Skip to content

Old Regs May Not Necessarily Be Bad Regs, But Can Be A Red Flag

December 6, 2012

The Electronic Code of Federal Regulations

Earlier this week, the National Security Archive published its latest FOIA audit. The audit determined which federal agencies have updated their FOIA regulations in the electronic Code of Federal Regulations to reflect the most current FOIA legislation, the 2007 OPEN Government Act, and which have yet to do so. So far, we have received positive and constructive responses from several agencies regarding the posting, including a letter* from the Chief FOIA Officer at the Merit Systems Protection Board. His letter reminded us that six agencies (not our previously reported three) participate in FOIAonline, the government portal that provides a one stop shop for requesting, tracking, and posting digital versions of documents. We have since updated our audit to reflect the correction.

The MSPB’s letter also informed us that despite last being updated in 2000, that the Board does “follow all the other ‘best practices’ listed in [our] post.” We very much appreciate the prompt agency feedback, and applaud the MSPB for embracing best practice FOIA regulations. Hopefully the next step the MSPB, and other agencies in similar positions, will take is to formally update their regulations in the Code of Federal Regulations. This will ensure that best practices are continued, even if there are shifts in agency personnel as administrations reshuffle and change. While outdated FOIA regulations do not necessarily mean regulations are bad, regulations that do not reflect the most current legislation can be a red flag to FOIA requesters, and agencies whose regulations are grossly out of date give the impression that these agencies do not prioritize FOIA. FOIA requesters, regardless of their level of sophistication or knowledge of the FOIA, expect, reasonably and rightfully so, that when they can find an agency’s FOIA regulations, that those regulations reflect good law.

* Full text of the  MSPB letter:

As the Chief FOIA Officer for the Merit Systems Protection Board (MSPB), I’d like to correct a possible inaccuracy in your post on this subject and provide an additional comment.  The MSPB is a charter member of FOIAonline; your first example of “best practice” regulations indicates only three agencies currently participate in FOIAonline.  You may be referring only to the Department of Commerce, the Environmental Protection Agency, and the National Archives and Records Administration.

In addition, we actually follow all the other “best practices” listed in your post.  You may review our Annual FOIA Reports and Chief FOIA Officer Reports at for more information.

I’d appreciate it if you would clarify which agencies participate in FOIAonline, and post these comments where appropriate.  Thanks very much for your coverage of these important issues.

  1. December 7, 2012 5:49 am

    FOIA rulemaking is a weird animal. Agencies are required to promulgate regulations but, at least according to one federal agency, not given a time limit to do so. I draw your attention to the case National Whistleblower Center v. HHS (relevant opinion available at, where I argued:

    1) FOIA requires agencies to promulgate regulations for expedited processing;
    2) HHS had issued a Proposed Rule about expedited processing in 1999 in the Federal Register and received public comment on it, but done nothing since; and
    3) The Court should order HHS to promulgate a Final Rule.

    HHS moved to dismiss the case, saying that it hadn’t done anything in 12 years because it was busy with other things, but that it would when it got around to it, and that in the time being it was just following the statutory standard, and that in any case, FOIA didn’t mandate how quickly the agency had to promulgate the regs (you should really read the government’s brief in the case for the whole range of such arguments it made). HHS also argued that because it had applied the statutory standard in the absence of a regulation (which the judge took its word for, although that was disputed), the plaintiffs were not harmed by the lack of a reg. In the end, the judge granted the motion solely on the standing issue without discussing the rest, although he did offer the following thoughts:

    In reaching this decision, the Court is not untroubled by the possibility that no one will have standing to challenge HHS’s failure to promulgate expedited-processing regulations, in effect rendering 5 U.S.C. § 552(a)(6)(E)(i)’s requirement that agencies issue such regulations “optional and judicially unenforceable.” Muttitt, 2011 WL 4478320, at *5. This possibility, however, may not be as significant as it appears at first blush. First, should HHS in the future fail to follow the statutorily mandated criteria for expedited processing or fail to provide requesters with notice of those criteria, a requester may well suffer a judicially cognizable injury sufficient to confer standing. Second, requesters might well have standing to enforce § 552(a)(6)(E)(i) against other agencies whose practices diverge from the statutory criteria so as to cause injury to requesters. Finally, § 552(a)(6)(E)(i) appears unusual insomuch as it requires agencies to promulgate a regulation while simultaneously dictating, with notable specificity, what the contents of such a regulation must be. Though the statute allows an agency to identify other situations in which it will expedite requests, see 5 U.S.C. § 552(a)(6)(E)(i)(II), it requires that the regulations provide for expedition where an individual demonstrates a “compelling need,” id. § 552(a)(6)(E)(i)(I), and defines “compelling need” with particularity. See id. § 552(a)(6)(E)(v). Where a statute is not so specific concerning the contents of a regulation an agency is required to promulgate, a plaintiff may have less trouble demonstrating that he has been injured by an agency’s failure to do so.

  2. December 11, 2012 11:56 pm

    Thank you, Lauren, for your post and your fair coverage of this issue.

Comments are closed.

%d bloggers like this: