SANS Institute Guidelines for Law Enforcement Requests

This webpage provides information for law enforcement agencies that are seeking information from The Escal Institute of Advanced Technologies, Inc. or any of its affiliated legal entities (collectively referred to as “SANS Institute” or “SANS”).   SANS reserves the right to change the guidelines at any time.  Note, requests for information from non-law enforcement parties are governed by our guidelines for non-law enforcement requests found on our website.

For law enforcement requests for information that SANS maintains, including customer account records and related content (“Customer Information”) sought in connection with an official law enforcement investigation, SANS requires an appropriate form of legal process be issued in accordance with applicable law.  This may include a subpoena, court order or warrant.   

We store, maintain, use and disseminate Customer Information as described in our Terms and Conditions and applicable SANS entity’s Privacy Policy.  Accordingly, SANS only provides Customer Information requested for an official law enforcement investigation when SANS reasonably believes it is required to provide such requested information.  To protect our customers’ privacy rights, we carefully review requests to ensure they comply with applicable law and are within the powers of the requesting law enforcement authority.  Note, SANS will not provide Customer Information unless served with a valid legal request, issued by a public authority or a court that has jurisdiction over the SANS legal entity and is authorized to issue such a legal subpoena, court order, or search warrant, provided that the requester is within the same jurisdiction as the issuing court. Please review these guidelines before submitting a law enforcement request to SANS.

Required Information

SANS reviews law enforcement requests and accompanying subpoenas or other legal process for both facial and substantive validity.   SANS reserves the right to object to any law enforcement request that it believes may be invalid, including overly broad or vague requests.   Accordingly, please follow the following guidelines in your law enforcement requests:

  • Requests must be narrowly tailored, describing information requested with specificity, and with a defined timeframe for delivery.
  • Requests must contain the law, statute, directive, or regulation used as the basis for the request.
  • Requests must be for a specific and identified person, entity or reference to limit the scope of the request.  For example, an identifiable person or legal entity or credit number or other specific information to limit the scope.
  • Requests must contain contact information for the law enforcement agency.  This includes a name, title, department, government address, government email address, and phone number. 
  • Requests must contain the reason for the request. 

SANS reserves the right to place a law enforcement request “on hold” pending more information from the requesting law enforcement agency in the event we deem, in our sole discretion, that we do not have enough information to comply or that we are unable to comply for any other reason.  SANS strictly construes requests for data and seeks to limit or object to requests that are overbroad or seek a large amount of information or affect many users.  SANS also objects where production is prohibited or where the process served is insufficient to compel production of the requested data under the Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq. or other applicable law. SANS reserves the right to appeal any request for information, where available, and shall not disclose the requested information until required to do so under applicable procedural rules.

These guidelines are intended to serve as an informational resource and do not create any obligation or waive any objection concerning how SANS will respond in any particular case or request. SANS reserves the right to seek reimbursement for the costs associated with responding to law enforcement data requests, where permissible.

User Notice Policy

SANS’ policy is to notify customers of requests for their information and provide them with an opportunity to object to the disclosure 7 days prior to production unless such notification is prohibited by law.  SANS may shorten the notice period in its discretion but will only do so in emergency situations. Law enforcement officials who believe that notification would jeopardize an investigation should obtain an appropriate court order or other process that specifically prohibits customer notification and provide it to SANS.

Further, if your request places SANS on notice of an ongoing or prior violation of our policies, we reserve the right action to prevent further violations, including account termination and other actions that may notify the user that we are aware of the misconduct. If you believe in good faith that taking such actions will jeopardize an ongoing investigation, you may request that SANS defer such action on your written request. SANS will evaluate such requests on a case-by-case basis. It is the responsibility of the requesting law enforcement official to make this request, as it is SANS’ policy to enforce its terms of use.

Serving a Valid Law Enforcement Request & Contact Information

Law enforcement agencies can submit a request by emailing SANS, by serving our registered agent or by mailing documents to our headquarters as detailed below. 

Email Address for Law Enforcement Questions and to Send Legal Process: subpoenas@sans.org

Headquarters Mailing Address for Law Enforcement Requests:

SANS Institute
Attn: Legal Department  for Law Enforcement Request
11200 Rockville Pike, Suite 200
North Bethesda, MD 20852
USA

SANS’s acceptance of legal process does not waive any legal objections that it may have and may raise in response to the request.

Law Enforcement Preservation Requests

SANS will preserve Customer Information for 90 days upon receipt of a valid law enforcement request. SANS will preserve information for an additional 90-day period upon receipt of a valid written request to extend the preservation. If SANS does not receive formal legal process for the preserved information before the end of the preservation period, the preserved information may be deleted when the preservation period expires.

Preservation requests must be sent on official law enforcement letterhead, signed by a law enforcement official, and must include:

  • The relevant account information identified below for the customer whose information is requested to be preserved;
  • A valid return email address; and
  • A statement that steps are being taken to obtain a court order or other legal process for the data sought to be preserved.

Preservation requests may be sent to the contact information (mailing address or email account) provided above.

Law Enforcement and Public Authority Requests from Outside the United States

The Escal Institute of Advanced Technologies, Inc. and many of its affiliated entities are U.S.-based companies.  Please note that U.S. law authorizes SANS to respond to requests for Customer Information from foreign law enforcement agencies that are issued via a U.S. court either by way of a Mutual Legal Assistance Treaty (MLAT) request or letter rogatory.  It is our policy to respond to such U.S. court-ordered requests only when they are properly served, appropriately scoped, within the power of the requesting authority or agency, and in accordance with applicable legal process. SANS will evaluate emergency requests from foreign law enforcement on a case-by-case basis, consistent with U.S. law and the laws of other countries, as applicable.

Emergency Requests

Emergency requests may be submitted directly to SANS via the procedure described below.

SANS evaluates emergency requests on a case-by-case basis. If you provide information that gives us a good faith belief that there is an emergency involving imminent danger of death or serious physical injury to any person, we may provide information necessary to prevent that harm if we are able to do so, consistent with applicable law.  Please include the following information with your emergency request:

  • The person who is in danger of death or serious injury, if any.
  • Specific threat or situation.
  • Specific identifying information of person (e.g., name, phone number, email address or other identifying information).
  • Signature, title, identification number, name of law enforcement agency, email address, phone number and government address of requesting agent.
  • Relevant legal authority for the emergency request.
  • Other relevant and pertinent information related to the emergency request.

Emergency requests may be submitted via email to subpoena@sans.org with the subject line “Emergency Disclosure Request” and providing the information above.