Last updated April 11, 2022
BCM One, Inc. and its affiliates (“BCM One”, “we”, “us” or “our”) are committed to maintaining the privacy of our clients. Below are the guidelines (the “Guidelines”) government agencies, law enforcement authorities, and any other person or entity must follow when requesting client data.
These Guidelines are provided for informational purposes only and do not represent a commitment by us to provide information. We reserve the right to respond or object to any data request in any manner consistent with applicable law.
These Guidelines do not apply to clients’ requests for their own data. Clients should follow the guidelines provided by BCM One (or applicable affiliate) to request their own data.
Commitment to Privacy
In accordance with our commitment to maintaining our clients’ privacy and trust:
- As explained further in Section VIII below, to the extent legally permissible, we will notify the target party of a legitimate request relating to their data.
- We will review the legality of each data request and reserve the right to object to any data request.
- We will reject requests that have been improperly served or requests that we deem to be incomplete, inconsistent, inaccurate, overly broad, vague, or unduly burdensome.
Types of Requests
Requests must be submitted pursuant to formal legal process.
A data request for information relating to a client account in connection with an official criminal or administrative investigation or proceeding, or a filed civil legal action to which our client is a party, should be provided to us by one of the below methods.
- Court Order
- Search Warrants
- Civil Investigative Demands
Lawful Intercept (CALEA) Orders
We and/or our affiliates may serve clients in a wholesale manner. In those cases, a lawful intercept implemented on our network will yield limited data. Prior to serving us with a lawful intercept order, we encourage you to utilize the data request process provided here so that in cases when a target number is assigned to a wholesale client, you will be able to contact our wholesale client, who may have their own CALEA solution which may yield more complete data.
Information to Include in Data Requests
All data requests must include the following information:
- Target telephone number in the 10-digit format.
- IP address(es) if applicable.
- Specific dates for which the information is being requested, or a narrowly tailored date range (the longer the date range the longer it may take us to respond).
- Specify if the request involves calls, texts or both.
- Full contact information including agency name, address, and phone number
- Email where we can send our response
- Copy of the warrant, court order, grand jury subpoena, or other legal process pursuant to which the request is made, including without limitation any non-disclosure order purporting to restrict us from notifying our client of the request.
Civil Data Requests.
In addition to the above requirements, the following information is required for any civil data request.
- Requesting party’s name
- Counsel name, applicable State Bar Number, telephone number, email address and mailing address (P.O. boxes will not be accepted)
- Requested response date (please allow at least 4 weeks for processing)
- Copy of the subpoena to which the request is made.
Submitting a Data Request
We accept service of data requests by email to firstname.lastname@example.org.
In compliance with the Federal Communications Commission Order concerning Client Proprietary Network Information (“CPNI”), client information will not be released without a valid subpoena, court order, search warrant or other formal demand from a court of law or government agency authorized to request such information.
Requests from Non-US Authorities
A Mutual Legal Assistance Treaty (“MLAT”), letters rogatory, or similar process may be required for disclosure of data in connection with data requests from a non-United States authority.
Limitations on Retention of Clients’ Data
We take reasonable and appropriate steps to guard against inadvertent or malicious deletion or destruction of data in our systems. We provide information as available based on our retention policies. Please note that we delete or de-identify a client’s data in accordance with our retention policies. In addition, clients may have the ability to delete data from their accounts. We are not able to recover a client’s data once it has been deleted.
Notification of Clients
If you do not want us to notify our client of the data request, you must provide us with a copy of a non-disclosure order as part of your data request.
Fees for Civil Data Requests
We charge $75.00 per hour for research (one hour minimum) for compliance with civil data requests.
Requests for call detail records that are outside the time frame of our generally available database will require an investigation as to the feasibility, time and costs required to retrieve such records (if they are available).
We will invoice the person or entity submitting the subpoena. Payment is due upon receipt and prior to our delivery of any documents and information.
All questions regarding these Guidelines or any pending request should be directed to email@example.com.