A journalist files a FOIA request for emails between your agency and a contractor. You have to release the documents within statutory time. Some content is exempt — personal data, deliberative process, law enforcement sensitive — and must be redacted. The journalist will try every trick to extract the hidden content.
Know the exemption framework
Under US FOIA, exemptions include personal privacy (b6), law enforcement (b7), national security (b1), deliberative process (b5), and others. Each redaction should reference the exemption it's claiming.
Under UK FOI Act, exemptions include personal data (s40), national security (s24), confidential information (s41), commercial interests (s43). Same principle — each redaction has a statutory basis.
Document the exemption alongside each redaction. Most public-sector workflow tools support exemption tagging.
Use true redaction tooling
Visual-only redaction has embarrassed multiple government agencies in public releases. Use a tool that removes the underlying content — Flint's redaction tool, Acrobat's Redact tool, or specialist FOIA software (FOIAonline, Veritone, etc.).
Never use the rectangle annotation tool. Never use a black highlighter. Always test the output by select-and-copy on redacted regions.
Metadata is part of the response
Released documents often leak through metadata. Author names, file paths, software versions, comments and revisions can all reveal what was redacted from the body.
Strip metadata as part of the release workflow. For high-sensitivity releases, render to clean images and re-OCR to produce a metadata-free output. Document the cleaning step for the response file.
Release review
Multi-stage review for FOIA releases:
1. Subject matter expert identifies content to redact and exemption. 2. FOIA officer applies redactions. 3. Independent technical review verifies redaction effectiveness. 4. Final QA before transmission to requester.
This is overhead. It's cheaper than re-releases, sanctions and headlines from botched FOIA responses.
FAQ
What happens if I release with a visual-only redaction?
The requester (or anyone else) can extract the hidden content. Agencies have been ordered to re-release, faced media coverage, and in some cases been sanctioned by oversight bodies.
Do I need to log the redactions?
Yes — most FOIA frameworks require an exemption justification per redaction or category. Keep the log with the file.
Can I refuse to release rather than redact?
Only if the entire document is exempt. Partial exemption means redact-and-release; full exemption means withhold-and-justify.
How long do I keep the unredacted original?
Per your agency's record retention policy — typically the lifetime of the related programme plus statutory minimum. Always secure storage.
FOIA redaction has zero tolerance for shortcuts. Use a tool built for the job and document the workflow.