How Varonis Helps Agencies Avoid the Pain and Penalties of Public Record Requests

Freedom of Information (FOI) requests are one of the ways that public organizations are held accountable by the media and the members of the community they serve. FOI laws require...
Michael Buckbee
4 min read
Last updated October 21, 2021

Freedom of Information (FOI) requests are one of the ways that public organizations are held accountable by the media and the members of the community they serve. FOI laws require public organizations (i.e., government offices, public colleges, universities, and schools, for example) to release documents concerning a current issue or court case. FOIA.gov says, “The basic function of the Freedom of Information Act (FOIA) is to ensure informed citizens, vital to the functioning of a democratic society.”

In short, you issue an FOI request, a government official processes that request and finds the documents, redacts the documents to secure privacy, and then sends them to you.

A free press needs FOI laws to provide accountability to government organizations. FOI requests are vital to facilitate legal discovery and litigation. There is no argument against FOI in principle. However, FOI requests present a budgetary, legal, and procedural challenge to the governments that have to fulfill them.

Challenges Managing FOI Requests

State and local governments face budgetary pressures to cut costs, but managing FOI requests counter those efforts in several ways. Depending on the state laws, failure to respond to FOI requests in the legislated time could lead to hefty fines for the state organization, and governments may even be responsible for paying the legal fees of the parties that made the FOI requests. These laws vary from state to state.

Here is an example of how FOI laws can be “weaponized” to drain an agency of time and money.

Unscrupulous lawyers submit FOI requests and, in parallel, file an empty lawsuit to subpoena the same data they requested in the FOI requests. In most cases, the people who respond to FOIs are not the same people who respond to subpoenas, and they frequently have access to different datasets. When two different results sets are returned, the shady lawyer will pinpoint the discrepancies, launch a lawsuit, and seek compensation via the FOI Act for failure to disclose everything. Additionally, trends show that FOI requests have increased in recent years and threaten to bog down state agencies in the document gathering and redaction process.

All of these factors create a feedback loop on an already bogged down FOI system. More FOI requests mean potentially more fines, which means more financial stress upon governments.

Let’s check out a totally fictitious FOI request and show how Varonis can help make the process simpler.

How Would You Manage an FOI Request?

Scenario. A local investigative reporter is looking into allegations of institutional grade-fixing to keep athletes eligible despite not attending classes. The reporter submits an FOI request for all correspondence and records for these anomalous classes over the past thirty years.

To fulfill this request, someone has to search for all the documents (emails, grade records, evaluations, term papers, etc.) involving anyone that worked for or took those classes at the institution.

Searching databases is pretty simple. It’s the unstructured data that’s the real killer. In our example, the grades and attendance records might exist in a central database, but the syllabi and assignments don’t. The sheer volume of data required to search and the number of systems you have to search doesn’t make a nice linear curve, and that is for just one name. Imagine how many names they might need to search in our scenario?

How Does Varonis Help With FOI Requests?

Varonis DatAnswers is a powerful search engine that can help teams fulfill FOI requests quickly and accurately. DatAnswers lets users search an index of unstructured data in their organization and makes it easy to export a list of matched files, so people working on FOI requests can grab the files they need to fulfill the request quickly from all available datasets at once.

DatAnswers adds context to data, building search results with more than just keyword matching. It’s an intelligent search engine that is fueled by Varonis’ unique metadata and contextual signals to produce better search results. Before you enter the search in DatAnswers, Varonis knows what data you have, where that data lives, who has access to that data, and which data is sensitive. We use sophisticated logic to ensure you get high-fidelity results with few false positives and we surface results fast.

For our scenario, all you’d have to do is type the list of students into DatAnswers, and Varonis will instantly search across your cloud and on-prem data stores to get your results. Once the search is complete, you can filter, copy, or export the results to process them.

 

“I call DatAnswers the ‘search engine’ of Varonis. When a user doesn’t know exactly where they put a sensitive file, we use DatAnswers to track it down. We also use DatAnswers for all of our legal team’s searches. I appreciate the ease and functionality of being able to do that through a web browser.”

– Network Admin, Regional Healthcare Provider

Before results are sent to the requestor, the government agency must ensure that they’re not disclosing any confidential information. Data Classification Engine continuously discovers sensitive unstructured and semi-structured data on-premises and in the cloud (on Windows servers, NAS devices, SharePoint, UNIX/Linux servers, and Office 365 (OneDrive and SharePoint Online), with support for file types such as .doc, .pptx, .xlsx, .zip, .rar, .pdf and many more.)

Varonis contains a pre-built library of almost 50 built-in rules and more than 400 patterns for all of the common laws and standards (HIPAA, SOX, PCI, GDPR, and more). Our classification engine goes beyond regular expressions and includes pre-built databases of known-valid values, proximity matching, negative keywords, and algorithmic verification to generate high-fidelity results.

Even more granular Policy Packs help agencies discover personal information related to GDPR & CCPA and federal-specific information that’s top-secret, secret, or confidential.

  • Policy Pack is an ever-expanding library of accurate and comprehensive rules to find and protect GDPR and CCPA data. Varonis has over 340 GDPR patterns alone, covering all of the EU nations.
  • Federal Policy Pack builds on the Data Classification Engine with patterns built specifically to identify top secret, secret, and confidential documents, as well as controlled unclassified information (CUI) and other sensitive government forms.

With all this information in one interface, FOI requests are faster and easier to process.

If needed, Data Transport Engine can securely move relevant files for a FOI request to a single working folder where you can process the data before sending it back to the requestor.

These aren’t the only benefits of using the Varonis Data Security Platform. You also get full-service data protection and compliance functionality with built-in threat detection and analytics capability. Not only can you deal with FOI and public records requests more easily, but you can also protect your data and prevent unauthorized access to your non-public information.

Check out a demo to see exactly how Varonis can help you!

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

what-is-fisma-compliance?-regulations-and-requirements
What is FISMA Compliance? Regulations and Requirements
FISMA is the federal government’s security requirements. If you work for on with a federal agency read on to learn how to get (and stay) compliant.
cybercrime-laws-get-serious:-canada’s-pipeda-and-ccirc
Cybercrime Laws Get Serious: Canada’s PIPEDA and CCIRC
In this series on governmental responses to cybercrime, we’re taking a look at how countries through their laws are dealing with broad attacks against IT infrastructure beyond just data theft....
canada’s-pipeda-breach-notification-regulations-are-finalized!
Canada’s PIPEDA Breach Notification Regulations Are Finalized!
While the US — post-Target, post-Sony, post-OPM, post-Equifax — still doesn’t have a national data security law, things are different north of the border. Canada, like the rest of the...
understanding-canada:-ontario’s-new-medical-breach-notification-provision-(and-other-canadian-data-privacy-facts)
Understanding Canada: Ontario’s New Medical Breach Notification Provision (and Other Canadian Data Privacy Facts)
Remember Canada’s profusion of data privacy laws? The Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that covers all commercial organizations across Canada. Canadian federal government agencies,...