« Back to all blogs

5 Ways Law Enforcement Agencies Can Prevent Records Requests Lawsuits

Image of policeman talking on the phone

Imagine opening your email one morning to see the subject line you’ve been dreading: “Legal Notice Regarding Records Request Lawsuit.” Your heart sinks.

The lawsuit claims a violation of public records laws, citing delays, mishandling of CJIS data, or a refusal to release key information. Now, your department’s reputation is at stake, and you’re facing potential fines, compliance penalties, and months of legal battles.

But that email isn’t inevitable.

Law enforcement is under more of a magnifying glass than a lot of other agencies,” said JustFOIA Solution Consultant Brittany Turner. “But there are things they can do to be ready.”

Brittany has over a decade of experience working alongside government agencies and correctional facilities. In this article, she shares strategies that law enforcement can use to prevent costly legal missteps and—hopefully—stop lawsuits before they start.

You will learn how to:

  • Prepare for potentially controversial requests.
  • Secure sensitive information and avoid breaches.
  • Maintain positive relationships with requesters.

1. Plan for Controversy

Controversy—such as a high-profile criminal case or alleged officer misconduct—can bring on a flood of records requests that are difficult for your agency to handle. The increased volume, combined with media scrutiny or public outcry, makes it more likely that a request will get delayed and result in litigation.

Strategies to plan for controversy include:

  • Identify Potentially Controversial Records in Advance: Review internal case records, incidents, and other documents that may generate significant public interest or criticism. Knowing which records could trigger controversy allows you to prepare responses, preemptively redact records, and release them before the requests even begin to come in.
  • Develop Response Protocols: High-profile incidents should be considered in your disaster preparedness and emergency response plan. Create a detailed communications outline for responding to high-profile requests. Ensure staff are trained on how to handle these records with the appropriate level of care, considering privacy, legal implications, and public impact.
  • Set Clear Communication Channels: When dealing with controversial records, have a communication plan in place that ensures consistent messaging, both internally and with the public. This reduces the risk of miscommunication or conflicting information that can fuel lawsuits. “Have a designated point person to contact for inquiries,” Brittany said. “Media and FOIA inquiries are sometimes handled by different people or departments, so be sure your process is laid out clearly on your website.”
  • Deflect Repeat Requests: JustFOIA’s custom forms can help deflect repeat requests by directing requesters to existing publicly available records. By providing helpful links and resources within the form, agencies can guide users to self-service options, reducing the volume of duplicate requests and the risks associated with spikes in request volume.

2. Triple-Check Against Releasing PII or Sensitive Info

As a law enforcement agency, you maintain sensitive records beyond what other agencies deal with, like:

  • Criminal records and investigative data
  • Victim and witness information
  • Juvenile records
  • Medical records
  • Security and incident response protocols

“Some states have different privacy protections for law enforcement,” Brittany said. “New Jersey has Daniel’s Law to protect law enforcement and their family members, and New York recently mandated notifying public employees when their information is part of a request.”

Releasing confidential information to the public at large could be a costly mistake, both legally and ethically. Even unintentional data exposure can lead to lawsuits, fines, and a damaged reputation, so it’s crucial to have thorough safeguards in place before records are released.

Best practices for protecting sensitive information:

  • Implement Detailed Review Protocols: Ensure every records request undergoes a multi-step review process. Train staff to spot sensitive information that should be withheld under privacy laws, and incorporate multiple checkpoints into your workflows to catch any oversights.
  • Conduct Regular Audits: Perform routine audits on released records to check for potential errors in sensitive information handling. Use these audits to improve training, refine protocols, and ensure compliance with CJIS and your state’s open records requirements.
  • Verify Requester Identities: Sometimes information can be released to some parties, but not others. For instance, a crime victim may be entitled to more information about their own case than an outside party. Develop procedures for verifying that the person making the request is authorized to access the information. “In JustFOIA, you can enable an upload requirement for documentation alongside a request, such as a photo ID or authorization on letterhead,” Brittany said.
  • Leverage JustFOIA’s Redaction Tools: JustFOIA offers robust AI-enhanced redaction features that can detect and remove certain kinds of PII, like social security numbers or financial information, during the request process. JustFOIA allows multiple people to work on redactions simultaneously, as well as the option to save redactions as a draft for legal review prior to finalizing and generating an exemption log.
  • Check the Request Itself. Some agencies use records request systems that publish the request and the responsive documents publicly upon release. The problem is that frequently, requesters will include their personal information in the text of their request, regardless of the instructions from the agency. “I’ve seen agencies publish everything from driver’s licenses, Social Security numbers, addresses, dates of birth, things that you would not want out there, especially not in a nice little bundle,” Brittany said. “If you publish that, not only have you experienced a data breach, but you’re the one responsible for it.” JustFOIA allows you to easily overwrite the requester’s description to avoid releasing their personal information, and you can make a case-by-case determination as to what requests are published in your Public Portal.

3. Maintain Good Relations with Requesters

Building positive relationships with requesters can significantly reduce the risk of disputes and lawsuits. “There are two groups of requestors that have a statistically higher incidence of litigation: media and ‘frequent flyers,’” Brittany said.

“You don’t want to make requesters mad,” Brittany cautioned. “If you’re stonewalling requesters or creating unnecessary delays, even if it is unintentional or due to a backlog, they’re going to be understandably suspicious. In the case of media, that can potentially shape the way they portray your agency to the public. When managing FOIA requests, we need to keep our commitment to public service at the forefront of our process.”

Keeping those relationships positive means that when something tough happens in your community, you’re more likely to be met with patience as you prepare responsive records. This is bolstered by clear, consistent, and routine communication.

Here’s how to improve relations with requesters:

  • Acknowledge Requests Promptly: Always acknowledge records requests as soon as they are received to reassure requesters that their submission is being processed. This helps establish a positive tone for further interactions and reduces the perception of secrecy. JustFOIA automates this step by sending instant acknowledgment emails.
  • Set Clear Expectations: Provide realistic timelines for fulfilling requests and communicate any potential delays upfront. If the request is complex or requires extra time, keeping requesters informed can prevent frustration and reduce legal risks. “People are more understanding if you communicate where you are in the process,” Brittany said. “And in some states, as long as the agency is demonstrating that you’re doing your due diligence, the requester might not even have an avenue to appeal or file charges at that point.”
  • Offer Self-Service Options: When possible, direct requesters to an online portal where they can access frequently requested documents. This can reduce the number of new requests and make the process more efficient. Read how Bay County reduced their overall request volume by 23% with self-service.
  • Enable Real-Time Status Tracking: Providing requesters with real-time updates helps reduce the need for follow-up inquiries and minimizes the potential for misunderstandings. Requesters can use their JustFOIA Public Portal accounts to see the status of requests in real time.
  • Keep a Friendly Attitude: When you’ve heard from the same requester half a dozen times this month, it’s easy to become frustrated. But your attitude towards these “frequent fliers” can make all the difference, Brittany said. “If every time they call you, you say, ‘Oh hi so-and-so, what records are you looking for today?’ That’s going to be a very different experience than if you say, ‘What do you want? What now?’”

Brookhaven’s City and Police Work Together to Build Trust & Transparency

4. Vet Your Software Vendors

Selecting the right software for managing records requests helps you maintain compliance and prevent data breaches. The wrong choice can lead to accidental data leaks, missed deadlines, and potential lawsuits—so it’s critical to vet your vendors carefully.

How to choose a software that will protect you and your constituents:

  • Prioritize Compliance: A law enforcement agency’s FOIA solution needs to be compatible with HIPAA, CJIS, and your state’s open records laws. Since each state’s requirements are slightly different, choose a software that can be configured to meet your specifications. Confirm that the vendor has measures in place for regular compliance updates as regulations change.
  • Evaluate Security Protocols: Ask about encryption, access controls, single sign-on, and certifications like SOC 2. Strong data security measures help prevent unauthorized access to sensitive records and protect against potential breaches. Consider doing an online search for the software you’re considering to see if any vulnerabilities have been reported in the past.
  • Ensure Data Preservation: Think long-term when evaluating solutions. Who owns your data? Can you export it in a usable format? What happens to your data if you switch to another provider? You’ll need access to your data long-term to meet retention requirements, even if you switch between systems.

5. Create Scalable Processes

The Bakersfield, CA, Police Department used to have a single person responsible for all records requests, and no one else really understood how their process worked. As their number of requests increased over time, it became unsustainable. The result? They built up a backlog of 1,200 past-due requests.

Standardized, scalable processes help you manage records requests efficiently and consistently. After they partnered with JustFOIA to improve their request management, Bakersfield PD reduced their backlog by 75% within four months.

Build scalable processes for request management by:

  • Keeping Good Records: If a request comes in for data that you should have readily available, but don’t, you’ll have a hard time releasing the records on time. Brittany gave the example of a correctional facility that is required to keep a record of average daily population. “Keep that information compiled in a way that’s accessible and logical, rather than waiting until you get a request for it,” she recommended.
  • Standardizing Request Intake: Develop a clear, step-by-step intake process for all records requests. Consistent intake ensures that each request is documented, tracked, and processed in a systematic manner.
  • Automating Routine Tasks: Repetitive tasks like acknowledging requests, logging data, and sending reminders can consume valuable time and lead to delays. Workflow automation reduces the risk of human error and speeds up response times.
  • Creating Templates for Common Requests: Having templates for frequently requested records or standard responses can significantly speed up processing times and maintain consistency. JustFOIA offers pre-built correspondence templates that can be tailored to your agency’s needs.
  • Monitoring and Refining Processes: Regularly review the efficiency of your request-handling processes to identify areas for improvement. Monitor metrics such as response times, error rates, and request volumes to adjust workflows as needed. JustFOIA’s analytics and reporting tools provide detailed insights into request handling.

About JustFOIA

Handling public records requests can be challenging for law enforcement agencies, especially when requests are complex or controversial. But by being proactive, transparent, and well-prepared, you can protect your agency from legal risks while building trust with your community. Implementing effective processes and using the right tools helps you prevent mistakes and respond efficiently.

JustFOIA offers law enforcement agencies a comprehensive records request management solution designed to simplify compliance and improve communication.

If you’re ready to enhance your records request management process, reduce risks, and maintain positive relationships with requesters, fill out the form below to contact us today!

Request More Information

Fill out this form to request a demo or more information about JustFOIA. We will respond within one business day. Please note: We do not process records requests for individuals – please contact the agency of record.

Complete this form and our team will contact you within one business day.