[Law Journal Newsletter] FOIA In 2025: Beat the Backlog, Avoid Lawsuits and Reduce Cyber Risk

A New Administration Likely to Repeat Old Patterns

Naturally, FOIA activity has always been shaped by the administration in power. The president not only sets the tone for transparency and accountability in government conduct — the very principles upon which FOIA is built — but also makes key decisions about resource allocation that directly impact agency efficiency.

The latter is particularly relevant for FOIA given the persistent backlogs and challenges agencies face in responding to requests within the mandated 20 business days.

As of Q3 2024, the Biden administration had over 222,000 backlogged requests — a 10% increase from the prior year. Larger requests (involving over 50 documents) often took up to two years. Frustrated requesters increasingly seek recourse through litigation, further straining agency resources.

Based on historical data, these conditions will likely worsen under the new administration. During President Trump’s first term, FOIA requests reached historic highs, fueled by journalists, advocacy groups, and regular citizens with a heightened interest in the inner workings of the government due to an unconventional president.

Transition years typically bring a flurry of FOIA activity as requesters pursue context on how appointees are vetted and look for signals of early policy shifts. The current year is no exception; agencies slated to get new leadership are already dealing with an influx of requests. Agencies in areas where Trump has signaled sweeping policy shifts (think: immigration and international relations) should also brace for a substantial surge.

Interestingly, the newly formed Department of Government Efficiency (DOGE) commission is not officially classified as an agency, meaning it’s currently exempt from FOIA requirements — an ironic loophole for an initiative designed to target efficiency challenges like FOIA backlogs. If DOGE ever becomes an official agency, we can expect to see a flood of FOIA activity there, too.

Amidst an impending rise in FOIA requests, Trump has already instituted a federal hiring freeze and promised to carry out workforce reductions as well, both of which threaten to exacerbate backlogs and litigation risks.

Ballooning Data Volumes, Types and Sources

Beyond surging requests and resource constraints, FOIA offices are also struggling with the complexity of today's data environments. Federal agencies are collecting more data than ever before in more formats than ever before, spread out across multiple surfaces.

A single FOIA request may require retrieving information from emails, phone calls, chat logs, video recordings, AI-generated summaries, and beyond. Outdated formats, such as handwritten documents or VHS tapes, add another layer of complexity since modern FOIA technology can’t reach them.

This fragmentation is compounded at the cross-agency level, where data silos hinder compliance. Each agency operates with its own systems and processes, making collaboration difficult. Meanwhile, increasingly savvy requesters submit expansive requests covering years of records across multiple formats and agencies, further taxing resources.

It doesn’t help that the definition of an agency “record” is broad. Famously, in 2023, a requester asked the FBI for a clip-on necktie belonging to infamous hijacker D.B. Cooper. The case roped the FBI into a time-consuming court case before the tie was discredited as a “record.”

The consequences of these data challenges are far-reaching. FOIA delays grow backlogs, erode public trust, and, again, expose agencies to litigation. Additionally, the costs of storing growing data volumes continue to rise, straining already limited budgets.

Growing Cybersecurity Risks

On that note, as agencies process and store increasing volumes of sensitive data, the risk of cyberattacks has never been higher.

Requesters’ rights to litigation mean that agencies must hold onto FOIA information within a statutory period, but FOIA requests often involve classified or personally identifiable information, making them attractive targets for cybercriminals. The growing sophistication of AI-powered attacks further amplifies these threats.

For agencies, a breach of FOIA data would significantly disrupt operations, drain resources for recovery efforts, and reduce public trust. To protect themselves, agencies must prioritize end-to-end cybersecurity for FOIA processes, which looks like implementing clear access controls, robust employee training, and, most importantly, leveraging technology with industry-leading security certifications. Cloud-based tools with FedRAMP certification, Department of Defense Impact Levels 5 and 6, and NIST 500-83 are the gold standard.

While AI can potentially drive nefarious cyber activity, it can also mitigate risks by automating threat detection and response and making FOIA e-discovery more targeted so that only essential sensitive data is collected, processed, and stored.

The Short and Long-Term Solutions for the Road Ahead

Secure, AI-powered solutions are not only relevant for data protection. Smart technology can also help across the complete scope of FOIA challenges. Outdated tools and manual processes are no match for the volume and complexity of modern requests; understaffed teams need advanced, end-to-end technologies to stay afloat.

In the short term, to prepare for the coming years, federal agencies should seek out FOIA solutions that streamline workflows, improve search and categorization, and enable precise redactions with quality controls to protect data and ensure accuracy. For best results, these tools should have built-in, AI-powered e-discovery capabilities, which expedite the retrieval of relevant data and the transformation of that data into the appropriate format (among the aforementioned security benefits).

Agencies must pair this technology with a tactical plan for managing backlogs. For example, some are prioritizing smaller, simpler requests up front to hit benchmarks or adopting a “request once, release broadly” approach — where frequently requested information is proactively disclosed — to reduce delays.

In the long term, tech standardization could significantly enhance FOIA efficiency. While the now-sunsetted FOIAonline platform once aimed to unify processes, it couldn’t keep pace with today’s volume and complexity. Revisiting such initiatives with modern technology, however, could provide a path forward — especially when it comes to cross-agency collaboration.

Overall, by embracing innovation and prioritizing cybersecurity, federal agencies can make strides towards delivering a more efficient, more secure FOIA experience — reducing risk and elevating government transparency.

Reprinted with permission from the February 2025 issue of Cybersecurity Law & Strategy. © 2025 ALM Global, LLC. Further duplication without permission is prohibited. All rights reserved.