Government Data Request Policy
Last Updated on December 3, 2021
This is the policy that applies to Government Data Requests that are received from either: (1) Government entities or (2) law enforcement to disclose personal information handled by Detective.
When Detective receives requests to disclose personal information from the parties mentioned in clause 1.1, it will follow the steps in this document. If a higher level of protection is required by data protection law(s), Detective will adhere to the additional requirements in order to be in compliance with these law(s).
Data Disclosure Requests
Detective will choose not to disclose personal information unless either:
- Making such a disclosure is under a legal obligation
- A serious risk of imminent harm to affected individuals that justifies compliance with the DDRs (Data Disclosure Requests)
Detective will notify and work with data protection authorities to fulfill the Data Disclosure Requests unless legally prohibited by law or such interactions pose an immediate risk of serious harm.
Handling a Data Disclosure Request
When a Data Disclose Request is received by a Detective employee, this request shall be immediately relayed to the Chief Technology Officer and the Privacy Team.
The medium of the Data Disclosure Request is not important, and will be validated by the CTO and Privacy Team.
The CTO and Privacy Team will review any and all Request on a case-by-case basis. The appropriate legal parties will be included to help deal with the requests and determine if action may be needed to challenge the Data Disclosure Request. If no challenge is needed, the legal parties will aid in notifying the customer and data protection authorities.
Notice of a Data Disclosure Request
Informing the Customer
When the Data Disclosure Request is related to personal information of a Detective Customer, Detective will request that the Authority send the request directly to the customer. Should the Authority agree, Detective will provide assistance to the customer so that they can fulfill the Request.
However if the Authority does not agree to make the Data Disclosure Request to Detective’s Customer, Detective will inform the Customer of the Data Disclosure Request before any personal information is disclosed to the Authority. This is the process that will be followed unless prohibited by law or conditions of the Request.
Notice to the data protection authorities
Detective will hold the request and notify the Request Authority should the Authority be in a country where adequate personal information protections are not available by law, unless legally prohibited.
When Detective is not allowed to suspend the Data Disclosure Request or is prohibited by law from notifying the data protection Authorities, Detective will apply efforts to communicate with the Authority. This communication will involve informing the Authority of Detective’s obligations that fall under data protection law(s). Detective shall document all interactions with the Requesting Authority.
A annual report shall be created by Detective that communicates the number of requests received unless legally prohibited. If Detective has received no requests, then no report shall be produced and made available.