Third-party requests for data

orange cubes on top of orange background with on blue cube

February 2021

Trusting a company with your data raises many concerns about access to that data. One of the top concerns of legal departments is how a service provider will respond to requests for their customers’ data. NetApp maintains detailed processes for responding to third-party requests that are designed to protect the privacy and security of customer data.


What are third-party requests for data?

Understanding third-party requests simply means knowing who third parties are and what type of request is received. A third party is any person or entity other than NetApp, its subsidiaries and affiliates, or customers requesting their own data. Third-party requests for data are defined as any requests for data that did not originate with the party generating that data. Such requests do not include exchanges of information that are necessary for the operation of our services, such as when we share data under contract with our partners and subcontractors to provide a given service, nor do they include customers requesting support in obtaining their own data.

NetApp’s response to third-party requests for data

Third-party requests for data are generally categorized into two types: legal orders and nonlegal requests. Legal orders are those requests for data that are required by law, such as law enforcement warrants, civil subpoenas, and orders adjudicated by a court of competent jurisdiction. Nonlegal requests are all other requests.

Legal orders for data

When NetApp is served with a legal order for customer data, we review it for both scope and legality. Unless prohibited by law, we take steps to either (1) verify that the individual or entity to whom the data pertains or belongs has been notified or served with a copy of the legal order; or (2) notify the individual or entity to whom the data pertains or belongs that NetApp has received a legal order seeking their information. If we determine that we are obligated by law to comply with the legal order; we comply. We endeavor to minimize or exclude confidential information unless a protective order or court order commands otherwise.

Nonlegal requests for data

NetApp does not voluntarily produce customer data without a legal order. When possible, we instruct third parties requesting such data to contact the customer directly with the request.

Back To Top