Exceeding expectations through additional information on our operations, integrity, and ethics.
Trusting a company with your data raises multiple concerns with respect to access to that data. One of the top concerns of legal departments is how a service provider will respond to requests for their customers’ data. NetApp’s maintains detailed processes for responding to third-party requests that are designed to protect the privacy and security of customer data.
Understanding third-party requests is as simple as understanding who third parties are and what type of request is received. A third party is any person or entity other than NetApp, its subsidiaries and affiliates, or customers requesting their own data. Requests for data include any ask for data that did not originate from the requesting party. They do not include exchanges of information that are necessary for the operations of our services, such as when we share data under contract with our partners and subcontractors for the purpose of providing a given service.
Third-party requests are generally categorized into two types: legal orders and non-legal requests. Legal orders are those requests for data that are required by law, such as law enforcement warrants, civil subpoenas, or orders adjudicated by a court of competent jurisdiction. Non-legal requests are all other requests.Legal orders
When NetApp is served with a legal order for customer data, we will review it for both scope and legality. Unless prohibited by law, we will take steps to either (1) verify that the individual or entity to whom the data pertains or belongs has been notified or served with a copy of the subpoena, or (2) notify the individual or entity to whom the data pertains or belongs that a subpoena seeking their information has been received. If we determine that we are obligated by law to comply with the legal order, we will comply. We will endeavor to minimize or exclude confidential information unless a protective order or court order commands otherwise.Non-legal requests for data
NetApp does not voluntarily produce customer data without a legal order. Where possible, third parties requesting such data will be directed to contact the customer directly with the request.