If you've ever wondered who should process Privacy Act requests, FOIA Officers or Privacy Officers, you are not alone.

Early in my career I have asked myself the same question. Confused, yet intrigued. However the answer is much clearer and simpler than you might think.

Here is the breakdown …

The answer is FOIA Officers. Why?

FOIA Officers are typically responsible for handling Privacy Act requests (especially when individuals are seeking records about themselves) because these requests often fall under both the Freedom of Information Act (FOIA) and the Privacy Act. FOIA professionals are trained (or should be ) to evaluate and apply both statutes simultaneously.

• ️ Privacy Officers, on the other hand, often focus on policy, compliance, and safeguarding personal data. While they may advise on complex privacy issues, they don’t usually process Privacy Act (1st Party) requests directly.
• Bottom line here is that FOIA Officers process the requests, while Privacy Officers ensure the policies are sound.

This division of labor is aimed at ensuring transparency, efficiency, and compliance across the board.

However as I mentioned in my previous post, there are so many FOIA Officers who lack training in processing Privacy Act requests. Cross-training should be mandated!

Related reading: More insights from Dr. Moya Hill | Explore the Unified Information Governance Model