm shift from the way most people approach document review. The traditional approach consists of keyword searching coupled with a linear review in which the reviewer looks at each document to determine relevance and responsiveness. To enhance agencies’ responsiveness to requests, IT teams should be trained by eDiscovery experts on workflows for finding data and searching for details that must be redacted.

Reviewers can benefit from as little as two to four hours of training on advanced analytics and predictive coding technologies. After a couple days of actively working with these tools, they rarely revert back to linear review because of the dramatically improved speed and accuracy.

With thorough training by experts in these methods and a clearer understanding of how to use software for FOIA document review, federal IT teams can achieve efficient and compliant eDiscovery.