resources > Toolkit > Proactive measures
Legal Issues and Public Records Requests
Legal Issues
If applicable, make sure the person knows they have the right to legal consultation with the university’s general counsel. Make sure it is clear that they may receive legal advice from general counsel, but that some legal action may require a privately retained attorney.
If a person seeks to take proactive civil legal action (such as in a case of defamation), they may need to engage with private counsel. Defamation cases are difficult to prove and require thorough investigation beyond the scope of many universities’ legal and administrative departments. Help to adjust the targeted person’s expectations and, if needed, assist them in identifying qualified outside counsel.
Public Records Requests
Work with your institution’s Office of Public Records and Legal Counsel to develop educational materials that can be distributed to faculty, researchers, and scholars.
- Include advice on email usage and records retention and how to prepare for possible requests under the Freedom of Information Act (FOIA). Public universities are considered state governmental bodies and are therefore subject to open records requests. Note that each state has different open records laws governing public access to state and local government records, so make sure to reference the relevant laws in your state. In your guide, include details such as:
- General information about FOIA requests and relevant laws in your state
- What to do if/when a request is received
- Whom to alert within the university
- Timeline and process for responding to a request
- Types of information that may be included in requests, such as emails, research documentation and data, or telephone and text records
- How to determine which records are encompassed by the request. There are limited exemptions for what is considered a public record. This list is a good place to start. Include a list of common exemptions that would be relevant to your institution, such as personal records, home addresses, personal email addresses, and home phone numbers of employees and their family members. Advise faculty that information will not be withheld or redacted unless they specifically request it.
- Develop a guide for faculty email usage and records retention. Encourage faculty to use university email accounts for work-related emails and to keep personal emails separate. Note that forwarding university email to personal email accounts may introduce risk and liability. Include information on how long deleted emails remain on the university’s servers.
- Distribute FOIA educational materials and email usage and record retention guidance to relevant university members.
- When Freedom of Information Act (FOIA) requests are received:
- Work with general counsel by explaining the larger context surrounding the request. Consider whether it is appropriate to ask for clarification on the scope of the request. Assuming requests are in good faith without an appropriate assessment of the threat landscape may be risky.
- Allow the impacted researcher(s) to review anything that your institution plans to share so that they can offer suggestions for protecting colleagues and other collaborators. Including researchers in discussions about response efforts and communication plans reinforces trust within teams.
- When institutions respond to requests by turning over more information than is requested (i.e. without going through a process of clarification or discernment), they may see more follow-up and inadvertently increase risks to targeted person(s).
- Inform communications staff so that they can create messaging to prepare for the possibility of increased intimidation or harassment following request. It is essential for communications staff to understand the consequences of researcher abuse and the larger context surrounding the specific incident before formulating a communications strategy.