Learn About FOIA & the Privacy Act
Two federal laws give you the right to see what the government knows about you — and to correct it.
Which route should I use?
If an agency already lets you access your own records through an account dashboard, local office, or dedicated records form, start there first. Use FOIA Friend when you need records that route does not cover, or when you want a broader written request that invokes both the Privacy Act and FOIA.
Ask for records, not answers
Strong requests ask for records relating to a topic. They do not ask an agency to explain, analyze, or create a new report. For example, instead of asking "Did you use my data to train AI?", ask for records relating to any use, testing, evaluation, sharing, disclosure, training, fine-tuning, validation, or auditing of your data in connection with AI or machine-learning systems.
What is the Privacy Act of 1974?
The Privacy Act (5 U.S.C. § 552a) is a federal law that governs how executive-branch agencies collect, maintain, use, and share personal information. It was enacted in response to growing concerns about the government's use of computerized databases containing sensitive information about individuals.
Under the Privacy Act, you have the right to:
- •Access any records your agency holds about you in a "system of records"
- •Request correction of inaccurate, irrelevant, or incomplete records
- •Know who has accessed your records and for what purpose
- •Sue the government in federal court if an agency refuses to comply
Agencies must respond to a Privacy Act request within 30 calendar days of receipt.
What is the Freedom of Information Act (FOIA)?
FOIA (5 U.S.C. § 552) is a federal law that gives the public the right to request access to records from any federal executive agency. Unlike the Privacy Act — which is limited to your own records — FOIA can be used to request any government records, subject to nine specific exemptions.
FOIA requests are used by journalists, researchers, lawyers, businesses, and private citizens to hold the government accountable and to understand how federal agencies operate.
When requesting your own records, combining a Privacy Act request with a FOIA request (as FOIA Friend does) gives you the broadest possible access — agencies must search under both laws and release records that fall under either.
Privacy Act vs. FOIA
| Feature | Privacy Act | FOIA |
|---|---|---|
| Who can request? | U.S. citizens & permanent residents only | Anyone (any person, organization, or foreign national) |
| What records? | Your own records held in a "system of records" | Any agency records not covered by an exemption |
| Response deadline | 30 calendar days | 20 business days (standard); 10 business days (expedited) |
| Correction rights? | Yes — you can request amendments to inaccurate records | No correction rights under FOIA alone |
| Fee waivers? | Generally no fees for personal records | Fee waivers available for public-interest requests |
| Appeals | Administrative appeal, then federal court | Administrative appeal, then federal court |
Response Timelines
These are statutory baselines, not guarantees. Actual timing varies by agency backlog, complexity, the type of records requested, and the submission path you use.
Agencies must acknowledge and begin processing your Privacy Act request within 30 calendar days of receipt. The agency may request an extension for good cause.
Agencies must respond within 20 business days. For complex requests, they may use a multi-track processing system. Response time can exceed the deadline for backlogged agencies.
You can request expedited processing if you have a compelling, specific reason — such as an urgent need to inform the public, a threat to life or safety, or a matter where delay could cause irreversible harm. FOIA Friend lets you describe your own urgency basis when filling out a request; the expedited processing section is only included in your letter if you provide one. Weak or unsupported urgency claims are routinely denied by agencies, so only use this if the reason is genuine.
Fees
Agencies can charge fees for search, duplication, and review in some circumstances. You can ask to be notified before costs exceed a chosen amount. Formal fee waivers under FOIA are generally limited to requests that serve the public interest and are not primarily commercial. People seeking only their own records often do not qualify for that kind of fee waiver. Many first-party requests still end up low-cost or no-cost, especially when the request is narrow or the records are available through a direct route.
If You're Denied
An agency may deny your request in whole or in part by citing one of FOIA's nine statutory exemptions (e.g., classified national security information, internal personnel rules, trade secrets, law enforcement records, or personal privacy of third parties). Partial responses with redacted sections are common.
If you receive a denial or a partial response, here's what you can do:
- 1File an administrative appeal. You generally have 90 days to appeal to the head of the agency. The agency's denial letter must include instructions for appealing. Most appeals are decided within 20 business days.
- 2Contact the FOIA Public Liaison. Each agency has a FOIA Public Liaison who can help resolve disputes informally without litigation.
- 3Request mediation from OGIS. The Office of Government Information Services (OGIS) is an independent mediator that can help resolve FOIA disputes between requesters and agencies.
- 4File suit in federal district court. After exhausting administrative remedies, you may bring an action in U.S. District Court under 5 U.S.C. § 552(a)(4)(B). Courts can order agencies to produce wrongfully withheld records and may award attorney fees.
Useful Resources
Ready to file your request?
FOIA Friend generates a legally-formatted Privacy Act & FOIA request letter in minutes — free to download.
Start My Request — Free