Don't miss our new Market Insights series on Financial Services Third-Party Risk Management!

Blog  |  July 10, 2023

Why Use a Hammer When You Can Use a Swiss Army Knife?: Considerations for Government Information Requests

In our first post in this series, we discussed how eDiscovery technology and workflows are being applied to several different use cases today. According to eDiscovery Today’s 2023 State of the Industry Report, seven use cases are being applied by at least 40% of 410 survey respondents.

One of those use cases is government information requests, for which eDiscovery is used by close to half (48.0%) of respondents – the fourth highest percentage of respondents overall. In this post, we’ll discuss types of government information requests, how eDiscovery for government information requests differs from eDiscovery for litigation, and how eDiscovery technology can be applied to support government information requests.

Types of Government Information Requests

The Freedom of Information Act (FOIA) is the primary statute that provides a mechanism for requesting public records. A FOIA request is a formal request submitted to a United States federal government agency for access to specific information or records that are not publicly available. This law, enacted in 1966, establishes the public’s right to access government records, with certain exceptions.

While FOIA applies only to federal agencies, states have their own versions of FOIA to make state and local government records accessible to the public. The FOIA process can be time-consuming, especially for complex requests or for agencies with large backlogs of requests. According to the Office for Information Policy (OIP), there were a record 928,353 FOIA requests in 2022 and agencies processed a record high of 878,420 requests!

Key aspects of FOIA requests include:

  • Submitting a Request: Anyone can submit a FOIA request, including U.S. citizens, foreign nationals, organizations, universities, and businesses. FOIA requests are usually written, and the requester must identify the records they seek.
  • Responsibility of Agencies: When an agency receives a request, they must respond quickly (typically within 20 working days). The agency must release the requested information unless it falls under one of nine exemptions or three exclusions outlined in the Act designed to protect interests ranging from personal privacy to sensitive law enforcement and national security matters.
  • Charges: Agencies may charge for search, review, and duplication of records. But FOIA provides for fee waivers or reductions if disclosure of the information is in the public interest.
  • Appeals and Litigation: If a request is denied, the requester has the right to appeal the decision within the agency; if denied, the requester can sue in federal court.

In addition to FOIA, the Privacy Act of 1974 allows U.S. citizens and legal permanent residents to request access to records held by federal agencies that pertain to themselves. The Privacy Act provides individuals with a means of access like that of the FOIA.  The statutes do overlap, but not entirely.

Other statutes like the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) provide access to financial and health records respectively, but those requests are generally made directly to the financial institutions and health care organizations, not to governmental entities.

How eDiscovery for Government Info Requests Differs from eDiscovery for Litigation

While the phases of eDiscovery (identification, preservation, collection, analysis, processing, review, and production) happen for government information requests like they do for litigation, there are some notable differences in how eDiscovery can be conducted, including:

  • Purpose and Scope: Unlike litigation, where eDiscovery is designed to lead to resolving a specific dispute between parties and the information sought usually relates to the claims and defenses in the lawsuit, government information requests can cover a broad range of topics to provide transparency and accountability in government activities.
  • Control: In litigation, eDiscovery is a reciprocal process, with both parties having the opportunity to request information from each other. Conversely, government information requests are one-sided by definition.
  • Public Access: Information produced in litigation is generally accessible only to the parties involved and may be subject to protective orders to keep certain information confidential. On the other hand, information provided in response to government information requests is often made publicly available (unless it falls under exemptions, such as national security, privacy, etc.).
  • Timing: In litigation, eDiscovery is governed by court rules and orders, which set specific deadlines for production. Government information requests have their own statutory timelines (such as the 20-business-day initial time limit for FOIA requests), but these can vary and may be extended in certain circumstances.
  • Redaction: In litigation, the rules of procedure dictate how and when documents can be redacted or marked as confidential, with protective orders eliminating the need for some redactions because disclosure will be limited. For government information requests, redactions are often more frequent and extensive, as the released documents often become public record.

Another consideration for government information requests are the agencies themselves and the lead time it may take to adopt new technological solutions.

Applying eDiscovery Technology to Government Information Requests

There are a few eDiscovery technological capabilities and specifications that are particularly important for supporting government information requests, including:

  • Analytics: With a deadline as short as 20 business days for FOIA requests, time is of the essence in identifying records that may be responsive to those requests. The ability to apply analytics, including timeline, communication and key entity analytics, to understand where the responsive data lies is key to supporting those requests.
  • Auto Identification and Redaction: The ability to automate the identification and redaction of personally identifiable information (PII) and other sensitive information is even more critical, given the fact that most records produced in response to a government information request become public record.
  • Review Workflow Management: The ability to leverage technological approaches such as TAR/Predictive Coding and Continuous Multi-Modal Learning is essential to quickly identify responsive documents to meet government information request deadlines.
  • FedRAMP: The Federal Risk and Authorization Management Program (FedRAMP) is a US federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Solutions must be FedRAMP authorized today to provide effective eDiscovery technology to federal government agencies and StateRAMP is becoming increasingly important to support the cloud needs of state and local governments.


Government information requests have unique requirements with respect to eDiscovery and the ability to meet the demand of those requests involves leveraging expertise and technology designed to support those unique requirements. While the compliance criteria for government agencies are ever-changing, the demands for information from them are at record highs, spotlighting the importance of leveraging technology and expertise to meet these unique eDiscovery workflows.

For more regarding Cimplifi data reduction & analytics services, click here.

In case you missed the other blogs in this series, Why Use a Hammer When You Can Use a Swiss Army Knife?: Use Cases for eDiscovery Today,  you can find them here: