It is important that your organization has a secure and robust database that will enable you to track a high volume of cases, maintain accurate records, identify conflicts of interest, and report to donors and others. This section will help you think about how to build a database, including considerations of what to include, how to manage conflicts of interest, advice for solo practitioners, and steps that you can take to ensure that your database is secure. Finally, it will supply links to some resources and sample databases.

Identifying your database needs

A database should be designed as early as possible in your operations because it will be hard to transfer data once cases accumulate. Although this may cost time in the beginning, it will pay off in the long term.

When designing your database, ensure it can accommodate future changes as your organization grows. While all your clients may come from one particular country and face specific, narrow legal challenges today, in five years you may have a much more diverse client base with a wider range of legal issues. The more rigid your database, the less likely it will be able to support your needs in a few years. You may wish to hire an IT professional to design your database, or you can design it yourself

Also, make sure your legal advocates understand that updating database information is just as important as any other work that happens in the office. Failure to track cases and clients is a violation of the Nairobi Code and will have a major negative impact on the lives of your clients and the reputation of your organization.

The following considerations will help you conceptualize what you need your database to do:


  • What kind of figures do your current and prospective donors and other stakeholders require? Will you have to discuss number of cases/clients/workshops/visits/etc.? If you already have reports ready, study them and jot down each type of information. If you don’t have reports, look at your proposals and annual plans, and the type of results you have promised to achieve.
  • Will you be submitting grant applications that could be strengthened with statistical analysis? What type of information might be useful? (e.g. number of girls helped, number of indirect beneficiaries, breakdown of services by nationality/ethnic group, etc.) Look at outstanding or past proposals to see the type of information you used, or that you wish you could have provided.
  • How will you measure success in your advocacy? How will you track this with your database?

Case management and tracking

  • What basic client information will you need? Think about information that you must include on forms, petitions, etc., as well as information you will need for day-to-day operations (phone numbers, addresses, email, etc.). Look at your intake forms, and any other forms that you or your clients fill out.
  • Can one client have more than one case? Do you need to track distinct cases in a different manner? For example, if John Doe has a pending RSD appeal, a resettlement case, and a labor violation case, should your database report this as 3 distinct cases, or simply one client helped? What type of information do you need for each case?
  • Can more than one legal advocate be responsible for activities for a particular client/case? If so, do you need your database to be able to record all the advocates who work on a particular case?
  • Do you want your database to show how many open cases each advocate has? What other types of information do you need to record regarding your legal advocates?


  • What are the major information security threats your organization faces? (Think about natural disasters, government intrusion upon your database, your clients’ agents of persecution, common crime, etc.)
  • What is your weakest security link?

Personal information fields

  • These fields should contain information such as name, country of origin, date of birth, date of arrival, languages spoken, contact number, file number, adjudicator file number, etc.
  • You should avoid repeating information (for example, having Country of Origin in both your client and your case tables), and try to break the information down to its most basic units (for example, “first name” and “last name” instead of simply name). This will allow you to perform more precise searches and avoid the confusion of duplicated information.
  • If you are working with names that are transcribed from another script, and therefore have several methods of spelling, you may want your database to be able to accommodate wildcard searches.
    • Wildcards allow you to search your database for something even when you are not sure of the exact spelling. For example, an * matches any group of characters so if you search J*n, the database will find John, Jon, but also Jason and Jasmin etc,, an ? matches 1 or 0 characters so if you search Jo?n the database would find John and Jon. You can find more information on wildcards here.
    • Alternatively, you could come up with an office policy for which spelling you use (e.g. name as transcribed on Asylum Seeker Card, or name as transcribed on passport).

Conflicts of interest

Your database is a good place to store information about conflicts of interest. It is also an important resource for you to search in order to establish whether you or someone in your organization has a conflict of interest with a potential client. You should keep as much information as possible about your cases in your database so that you can identify conflicts of interests. At a minimum, you should maintain a list of names of people you represented and people who were related to those cases. For example, if a lawyer in your office handles a case in which someone experienced persecution from their family as well as their community, you should include the names of that person’s family members and any other relevant people in your database. Make sure that the names are linked to the matter in which they were involved and to the other people who were related to that case in your database.

Also, it is important to note whether the person had a client, adversary, or third party relationship to your organization. This information will help you and your staff more quickly identify whether there is a conflict of interest.

Finally, the database should include information about the lawyers’ caseload in your organization. This will help ensure that your lawyers are maintaining their obligations to their former clients as well as their future ones.

Database security

Law firms and legal NGOs have increasingly become the targets of hackers. As a result, it is important that you work to secure your database. Some steps that you can take are:

  • Do not allow open access to your database.
    • Staff members who have access to the database should use unique user names and passwords.
    • Encourage your staff to chose complicated passwords or assign them ones.
    • You should limit, as appropriate, staff and volunteer’s database access privileges. Not all your staff members and volunteers should have access to the entire contents of your organization’s database.
    • When a staff member leaves, revoke access to the database promptly.
    • Ensure access can be revoked remotely in case of a security breach.
  • Use optional security features such as limiting the number of login attempts.
  • Regularly scan your database for vulnerabilities and misconfigurations.
    • Install patches to fix these problems.
  • Make regular back-ups of the database and ensure these are stored off site.

Advice for solo practitioners

Solo practitioners can also benefit from creating and using a database. If you feel that you do not need to invest the resources in building a complex database, you can create a simpler one using Microsoft Access. In these programs, you can create a table and label the columns with the case number, date, contact, matter type, files status, related people, and miscellaneous information. Then, you can input information about each of your cases into this table. The advantage of creating a database is that it is easier to search it for information about your clients and conflicts of interest.

Regardless of the kind of database that you use, it is important that solo practitioners store their files on a server rather than on their personal computers and protect their database with a password.

Sample databases

HURIDOCS is an organization that helps develop tools and information management systems for human rights NGOs. It is a good resource for information on managing information. They have developed Casebox, which is a case management and document storage system for legal NGOs.

Martus is a free, open-source, information management tool that was built to be used by human rights NGOs.

RIPS (Refugee Information Processing System) is a specifically designed database for refugee legal aid practitioners.

For small or starting legal aid practices, a spreadsheet database could be an option. For example, Google Sheets, or a password protected Excel or Access database stored on a separate server.