Get legal help

Stay Informed With LSC

7.1 Baseline for Records Management – Electronic Records

Needed capacities or functions -  Electronic Records

  1. Filing of all electronic records, retaining them in accordance with the program's defined retention policies, assuring their accessibility, and properly disposing of them when appropriate. Potential records in question include: 

    1. all data files across systems (e.g., accounting, case management, grants management); 

    2. electronic case-related documents; 

    3. email messages; 

    4. instant messaging (where used); and 

    5. transcribed or recorded telephone messages and conversations. 

  2. Policies that govern permissions or access rights to electronic files, including the right to view, edit, move, or rename files. An organization should grant the appropriate level of access to folders and cases on an as-needed basis (e.g., by area of work) to protect client privacy, reduce the risk of accidental data leaks, and reduce the damage from potential ransomware attacks. 

  3. Policies that clearly define the correct repositories in which each type of electronic record must be kept, as well as procedures to review and audit repositories and records for compliance. 

  4. For LSC grantees, the records management system must comply with LSC and all other legal requirements for maintaining records, including the confidentiality of client records and access for LSC reporting and reviews. 

Important Considerations and Best Practices 

As a best practice, organizations should apply permissions based on the principle of least privilege ("PoLP"), which is an information security concept that means a user should only have access to the specific data, resources, and applications needed to complete required tasks. 

Records management should be undertaken with an awareness of the growing convergence between records management (all records), case management (data associated with a case or matter), and knowledge management (specific content that needs to be identified and made accessible on demand). 

SMS messaging is an increasingly important means of interacting about legal work in law offices and may involve information and analysis relevant to a case. Such messages that contain case-related information need to be made a part of the electronic case file. Organizations should develop a governance policy that helps case handlers determine when such messages need to be made a part of the electronic case file and ensure that case-related information is streamlined to the case management system ("CMS"), if SMS messaging is not already integrated with the CMS. 

Document management systems ("DMS") can significantly improve an organization's ability to monitor and enforce record retention policies through document auditing features, reporting, and metadata analysis. 

Useful websites, resources, and other tools