Guidelines for Law Enforcement

Coalfire Systems, Inc. and its affiliates (“Coalfire”) provide consulting services and technology products to business customers for the purpose of increasing a customer’s cybersecurity strength and compliance. As a result of these services, Coalfire periodically obtains information from and about our customers. Coalfire recognizes its important obligation to protect the privacy and other rights of its customers while respecting and complying with the rules and laws of each jurisdiction in which it operates. For this reason, Coalfire carefully reviews each request it receives from any law enforcement agency seeking customer information and provides such information in response to such requests only when Coalfire reasonably believes that it is legally required to do so.

Customer Information Obtained/Retained by Coalfire

Coalfire obtains certain information from its customers that may be retained in its internal systems as a matter of regular business processes. That information may include names, email addresses, telephone numbers, usernames, billing contact information, or confidential business information. In some instances, Coalfire may have additional information that includes IP addresses and transactional or other customer records.

Customer Information Obtained/Retained by Coalfire

In evaluating any law enforcement agency request for information, Coalfire applies the following guidelines:

  • To obtain customer information, a law enforcement agency must provide legal process (such as a subpoena, court order, or search warrant) appropriate to the type of information sought. If production is prohibited by law or if the legal process served is insufficient to compel production under applicable law, Coalfire will refuse to produce the sought information. Requests from foreign law enforcement agencies must be issued through a United States court either by way of a Mutual Legal Assistance Treaty (MLAT) request or by letter rogatory.
  • Coalfire will strictly construe all requests for information and will object to and/or seek to limit requests that are overbroad, seek a large amount of information, or unreasonably relate to a large number of customers.
  • Coalfire reserves the right to seek reimbursement for costs associated with responding to law enforcement requests for information, where appropriate.
  •   Coalfire’s policy is to notify any customer promptly of a request for that customer’s information so that the customer ay object and/or take appropriate steps to block the production of such information. As a general policy, Coalfire seeks to notify such customers of any request at least seven days prior to producing the sought information so that such customers will have a reasonable opportunity to interpose and act upon any objections to production. Coalfire may shorten that seven-day period at its discretion, but generally will do so only when satisfied that there is an emergency requiring that it do so.
  • If a law enforcement agency believes that notification would jeopardize an investigation or pose some other danger, the agency should obtain an appropriate court order or other process that legally and specifically prohibits customer notification. Coalfire will not refrain from notifying a customer based only upon the request of a law enforcement agency.

As a general policy, if your request places Coalfire on notice of conduct that violates Coalfire’s use policies or constitutes illegal activity, Coalfire will take action to prevent further misconduct through account termination and/or other actions that may notify the user that Coalfire is aware of its misconduct. If a law enforcement agency believes that taking such actions would jeopardize an investigation or pose some other danger, the agency should request that Coalfire defer such action. Coalfire will evaluate such requests on a case-by-case basis and reserves the right to take such action as it deems appropriate under the specific circumstances.

Law Enforcement Record Preservation Requests

Upon request by a law enforcement agency to do so, Coalfire will preserve any identified customer information for a period of 90 days, and will preserve it for an additional 90 days upon receipt of a request for such an extension. If Coalfire does not receive valid legal process for the production of such information by the end of such periods of preservation, the information may be deleted thereafter as part of Coalfire’s ordinary business processes.

A preservation request must be sent on official law enforcement letterhead and be signed by a law enforcement official. The request must include (1) the relevant account number (or other sufficient identifying information) for the customer whose information the agency requests that Coalfire preserve; (2) a valid return email address; and (3) a statement that steps are being taken to obtain a court order or other appropriate legal process for production of the information that the agency requests that Coalfire preserve. The preservation request may be emailed to legal@coalfire.com or mailed to Coalfire Systems, Inc., Attn.: Legal Department, 330 N Wabash Ave, Suite 1430, Chicago, IL, 60611.

Requests for Production of Information:

When requesting customer information, a law enforcement agency should provide as much of the following information as is available, as that will facilitate Coalfire’s ability to respond in an effective and timely manner: name, email address, physical address, phone number, dates of service, and specific regulatory framework, computing application or systems that are the subject of the request.

 Each request must also include contact information for the authorized law enforcement agency official submitting the request, including the agency’s name, the requesting officer’s badge or other identification number, phone number, physical mailing address (P.O. boxes not accepted), and employer-issued email address. The request should also state clearly the requested response date.

Requests may be emailed to legal@coalfire.com or mailed to Coalfire Systems, Inc., Attn.: Legal Department, 330 N Wabash Ave, Suite 1430, Chicago, IL, 60611. While Coalfire agrees to accept service of law enforcement requests by these methods, neither Coalfire nor its customers waive any legal rights based upon this accommodation.

If a law enforcement agency provides information that gives Coalfire a good faith belief that there is an emergency involving imminent danger of death or serious physical injury to any person, Coalfire may exercise its discretion to provide information immediately to prevent that harm if it is in a position to do so and can do so consistent with applicable law.

Please note that requests seeking testimony must be personally served on our registered agent for service of process. We do not accept such requests by email or postal service.

Disclaimer

These guidelines are intended to serve as an informational resource, and do not create any rights or obligations on the part of Coalfire, its customers, or any other person or entity. Any questions about these guidelines or other issues relating to Coalfire’s treatment of law enforcement agency requests for information may be emailed to legal@coalfire.com.

Revised: 16 January 2024