Michael Sarich and Nicholas Wittenberg wrote an article on FOIA requests and eDiscovery, which is being published as a five-part series on eDiscovery Today. Part one and part two were published earlier this week, here’s part three of processing Freedom of Information Act (FOIA) requests and utilizing eDiscovery.

Similarities in Processes

FOIA request and eDiscovery responses share similar activities throughout the process.  At a basic level, a document is filed seeking information, whether it be a FOIA requests or request for documents in an investigation or litigation. The attorneys or FOIA professionals review these requests, potentially negotiate terms or the extent of the requests and submit the requests to an eDiscovery division or program office. Those documents are then placed in an eDiscovery database or SharePoint repository for attorneys or professionals to review for responsiveness or to determine if redactions or withholdings need to be applied. Once that review is complete, the appropriate content is produced.   

Advertisement
Oasis

That process may seem straightforward; however, that is an extreme simplification as data including types and volumes have grown dramatically, causing both eDiscovery and FOIA professionals yearning for better technology to rapidly advance the process so that it can be more efficient and accurate. Few requests implicate only one set of record custodians, and few discovery requests only implicate one line of business. Looking at three overall categories of similarities between eDiscovery and FOIA may shine light on areas of potential advancement.

  1. Identification and Collection

The systematic identification and collection of information form the “bedrock” of both FOIA and eDiscovery. FOIA requests necessitate a meticulous search for specific government records, demanding a comprehensive understanding of databases and archives. In short, a FOIA Officer uses a records map to conduct a reasonable search for responsive records. In parallel, the eDiscovery process requires a detailed identification and collection of evidence, often accomplished through advanced search algorithms.  While in some instances searching government systems can be the same, it’s typically a people driven exercise vs. an automated process.  Whereas in eDiscovery, organizations have clients where information can be stored across numerous devices, systems, and storage applications (and the systems themselves) are able to retrieve, produce, and prepare responses.

Nearly all government employees know and understand that they waive most of their rights when logging on to government computers and other devices (here’s a sample warning and consent banner). At times, collecting government information for FOIA requests can be done more seamlessly and requires less notification by an agency’s eDiscovery division. At times, additional steps and permissions are needed by the private sector when accessing employee’s or client’s devices. The expectation of privacy in these worlds is a bit different however, there are similar privileges in the b(5) exemptions of the FOIA as there are in the civil discovery privileges with standard litigation.[1]

Agencies and technology companies who seek to store government data in the cloud must go through an extensive review process known as The Federal Risk and Authorization Management Program (FedRAMP).[2]  Cloud providers must secure an authority to operate (ATO) as part of this process, which can take over a year to secure.  However, OMB recently issued a draft memo on modernizing the FedRAMP process with several key points, one of which includes streamlining, “the authorization process by automating appropriate portions of security evaluations, consistent with industry best practices.” Governmental embrace and adoption of technologies to identify and collect data will have numerous positive effects. It will allow agencies to operate more effectively in reviewing data for numerous mission critical programs, eliminate traditional siloed and proprietary record storage, and the improve the ability for government operations to run smoother overall, FOIA included.

Advertisement

The synergy between these processes becomes apparent as technologies used in eDiscovery, designed for efficient data retrieval, find applicability in enhancing the precision of FOIA responses.  It is important to note that the identification and collection of responsive material to both FOIA and eDiscovery for investigations and litigation has risen dramatically.  In addition to data growing exponentially the types of data have also ballooned. So, what one ends up with is a doubling of an already exponential growth in potentially relevant and actionable data. 

In addition to “off the cuff” emails that were once well thought out memos, there are various electronic digital files that were merely scraps of paper in the not-so-distant past. The vast amounts of data created on social media, the use of applications such as through the Internet of Things (IoT), text messages, photos, videos, geolocation information, applications on cell phones and information created by the use of automobiles. The list goes on and on. If that data is used during government activity, it’s ripe for FOIA; if it’s used in a business use or relevant to a matter, it’s ripe for civil eDiscovery. Therefore, the integration of technology both for eDiscovery and FOIA is key for practitioners’ basic ability to accomplish their respective missions.

This paper will be published in five installments. Part 1 introduced the paper. Part 2 discussed the Objectives and Purpose for FOIA and eDiscovery. Parts 3, 4 and 5 will discuss Similarities in Processes with both FOIA and eDiscovery, with this part (part 3) focusing on Identification and Collection, part 4 focusing on Technology Integration and part 5 focusing on Collaboration and the paper’s conclusion.

Image created using Bing Image Creator Powered by DALL-E, using the term “robot working in a US government agency doing work at a computer”.

This work is not a federal publication and only reflects the personal views of Mr. Sarich and Mr. Wittenberg.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.


[1] 5 U.S.C. § 552(b)(5).

[2] FedRAMP “is a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies.” A very high level of the authorization process can be found here.