How do legal, privacy, and program offices divide the review work on a FOIA request?
Processing a Freedom of Information Act (FOIA) request is rarely the work of a single office. Because responsive records can touch sensitive operations, personal data, and legal questions all at once, agencies divide the review among the people best positioned to judge each concern. The exact structure varies by agency, but the roles below are common.
The program (or “originating”) office
The program office is the one that actually created or holds the records — the subject-matter experts. Their job is to:
- Search for and gather records responsive to the request.
- Provide context on what the documents mean and how they are used.
- Flag operationally sensitive material that may warrant withholding (for example, information that could reveal techniques or harm an active matter).
Program staff know the records best, but they generally do not make the final legal call on what can be withheld.
The privacy office
Privacy specialists focus on personal information about identifiable individuals. They help determine whether disclosure would be a clearly unwarranted invasion of personal privacy and whether records are also governed by the Privacy Act of 1974, which can interact with FOIA. They advise on redacting items such as names, contact details, and other identifiers, and on balancing the public interest against privacy harm.
The legal office
Agency counsel (often working with the FOIA office) interprets the statute and applies the exemptions consistently. Legal review typically covers:
- Whether a claimed exemption is legally supportable.
- Privilege questions (such as attorney-client or deliberative-process material).
- Consistency with case law and agency policy, and defensibility if the decision is appealed or litigated.
How the pieces fit together
In practice a dedicated FOIA office usually coordinates the workflow: it logs the request, tasks the program office to search, routes documents to privacy and legal for review, consolidates the recommended redactions, and issues the final response with the agency’s reasoning. This layered review is what lets an agency release as much as the law allows while protecting the narrow categories the FOIA exemptions cover.
For related guidance, see the FOIA and public records hub.
Sources & further reading
Authoritative government and non-profit references.
- FOIA frequently asked questions — FOIA.gov / U.S. DOJ
- Privacy Act of 1974 — U.S. Department of Justice
How to cite this page
APA
RM University Editorial. (2026). How do legal, privacy, and program offices divide the review work on a FOIA request?. Records Management University. https://www.recordsmgmt.org/questions/how-legal-privacy-and-program-offices-divide-foia-review/
MLA
RM University Editorial. "How do legal, privacy, and program offices divide the review work on a FOIA request?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/how-legal-privacy-and-program-offices-divide-foia-review/.
Related questions
- Am I supposed to get an acknowledgement letter after I file a FOIA request, and what should it contain?
- Are emails on a city council member's personal phone subject to state public records law?
- Are police body-camera footage and incident reports public records under state law?
- Are state university student disciplinary records subject to public records requests, or does FERPA block them?
- Can a business stop an agency from releasing its confidential information under FOIA (reverse FOIA)?