For
Official Use Only (FOUO)
And Similar Designations
For Official Use Only (FOUO) is a document
designation, not a classification. This designation is used by Department of Defense and a
number of other federal agencies to identify information or material which, although
unclassified, may not be appropriate for public release.
There is no national policy governing use of
the For Official Use Only designation. DoD Directive 5400.7 defines For Official Use Only
information as "unclassified information that may be exempt from mandatory release to
the public under the Freedom of Information Act (FOIA)." The policy is implemented by
DoD Regulation 5400.7-R and 5200.1-R.
The For Official Use Only designation is also used by CIA,
Homeland Security, and a number of
other federal agencies, but each agency is responsible for determining how it shall be
used. The categories of protected information may be quite different from one agency to
another, although in every case the protected information must be covered by one of the
nine categories of information that are exempt from public
release under FOIA.
Some agencies use different terminology for
the same types of information. For example, Department of Justice uses For
Official Use Only but adds the words Law Enforcement Sensitive, abbreviated
FOUO-LES. Department of Energy uses Official Use Only
(OUO). The National Geospatial-Intelligence Agency uses Limited
Distribution. Department of State uses Sensitive But Unclassified (SBU), formerly called Limited
Official Use (LOU). The Drug Enforcement Administration uses DEA Sensitive. In all cases
the designations refer to unclassified, sensitive information that is or may be exempt
from public release under the Freedom of Information Act.
The fact that information is marked FOUO or
any comparable designation does
not mean it is automatically exempt from public release under FOIA. If a request for the
information is received, it must be reviewed to see if it meets the FOIA dual test: (1) It
fits into one of the nine FOIA exemption categories, and (2) There is a legitimate
government purpose served by withholding the information. On the other hand, the absence
of the FOUO or other marking does not automatically mean the information must be released
in response to a FOIA request.
Statutory/Regulatory
Responsibilities & Obligations
Each government department or agency defines
what information shall be protected and how its protected information shall be handled.
The procedures for marking, safeguarding, and controlling access to FOUO and
comparable categories of information are very similar for all the agencies,
but there are some individual differences. The following information pertains only to Department of Defense FOUO information. When
dealing with comparable information from another department or agency,
check with the originator regarding appropriate handling.
Access to FOUO
Information
FOUO information may be disseminated within
the DoD components and between officials of the DoD components and DoD contractors,
consultants, and grantees as necessary in the conduct of official business. FOUO
information may also be released to officials in other departments and
agencies of the executive and judicial branches as needed for a lawful and
authorized government purpose.
Special procedures govern the release of
FOUO information to Congress and the General Accounting Office (GAO).
Special procedures are also required before NGA Limited Distribution
information may be provided to any foreign government.
The final responsibility for determining
whether an individual has a valid need for access to information designated
FOUO rests with the individual who has authorized possession, knowledge or
control of the information and not on the prospective recipient.
Marking FOUO Information
Unclassified documents and material
containing FOUO information shall be marked as follows:
This document contains
information exempt
from mandatory disclosure under the FOIA.
Exemption(s) _ apply.
When FOUO information is
contained within a classified document, the same rules apply except that
full pages that contain FOUO information
but no classified information shall be marked FOR OFFICIAL USE ONLY at both the top and bottom
of the page.
Safeguarding FOUO Information
FOUO information should be handled in a
manner that provides reasonable assurance that unauthorized persons do not gain access.
During working hours, reasonable steps should
be taken to minimize risk of access by unauthorized personnel. After working hours, FOUO
may be stored as a minimum in unlocked containers, desks or cabinets if government or
government-contract building security is provided. If government or government-contract
building security is not provided, it must be stored at a minimum in a locked desk, file
cabinet, bookcase, locked room, or similar place.
FOUO documents and material may be
transmitted via first class mail, parcel post, or -- for bulk shipments -- fourth class
mail.
Electronic transmission of FOUO
information, e.g., voice, data or facsimile, and e-mail, shall be by
approved secure communications systems or systems utilizing other protective
measures such as Public Key Infrastructure (PKI), whenever practical. FOUO information may be put on an Internet web site only if access to
the site is limited to a specific target audience and the information is encrypted. See Pre-Publication Review of Web Site Content.
FOUO documents may be destroyed by any of
the means approved for the destruction of classified information, or by any
other means that would make it difficult to recognize or reconstruct the
information.
Enforcement
Administrative penalties may be imposed for
misuse of FOUO information. Criminal penalties may be imposed depending on the actual
content of the information (privacy, export control, etc.).
Legal & Regulatory Authorities
5 USC 301 - Departmental Regulations
DoD Regulation 5200.1-R - The Information Security Program
DoD Directive 5400.7 - The Freedom of Information Act (FOIA) Program
DoD Regulation 5400.7-R The DoD Freedom of Information Act Program
DoD Regulation 5400.11-R Department of Defense Privacy Program
|