Frequently Asked Questions

This section provides an overview on questions that commonly come up concerning confidentiality releases, U.S. Federal Laws on confidentiality, record retention and deletion, mandatory reporting, the use of surveillance cameras, answering subpoenas and much more. For ease, this section is set up in an easy-to-read question and answer format.

Frequently Asked Questions

Do we need a release from survivors to put their personal information in our organization’s database?

Releases are only required when sharing information outside your agency, but your agency should have full ownership of the database and must ensure that it cannot be accessed by anyone else. Additionally, best practice is to always get consent by a survivor, or at least provide notice, for all the ways their personal information may be used. Survivors should be fully informed of the agency's data collection processes and of the risks and the uses of databases.

Organizations should analyze what information is being collected and for what purposes. Some organizations do a periodic assessment of their forms and database to ensure that they are only collecting the minimal information required to provide the requested services. This both minimizes the work for advocates and respects the privacy of survivors.

It is also important for agencies to think through all data collection and maintenance processes. Databases should be maintained by and within individual agencies.  It is important to safeguard computers to protect victims' personally identifiable information. For example, many local programs keep sensitive client-level information on computers that are not connected to the Internet. Programs that need to use cloud-based databases should have the data encrypted (locked) and only the program's staff holds the encryption key.  For more information on databases, see NNEDV's resources on databases and confidentiality at or email This email address is being protected from spambots. You need JavaScript enabled to view it..