Transparency at EMC
Transparency and Government Access to Your Data
As a global leader in information technology, EMC understands that personal privacy and security are fundamental to a trusted digital world. As interest in this area grows, we want to explain how EMC addresses requests we receive from governments around the world for certain data and the measures we take to prevent unauthorized access to that data. We hope that by being transparent about our approach to these issues we underscore the importance of transparency across our industry and the need for all participants in the digital world to support the dual requirements of individual privacy rights and collective security.
While EMC delivers a variety of services, including some directly to consumers, the great majority of EMC’s customers are businesses and large organizations who purchase and deploy our products in their own data centers or via their hosting providers. Therefore, most data stored or maintained using our products is owned and managed directly by our customers, and not by EMC. All of our customer relationships are governed by contracts, and we have comprehensive privacy and information security policies in place. In those instances where we do collect or store data on behalf of individuals or our business customers, we adhere to those contracts and policies, to applicable law, and to the following principles when any government seeks access to that data:
In alignment with our stated commitments to transparency, EMC has instituted a process for tracking government requests for user data. In the second half of 2015 (July 1 – December 31), we did not receive any government requests that meet the requirements below from any jurisdiction in which we do business. We will continue to monitor for these requests, and report publicly on a periodic basis.
EMC seeks to limit the amount of data provided.
Except as specifically described below, EMC will not release data in response to a government request without valid legal process. Valid legal process is a subpoena, court order or search warrant from a jurisdiction in which EMC does business. Valid legal requests must be made in writing, signed by a named authorized official of the requesting agency, and issued under appropriate law.
EMC may decide to disclose data in the absence of valid legal process in a narrow range of emergency situations, such as those involving child safety, risk of death or serious physical injury, a risk that someone is seeking to buy EMC products in violation of export control laws, or to expose or defend against cyber terrorism.
EMC will scrutinize closely the legal basis and will attempt to narrow or clarify the scope of any request as much as possible. We will challenge any “bulk” data requests that fail to identify a specific individual, account or reasonably tailored group.
EMC seeks to inform you of government requests for your data.
EMC is committed to issuing periodic reports to provide our customers, partners, employees and shareholders with information concerning the government requests for data we receive. Except where prohibited by law or in exceptional circumstances, EMC is committed to informing an individual or business customer if a government seeks access to their data.
EMC recognizes that trust is the foundation of our business.
From time to time, we are alerted to possible vulnerabilities in our products. All vulnerability claims are investigated and validated according to industry guidelines. We have a comprehensive process for responding to these reports and ensuring that any actual vulnerabilities are addressed in a timely manner.
Our products are not designed to enable any government or other third party to gain access to your data without your authorization. We will not knowingly allow anyone to exploit our products in order to gain access to your data.