> -----Original Message----- > From: Eric Haskins [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 31, 2007 6:10 PM > To: CF-Community > Subject: OT: A day in the life of a Webhost ..... :( > > Posted in OT but its a Ghost town there LOL
I'm not a lawyer... but I've seen them on TV. My understanding of this kind of thing is: +) Never release customer information unless compelled by a court to do so. +) Only release the absolute minimum amount of information required by the subpoena. Don't hold back (you could be held in contempt or obstruction of justice) but don't offer anything extra. +) You may question any request if it seems too broad - ask the judge, not the enforcement. For example a request for all your customer records is probably out of scope for the issue you describe. +) Release the information as you have it. Don't do any "extra" work (collating or tabulating the information) - the best possible form is to give the information to the court as you received it from the customer. +) Release only the information accessible to your actual business processes - don't get clever or go above what you'd normally do. For example don't buy an "deleted file recovery tool" to dredge up archived files you've deleted. +) If you can't provide any information be specific as to why. For example you might get asked for that customer's access history for the past five years but perhaps you only keep two (or none). It's fine to honestly lack the information (they'll try to get as much as they can) just be honest and non-confrontational about it. Of course all this assumes that you want to comply (I would!) You could try to make a case for client privilege or privacy rights but that would be to make a point. People with time and money makes those cases... not guys like us. ;^) (Although if you're really serious about it you might call the EFF or ACLU and ask for an opinion.) In short the main things you're trying to do here are: +) Deny all unofficial requests. +) Comply with all official requests. +) Don't do more than required. That last one is important to deal with any possible customer suit later. You really can't reasonably worry about getting sued when you've just complied with court orders (I don't think you can really get sued for NOT breaking the law). More specifically you can probably get sued (it's so damn easy in this country!) but you shouldn't worry about it. However if you've done "extra" work to meet any subpoena a case might be made on the grounds that you freely provided confidential information even when that information was not requested. You might also be branded "hostile" in the sense that you not only met the requirements of the law but did your own investigation to find incriminating evidence. Don't get into that: just comply with the court, don't appear to be a friend of it or working for it. I would also do a full backup of all your data now and often. I think it's _very_ unlikely (and probably criminal) but if there's any chance that they might subpoena your hardware you'll be left with nothing. Don't even consider destroying information related (or even possibly) to the case before you're asked for it. It's just asking for trouble. There's probably a ton of useful information at the EFF (http://www.eff.org/). I don't know of any off the top of my head but I'm sure there are discussion groups where you might get some free (and almost certainly conflicting) advice from actual lawyers. Good luck! If there's anything a loosely bound, wide-flung group of friends can do, let us know! Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Download the latest ColdFusion 8 utilities including Report Builder, plug-ins for Eclipse and Dreamweaver updates. http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:239355 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
