Many public organizations are faced with the challenge of responding to records requests that they are legally required to produce within a tight timeline. For these types of requests, which go by a variety of names like FOIA, Public Records Requests, and Sunshine Laws, being proactive is not only an essential step in an excellent open records process; it becomes critical when you are working with tight deadlines and limited resources.
With these key steps, you can streamline your records request procedures and create a seamless retrieval process.
Step 1: Identify Data Repositories
Data maps outline the types of information stored by your organization, where those documents and records are located, and who has access to them. Although many would consider keeping updated data maps a priority of IT departments, experience tells us that this is not always the case. Good data maps need to be both created and frequently updated.
A data map should identify, among other things, the following when dealing with electronically stored information (ESI) as well as physical assets:
- Where is the information located?
- Who controls, modifies, and accesses the information?
- What formats exist in these locations?
- What data stores are challenging to access?
- How is the information backed-up?
- What tools or other resources can be used to access and search this data?
Step 2: Create a Team
A vital step to achieving an efficient and proactive process in responding to open records requests is to assemble a team that can collaborate on effective strategies. This team can help identify the right resources like software, vendors, and personnel to achieve optimal results.
Many larger agencies have personnel who work on FOIA full-time. Smaller public organizations do not have that luxury. This often leads to resources being pulled from other departments ad hoc as requests come in.
Rather than rely on a reactive process, find time to gather knowledgeable colleagues or consultants who can use their experience to define and refine a workable approach. Team members should be from various departments (legal, IT, records management, etc.) and should be empowered to create and implement policy. They should also identify tools that can be used to accomplish a defensible response and point out any challenging areas that may prevent an efficient search or production from taking place.
Step 3: Establish a Process
Establishing proper organization and classification for your data is essential to proactively improve your response time to open records requests. Policy and processes that limit organizational data to that which is relevant or required by regulation should be in place. These steps fall under the information governance umbrella.
Information governance (IG) is a set of interdisciplinary policies and procedures used to regulate an organization’s data from creation to disposal. With good information governance policies, the roles, responsibilities, and distribution of data becomes regulated, making the system more efficient, questions can be easily answered, and documents can be classified, located, and secured while clarifying accountability.
Searching data for relevancy and redacting data for exemptions becomes burdensome without some form of record management with a defined, consistent taxonomy. If items are not categorized proactively and, preferably, automatically, valuable time and resources will be expended for tasks that should be straightforward. For example, separating confidential information (and other categories that are excluded from disclosure) from your general records is immeasurably more time-consuming if it must be done manually in the review stage.
Classification and proper records management techniques also help identify what needs to be retained and eliminate items that may be redundant, outdated, or trivial (aka ROT) without running afoul of regulations. Aside from the fact that this clutter negatively impacts day-to-day functions, this data can be costly to store and costly to search.
Establishing an efficient solution begins by defining your needs. Answer simple questions related to the scope of the problem, the areas of difficulty, and where you need assistance. Some examples to consider:
- Will your searches involve deduplication, complex syntax, or tricky data repositories?
- Do your data stores contain consistent confidential information or other exceptions such as social security numbers or identifiable health information, both of which should be excluded. If this is the case, your ideal solution would contain automatic identification of sensitive information.
- Does your organization have the volume to justify more costly but time-saving features like automatic classification or redaction?
Step 4: Utilize your Resources
Lastly, look at what assets you have available within your organization. Take the time to identify resources (human and electronic) you can rely on in crunch time. Ideally, you can accomplish all your tasks with native tools. Work with team members within IT and legal to see if they have technology that can work for your process. Make sure you test the tools before you are inundated with a critical request.
Keep in mind that you are not alone. Processing open records requests is a common task in many levels of government. Reach out to oversite or other agencies’ staff engaged in similar work. If you work for a smaller public entity, seek out your peers in similar locales for suggestions.
Based on the information you collect, identify areas that should be corrected, and create a plan. Some issues can be fixed with process tweaks, training, permissions, or access, but some resolutions may require additional investment. Even if a new purchase can’t be tackled right away due to resource limitations, you want it on the docket for the next budgeting cycle.
Work within the constraints of your organization to find an effective, efficient process. One size does not fit all; you want to make sure the solution matches your requirements.
- Your organization likely has many tools in place to help respond to requests, make use of them where it makes sense.
- But if those tools are slow, or don’t have the functionality you need, like audit trails or advanced search capabilities, invest in ones that do.
- Identify who can answer questions outside your wheelhouse. This includes subject matter experts, people knowledgeable about internal systems, where data lives, and what resources (people and software) you can rely on to search, review and produce the information you need.
- Recognize your obligations and the order they should be performed.
Did you miss the beginning of this blog series? Read open records request 101.
Watch this free, on-demand webinar to learn more about how to quickly respond to FOIA and other open records requests.