Part Two: A Standardized Law Enforcement Response Program

As we discussed in Part One, there are a lot of external pieces to consider when you receive a data request from Law Enforcement (LE). There are different laws, different types of requests, and different kinds of content. But you must also consider all the moving parts in your own company. A standardized process will help your Law Enforcement Response program run efficiently. This will save your company time and money while ensuring you are responding appropriately.

Timeliness can be especially important when dealing with legal requests. This is because the data can change, or even be lost, during the time it takes to complete a request. Disclosing the appropriate data is another big issue. Being more organized can help by preventing the under- or over-disclosure of data. A standardized Law Enforcement Response program will not only save you time and money, but also protect your company from legal issues that may arise from not responding correctly.

Who handles Law Enforcement requests at your company? Do you have specific terminology that may be confusing? How do you respond to questions? Do you have a system in place to make sure requests are answered in a timely manner?

To start, let’s focus on these four common problem areas and solutions.

Problems and Solutions

Problem: Who handles this?

One issue many companies may deal with is Law Enforcement not knowing where to send their requests. Sometimes, even the company’s own employees don’t know who handles requests. There may be too many points of contact distributed across different departments. Large organizations with several different service offerings might receive requests in many places. For example, LE might contact a general legal department, a customer service department for a specific service, or even someone at a local field office. This delays the process of responding. It also consumes internal resources as the case gets bounced from department to department while everyone tries to find the correct contact.

Solution: Designate a Point of Contact

The solution is to designate a single point of contact (POC) and establish consistent procedures for receiving legal requests. Workflows must be organized internally. Depending on the size of your organization, choose a person, a team, or an entire department to handle the requests. It might be convenient to have specific email aliases created for this work as well. Then disseminate this information to anyone in the company who might receive a request, so they know the appropriate process and who to hand it over to.

Once this person or department is chosen and the company employees know, you must train Law Enforcement about the single POC and process. If LE sends their request to the incorrect person, give them the correct contact information and process. Also, post this information on your website. It’s important that the company and Law Enforcement know what the proper communication channels are.

Problem: What’s that called, again?

Another issue that can complicate the legal request process is unclear terminology for requesting information. Is it an account ID, an account number, a username, a userID? Do they need an account creation date or a registration date? Is it an activation date or last activity date?

Since we are dealing with legal documents, consistent terminology can be essential to providing LE the correct information without over- or under-disclosing data.

Solution: Standardize terminology

Make sure to standardize your terminology within the company. This will ensure all employees are on the same page. The next part of this solution is to publish a guide for LE. Help them know how to request precisely what they want (and are legally entitled to obtain) so their requests can be processed with minimal back-and-forth clarification. This will help reduce the number of rejections you must send and questions you will have to answer. It can save you time and reduce errors in data disclosure.

Problem: How do I explain?

Communication with LE can be unclear at times (even if you standardize your terminology). It can be particularly difficult in cases where you’re refusing to provide the requested data. Sometimes you might explain the same situation repeatedly. Law Enforcement can get frustrated if your answers are confusing. They can also get frustrated if they’re receiving different information from different employees. It takes time and effort to continually answer the same questions.

Solution: Create templates

The solution is to establish consistent communication templates that address common scenarios. These templates will keep legal response specialists from having to write free-form replies that could create confusion or even contradict one another. It’s important to provide the appropriate amount of information in the clearest way possible and that all your specialists are providing the same response.

Here are some examples of common scenarios you may wish to have templates for:

• An email with an overview of the program for Law Enforcement officers who have basic inquiries
• A notification of receipt, which can include information on when to expect a response
• A notification of rejection when there is an issue with the submitted legal request
• A response for Law Enforcement asking for an update on their request
• A template for sending the requested data, which can include any instructions on accessing the data
• Answers to questions you’ve received multiple times from different Law Enforcement officers

If you regularly send emails containing the same information, you can save time and effort while preventing confusion by using standardized template responses.

Problem: Did this get taken care of yet?

When requests are managed exclusively via email, it can be hard to keep track of whether requests have been completed. Shared inboxes or distribution lists make it difficult to track incoming requests and outgoing data production. This can lead to duplication, dropped requests, missed deadlines, etc.

Making sure legal response specialists are completing all requests within the deadline and without duplication is vital to a well-functioning law enforcement response program. Managing requests will save you time and frustration while ensuring you remain compliant with the data requests.

Solution: Build a queuing system

The solution for managing your requests is to build a queueing system. This system can serve as the external interface for LE as well as the internal case management system to track the flow of requests. There are many systems that can move a request through the proper channels. They can assign the request to a user, list which part of the process the request is in, and will remain in the queue until completed. If serving as an interface for LE, it can also allow them to see where their requests are in the process. With tooling, it is easier to set a deadline for responding, which will keep your responses timely and the data fresh.

If a queuing system is outside your budget or your program is smaller, consider using flags, categories, and folders in Outlook to ensure requests aren’t slipping through the cracks. You can use flags for requests that still need to be handled. You can use categories or folders to label requests as Content or Non-content, International or Domestic, open or completed, or even to assign requests to specific employees.

Either way, it’s important to develop a system to make sure that all requests are being handled within the deadline and that Law Enforcement is receiving a response.

Let Law Enforcement Know

As stated in several of the points above, once you’ve established your Point of Contact and the terminology, you need to make the information available to Law Enforcement. One way to do this is to publish a Handbook on your website. And if you create a tool, make sure to provide Law Enforcement with information on how to submit requests.

Here are a few examples from large companies on how they get their process to Law Enforcement.

• Apple US Law Enforcement Guidelines
• Safety Center (facebook.com)
• Government Requests Guide | Zoom
• Law Enforcement Request Guide – CoinEx Help Center

Creating a new program can be daunting. However, once you standardize your contacts, terminology, responses, and process, the whole program will start to move smoothly and efficiently. Create a step-by-step process, educate your employees, let Law Enforcement know, and you’ll be running a successful Law Enforcement Response Program in no time! And if you need a little help, let us know. IPS has been working in the Law Enforcement Response field for nearly two decades and we’d be happy to share our expertise!