On March 12 the National Security Archive at George Washington University issued their report, “The Knight Open Government Survey 2007.”
Basically the study looked at how many of the 149 U.S. government agencies they surveyed were in compliance with the provisions of the Electronic Freedom of Information Act (EFOIA) here at the 10 year anniversary of the Act going into effect.
It’s an interesting read and quite a report card.
A passage from the Executive Summary of the report is revealing:
“The poor state of agencies‚Äô FOIA Web sites forces the conclusion that not only did the agencies ignore Congress, but lack of interest in FOIA programs is so high that many agencies have failed even to keep their FOIA Web sites on par with their general agency Web sites. Congress’s best intentions have not had the desired impact.”
Indeed. Laws are basically worthless if they are not consistently and actively enforced. What are the penalties U.S. government agencies face for regulatory and legal non-compliance?
The study reported the following agencies, in alphabetical not ranked order, as the top 5 “Best Overall Agencies” with regard to compliance:
“Department of Education
ÙÄÇê Goes above and beyond what is required with guidance and tools for requesters
ÙÄÇê Good guide, FAQs, FOIA request and appeal checklist
ÙÄÇê Excellent online FOIA appeal and request forms
ÙÄÇê Most of the required documents are available
ÙÄÇê http://www.ed.gov/policy/gen/leg/foia/foiatoc.html
Department of Justice
ÙÄÇê Portal scheme links component FOIA sites and reading rooms
ÙÄÇê Excellent FOIA Reference Guide
ÙÄÇê Comprehensive index of major information systems ÙÄÇê Well-organized electronic reading room
ÙÄÇê http://www.usdoj.gov/oip/
Federal Trade Commission
ÙÄÇê Well-organized electronic reading room with extensive records
ÙÄÇê Good guidance
ÙÄÇê FOIA request checklist
ÙÄÇê http://www.ftc.gov/foia/
National Aeronautics & Space Administration
ÙÄÇê Uses portal scheme to link all component FOIA Web sites
ÙÄÇê Good proactive disclosure (posted materials related to Space Shuttle Columbia)
ÙÄÇê Comprehensive guidance
ÙÄÇê http://www.hq.nasa.gov/office/pao/FOIA/agency/
National Labor Relations Board
ÙÄÇê Excellent navigation scheme
ÙÄÇê Site is well organized and very easy to follow
ÙÄÇê Good guidance
ÙÄÇê Electronic reading room with a lot of available information
ÙÄÇê http://www.nlrb.gov/FOIA/”
I have used all these sites, and while I haven’t looked at them specifically for FOIA data, I have found them all very useful when looking for other information applicable to the agencies. I particularly like the FTC site.
The study reported the following agencies, again in alphabetical and not ranked order, as the 12 “WORST OVERALL AGENCIES”:
“Air Force (Department of Defense)
􀂵 Two distinct FOIA sites, one hidden from main agency home page
􀂵 Minimal guidance
􀂵 No required records
􀂵 Several broken links 􀂵 Inaccurate information for some sub-components
􀂵 http://www.af.mil/foia.asp and http://www.foia.af.mil/
Department of Defense
􀂵 Poor site structure and design
􀂵 Disorganized, unsearchable electronic reading room
􀂵 Many required documents could not be located
􀂵 http://www.dod.mil/pubs/foi/
Department of Interior
􀂵 No guidance currently available
􀂵 Poor organization and badly-identified links
􀂵 Difficult to navigate
􀂵 One large component, Bureau of Indian Affairs, has no FOIA site
􀂵 http://www.doi.gov/foia/
Department of Labor
􀂵 No central reading room and no required documents available
􀂵 Several components (ETA and EBSA) lack FOIA sites
􀂵 http://www.dol.gov/dol/foia/main.htm
Federal Labor Relations Authority
􀂵 Two distinct FOIA pages, each very difficult to find from main site
􀂵 Poor guidance
􀂵 No required records available
􀂵 http://www.flra.gov/hdbook4.html
Immigration & Customs Enforcement (Department of Homeland Security)
􀂵 No dedicated FOIA page
􀂵 Very limited guidance
􀂵 No required documents
􀂵 http://www.ice.gov/about/legal.htm#foia
Office of the Director of National Intelligence
􀂵 No guidance for requesters, only contact information provided
􀂵 Limited electronic reading room
􀂵 http://www.dni.gov/foia.htm
Office of National Drug Control Policy
􀂵 No substantive guidance
􀂵 No required documents except annual reports
􀂵 Poor navigation
􀂵 http://www.whitehousedrugpolicy.gov/about/foia.html
Small Business Administration
􀂵 Very poorly organized site, particularly guidance materials
􀂵 Few required documents available
􀂵 Documents and information very difficult to locate
􀂵 http://www.sba.gov/aboutsba/sbaprograms/foia/
Transportation Security Administration (Department of Homeland Security)
􀂵 Limited guidance for requesters
􀂵 Few, poorly-identified records in electronic reading room
􀂵 Difficult to navigate 􀂵 http://www.tsa.gov/research/foia/index.shtm
U.S. Trade Representative
􀂵 No FOIA link on agency home page
􀂵 No required documents identified on FOIA site
􀂵 Guidance scattered and incomprehensible
􀂵 http://www.ustr.gov/Legal/Reading_Room/FOIA/Section_Index.html
Department of Veterans Affairs
􀂵 Very limited guidance
􀂵 Site is poorly organized
􀂵 Information is difficult to locate
􀂵 Several broken links to required documents
ÙÄǵ http://www.va.gov/oit/egov/rms/foia.asp”
It is worth noting that many of the agencies on the worst list have also had well-publicized security incidents and privacy breaches, most notably the VA.
These issues, EFOIA noncompliance and security assurance, are related; when organizations disregard laws and regulatory requirements, it makes sense that their personnel will also disregard security policies and not consistently apply safeguards, which will lead to security incidents and privacy breaches.
Organizational leaders must be good role models; their personnel will mirror them, good behavior and bad.
Tags: awareness and training, EFIOA, FIOA, FTC, government, Information Security, IT compliance, policies and procedures, privacy, risk management, VA