FOIA Redaction Guide: Exemptions and Best Practices

The Freedom of Information Act (FOIA) gives the public the right to request access to records from any federal agency. Agencies are required to disclose records unless they fall under one of nine specific exemptions. When a record contains both releasable and exempt information, the agency must redact the exempt portions and release the rest.

FOIA redaction is not optional — it is a legal obligation with specific requirements for how redactions are made, coded, and documented. Doing it wrong invites appeals, litigation, and public criticism. This guide covers what government professionals need to know to handle FOIA redaction properly.

The Foundation: FOIA's Presumption of Disclosure

FOIA operates on a presumption that government records should be available to the public. Agencies bear the burden of justifying any withholding. This means:

Redaction should be as narrow as possible — redact only the specific information that is exempt
Reasonably segregable information must be released — if a document contains both exempt and non-exempt material, the non-exempt portions must be disclosed
Every redaction must cite a specific exemption — there is no general authority to withhold

This presumption shapes every redaction decision. When in doubt, the default is disclosure.

The 9 FOIA Exemptions

FOIA provides nine exemptions that permit (and in some cases require) withholding of specific categories of information. Each exemption has its own scope, case law, and application standards.

Exemption 1: Classified National Security Information

Protects information that is properly classified under Executive Order 13526 (or its successor) in the interest of national defense or foreign policy. The classification must be:

Made by an authorized original classification authority
Based on a determination that unauthorized disclosure could reasonably be expected to cause damage to national security
Properly marked

Redaction notes: Exemption 1 redactions are typically reviewed by agency classification officers. Declassification review may be required for older documents.

Exemption 2: Internal Personnel Rules and Practices

Protects information related solely to the internal personnel rules and practices of an agency. The Supreme Court narrowed this exemption in Milner v. Department of the Navy (2011) to apply only to records relating to employee relations and human resources matters.

Redaction notes: This exemption is more limited than many agencies historically applied it. It does not cover internal procedures unrelated to personnel matters.

Exemption 3: Information Exempt Under Other Statutes

Protects information that is specifically exempted from disclosure by another federal statute, provided that statute:

Requires withholding in a non-discretionary manner, or
Establishes particular criteria for withholding or refers to particular types of matters to be withheld

Redaction notes: The specific statute must be cited alongside the Exemption 3 claim. Common statutes include the National Security Act, the Tax Reform Act (26 U.S.C. 6103), and the CIA Act.

Exemption 4: Trade Secrets and Confidential Commercial Information

Protects trade secrets and commercial or financial information obtained from a person that is privileged or confidential. Following the Supreme Court's decision in Food Marketing Institute v. Argus Leader Media (2019), information is "confidential" if it is:

Customarily kept private by the person providing it, or
Provided under an express or implied assurance of confidentiality

Redaction notes: Agencies must typically notify submitters of potential release (submitter notice process) and allow them to object before disclosing information claimed under Exemption 4.

Exemption 5: Inter-Agency or Intra-Agency Memoranda

Protects inter-agency or intra-agency memoranda or letters that would not be available by law to a party other than an agency in litigation. This encompasses several privileges:

Deliberative process privilege: Protects pre-decisional, deliberative communications (draft documents, policy discussions, recommendations)
Attorney-client privilege: Protects confidential communications between an agency and its attorneys
Attorney work product: Protects materials prepared in anticipation of litigation

Redaction notes: This is one of the most frequently invoked and most frequently challenged exemptions. Factual material within deliberative documents must be segregated and released unless it is inextricably intertwined with the deliberative content.

Exemption 6: Personal Privacy

Protects information about individuals in personnel, medical, and similar files when disclosure would constitute a clearly unwarranted invasion of personal privacy. The standard requires balancing the privacy interest against the public interest in disclosure.

Redaction notes: This is the most common exemption used in FOIA redaction. It covers names, addresses, Social Security numbers, medical information, financial data, and other personal details of individuals mentioned in government records.

Exemption 7: Law Enforcement Records

Protects records or information compiled for law enforcement purposes, but only to the extent that production could:

(A) Interfere with enforcement proceedings
(B) Deprive a person of a right to a fair trial or impartial adjudication
(C) Constitute an unwarranted invasion of personal privacy
(D) Disclose the identity of a confidential source
(E) Disclose law enforcement techniques and procedures
(F) Endanger the life or physical safety of any individual

Redaction notes: Each sub-exemption has distinct requirements. Exemption 7(C) is the law enforcement equivalent of Exemption 6 but applies a lower standard (invasion of personal privacy, not "clearly unwarranted" invasion).

Exemption 8: Financial Institution Information

Protects information contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions.

Redaction notes: This exemption is narrowly applied to financial regulatory agencies (OCC, FDIC, Federal Reserve, etc.).

Exemption 9: Geological Information

Protects geological and geophysical information and data, including maps, concerning wells.

Redaction notes: This is the most rarely invoked FOIA exemption. It applies almost exclusively to oil and gas well data.

Proper Redaction Coding

Every redaction in a FOIA response must be coded with the specific exemption justifying the withholding. This coding serves multiple purposes:

It informs the requester why specific information was withheld
It provides the basis for any appeal or litigation
It demonstrates the agency's compliance with FOIA requirements

Coding Format

Standard redaction coding includes:

The exemption number (e.g., "b(6)" for Exemption 6, "b(7)(C)" for Exemption 7(C))
Placed near or within the redaction mark
Visible to the requester in the released document

Example: A redacted name might appear as a black bar with "(b)(6)" printed on or next to it.

Multiple Exemptions

Some information may be withheld under more than one exemption. When this occurs, all applicable exemptions should be cited. For example, a confidential source's name in a law enforcement file might be redacted under both Exemption 7(C) (privacy) and Exemption 7(D) (confidential source).

Consistency

The same type of information should be coded consistently throughout the response. If you cite Exemption 6 for personal privacy on page 1, use the same exemption for the same type of information on page 100. Inconsistent coding invites questions and challenges.

FOIA Processing Workflow

A well-organized FOIA redaction workflow improves efficiency and reduces errors.

Step 1: Record Collection

Gather all records responsive to the request from relevant offices and systems. This may involve searching multiple databases, email systems, and physical files.

Step 2: Initial Review

Review all responsive records to identify information that may be exempt. Flag documents that need redaction and those that can be released in full.

Step 3: Exemption Analysis

For each flagged item, determine which exemption applies and whether the information is partially or fully exempt. Consult with agency counsel for complex privilege determinations.

Step 4: Redaction

Apply redactions with proper exemption coding. Use tools that perform permanent redaction — not visual overlays.

For PII redaction (names, SSNs, addresses under Exemption 6), AI-powered tools can automate detection across the entire document set. AI-Redact detects 40+ types of personally identifiable information automatically, which is particularly useful for large FOIA productions where PII is scattered across hundreds of pages.

Step 5: Segregability Review

Review each redacted document to ensure that all reasonably segregable non-exempt information has been released. Redacting an entire page when only one paragraph is exempt is a common error.

Step 6: Quality Assurance

Have a second reviewer verify that:

All redactions are properly applied (not just visual overlays)
All redactions are properly coded
Non-exempt information is not over-redacted
Exemption coding is consistent throughout

Step 7: Response Preparation

Prepare the response package including:

Released records (with redactions)
A cover letter explaining the scope of the search and any exemptions applied
Information about the requester's appeal rights

Step 8: Administrative Appeal (If Filed)

If the requester appeals, the agency must conduct a de novo review of the redaction decisions. This means re-evaluating each redaction to determine if it is still justified.

Common FOIA Redaction Mistakes

Over-Redaction

Redacting more than necessary is the most common complaint from FOIA requesters and the most frequent basis for successful appeals. Common over-redaction patterns include:

Redacting entire paragraphs when only a single sentence is exempt
Redacting publicly available information (published names, public meeting attendees)
Applying exemptions too broadly (e.g., redacting all names under Exemption 6 without conducting the required balancing test)

Failure to Segregate

FOIA requires disclosure of reasonably segregable portions of records. Withholding an entire document because some portions are exempt violates this requirement unless the non-exempt portions are so intertwined with exempt material that segregation is not feasible.

Missing Exemption Codes

Every redaction must cite a specific exemption. Redactions without exemption codes are technically non-compliant and provide the requester with no basis to evaluate the withholding.

Improper Technical Redaction

Using visual overlays (black boxes, white-out, font color changes) instead of true redaction. This is both a security failure and a FOIA compliance failure. The underlying text is still present and can be extracted.

Inconsistent Treatment

Redacting the same name on one page but not another, or citing different exemptions for the same type of information in different documents. Inconsistency undermines the credibility of the entire redaction effort.

Not Documenting the Decision Process

Agencies should document their redaction rationale, particularly for close calls. If a redaction is challenged, the agency needs to be able to explain its reasoning. Undocumented decisions are harder to defend on appeal.

Handling Appeals

When a FOIA requester appeals redaction decisions, agencies should:

Conduct a Genuine De Novo Review

An appeal is not a rubber stamp of the initial determination. A senior official should re-evaluate each redaction independently. Some initial redactions may be sustained; others may be overturned.

Apply the Foreseeable Harm Standard

The 2016 FOIA Improvement Act requires agencies to demonstrate that disclosure would cause a foreseeable harm to an interest protected by the exemption. A theoretical possibility of harm is not sufficient. This standard applies to the appeal review.

Consider Discretionary Disclosure

Even if an exemption technically applies, agencies have discretion to release the information unless prohibited by law (Exemptions 1, 3, and some aspects of 4 are non-discretionary; others are discretionary). Agencies are encouraged to make discretionary disclosures when possible.

Provide a Detailed Response

The appeal response should explain the basis for each redaction that is sustained and identify any redactions that are overturned. A detailed response reduces the likelihood of litigation.

Technology Solutions for FOIA Processing

AI-Powered Redaction

AI tools significantly reduce FOIA processing time, particularly for Exemption 6 (personal privacy) redactions. Instead of manually scanning every page for names, SSNs, and addresses, AI detection identifies them automatically.

AI-Redact is designed for this use case:

Detects PII automatically across entire document sets
Applies consistent redaction rules
Generates audit trails documenting what was redacted and when
Handles scanned documents with OCR
Processes documents in batches

Document Management Systems

Agencies that process high volumes of FOIA requests benefit from dedicated FOIA case management systems that track requests, manage deadlines, and organize responsive records.

OCR for Older Records

Government archives often contain scanned documents that require OCR before text-based redaction can be applied. Look for tools that include OCR as part of the redaction workflow.

Frequently Asked Questions

Can a requester appeal every redaction?

Yes. FOIA gives requesters the right to administratively appeal any adverse determination, including redaction decisions. After exhausting administrative appeals, requesters can file suit in federal district court.

How long does an agency have to process a FOIA request?

The statutory deadline is 20 business days from receipt. However, agencies can claim "unusual circumstances" extensions of up to 10 additional business days. Many agencies have significant backlogs that extend processing times well beyond statutory deadlines.

What is a Vaughn Index?

A Vaughn Index is a detailed, document-by-document justification for withholding or redacting information, typically required by courts in FOIA litigation. It is named after the D.C. Circuit case Vaughn v. Rosen (1973). The index must describe each withheld document, identify the exemption claimed, and explain how disclosure would harm the interest the exemption protects.

Can we charge requesters for redaction costs?

FOIA allows agencies to charge for search time and duplication costs, but not for review or redaction time, for most requester categories. Fee waivers are available when disclosure is likely to contribute significantly to public understanding.

What about state-level public records requests?

Every state has its own public records law (often called "sunshine laws" or "open records laws") with its own exemptions and procedures. While the principles are similar to federal FOIA, the specific exemptions, deadlines, and appeal procedures vary by state.

Conclusion

FOIA redaction requires balancing transparency with the protection of legitimately exempt information. The key principles are: redact narrowly, code every redaction, document your reasoning, and use tools that perform true permanent redaction.

For agencies processing large volumes of requests, AI-powered tools can dramatically accelerate Exemption 6 PII redaction while maintaining the consistency and auditability that FOIA compliance requires.