4 Simple Tips to Completely Optimize Your FOI Request Process

Post Date: 10/29/2018
feature image

Want to ensure that every data migration you have falls within regulations? Learn how by registering for our free upcoming webinar “Compliant Migration with DocAve Migrator” today!

The Freedom of Information Act (FOI) requests within Australia follow a very similar approach to GDPR’s Data Subject Access Request (DSAR). a previous post covering DSARs, we saw that a complex request may cost organizations close to $315,000 USD.

The challenges with handling such requests is mainly due to three factors:

  1. The amount of data an organization generates over a period of time,
  2. The review costs associated with the request, and
  3. The time and effort behind the review/validation process.

As a company grows both business-wise (client data, information, etc.) and in number of employees, its volume of data will naturally increase over the years. Without proper compliance policies in place, it becomes even harder to find what you are looking for if you receive such a FOI/DSAR request.

FOI Requests, Costs and Charges 1982-2017

Looking at the Australian Bureau of Statistics’ dataset, the estimated costs and charges for FOI requests from 2016-2017 is around 44 Million AUD. Compared to the seven-digit numbers of previous years, it’s evident that the government is only having to pay more for each request.

As review time, disclosure requests and the cost to respond to these requests are all increasing, having good information management practices in place is essential. This isn’t only a significant factor for responding to individual requests, but also from a compliance and records management perspective.

4 Tips for Successful FOI/DSARs

1. Accurately classify all of your data.

In a previous article we went in-depth on how identifying or labeling data as soon as it is created/received within an organization is one of the key pillars of successful information management. Classifying documents based on the type of information (sensitive, personal, confidential, etc.) or even the topic (reports, presentations, project XYZ, etc.) reduces the amount of time needed to search through and respond to a FOI/DSAR request.

2. Know how your data is being shared/converted.

In the case of the FOI/DSAR process, it’s also important to mention that understanding how data is shared or transferred across different systems is a key factor. Data often comes in one format (excel, tables, databases) and can sometimes end up in totally different format (email, word, excel, presentation, etc.) and even be shared outside your organization (other government agencies, 3rd party vendors, etc.).

3. Avoid data duplication.

Organizations often focus on data stored in systems like databases, but in many cases the same information for an individual may be found in your email and stored on your desktop or file share system. Not only does this lead to duplication of data (which is costly and inefficient), but it also leads to a potentially higher risk exposure depending on the type of information.

Enterprise Risk Management allows organizations to easily understand the lifecycle, location and usage of data as well as its implications to various acts, laws, regulations and standards.

4. Implement a data mapping process.

Many organizations would benefit from having a data mapping process in place that allows them to quickly and easily understand the kind of data that is shared throughout different systems, processes and entities. This would allow you to surface locations where using an automated data discovery process can easily help you identify the information an individual has instantiated via FOI/DSAR.

Compliance Guardian allows organizations to scan for data both on-premise as well as cloud systems and quickly report on FOI/DSAR requests.

If your organization is having challenges with meeting FOI/DSAR requests and would like to see how AvePoint’s Compliance Solutions can help, you can find more information on AvePoint Compliance Guardian on our website, or get a live demo!

Want more articles on data compliance from industry experts? Be sure to subscribe to our blog!


During his tenure as a Senior Compliance Technical Specialist at AvePoint, Esad was responsible for research, technical and analytical support on current as well as upcoming industry trends, technology, standards, best practices, concepts and solutions for information security, risk analysis and compliance.

View all posts by Esad I.

Subscribe to our blog