Here are the law enforcement guidelines as adapted from LinkedIn
What types of data requests can I make?
In order to earn and maintain the trust of our Members, LinkedIn strives to ensure that our policies, procedures, and practices provide the clarity, consistency, and control that our Members have come to expect from us. Consistent with this, we respond to law enforcement requests for our Members’ data as permitted by our Terms of Service. Thus, we require that law enforcement requests for LinkedIn Member data follow established legal processes.
We accept only the following types of requests:
- Data Requests: A data request is a request for data relating to Member accounts in connection with official criminal investigations. In response to data requests pursuant to formal compulsory legal process issued under U.S. law, we will provide records as required by law. Examples of requests include:
- Orders issued pursuant to the Electronic Communications Privacy Act
- Search Warrants
- Other forms of compulsory process, such as those issued pursuant to a Mutual Legal
Assistance Treaty (MLAT) with the United States (international requests are addressed at Number 7 below)
- Preservation Requests: A preservation request is a request to preserve Member account records in connection with official criminal investigations. For requests that identify an account by (1) full name (first and last) and email address associated with the account, or (2) LinkedIn public profile URL (see below for a description of exactly what identifying information is required), we will preserve a one-‐time snapshot of then-‐existing account records for 90 days, pending service of the formal legal process. To ensure that all requests are legitimate, we will respond only to requests on law enforcement letterhead that are signed and include a valid return email address. Importantly, any Preservation Request must contain assurances that the requesting authority is taking steps to obtain a court order or other legal process for the data that the authority is asking us to preserve.
- Emergency Requests: Emergency requests must be made using the attached Emergency Request Form and will receive a response only if LinkedIn believes in good faith that serious bodily harm or the death of a person may imminently occur if we do not respond without delay. The Emergency Request Form must be submitted by a law enforcement officer and signed under penalty of perjury. (Please see Number 7 below).
What contact information must I provide in a data request?
To help us ensure that the requests we receive are from legitimate authorities, we require each law enforcement authority making a request to provide the following information to verify the requester’s identity and authority to serve legal process:
- Requesting Agency Name
- Requesting Agent Name
- Requesting Agent Badge/Identification Number
- Requesting Agent Employer-‐Issued E-‐mail Address
- Requesting Agent Phone Number (including extension)
- Requesting Agent Mailing Address (P.O. Box will not be accepted)
- Requested Response Date (Please allow at least 3 weeks for processing; see below for emergency requests)
What information must be included in a data request?
To ensure that our Members’ data remain as private and secure as possible, we scrutinize and evaluate every request for Member data to ensure that they satisfy the applicable legal standards and processes. In this regard, maintaining consistent standards serves two purposes: (1) it ensures that our Members have the clarity, consistency, and control over their data that they expect; and (2) it enables us to deal with proper law enforcement requests as promptly and efficiently as possible.
Again, detailed information helps us both maintain our Members’ trust and ensure that proper requests are dealt with as quickly as possible. Accordingly, LinkedIn requires that all requests provide the following information to identify the individual or account from which information is being sought. Without this information, we will be unable to fulfill your requests:
- The full (first and last) name of the LinkedIn Member and email address associated with the account; or,
- The LinkedIn public profile URL.
Please note: LinkedIn public profile URLs come in 2 formats:
- Requesting Agency Name Standard Public Profile URL, for example:
- Customized Public Profile URL, for example: http://www.linkedin.com/in/barackobama
How to find a subject’s public profile:
- You may search for the subject’s LinkedIn profile via an outside search engine such as Google, Bing, etc., while NOT logged in to your LinkedIn account (for example by searching for “John Doe LinkedIn” via Google). Clicking on the link provided at the outside search engine’s site typically directs you to the public profile of the LinkedIn Member, and the public profile URL will appear at the top of your web browser after clicking.
- Alternatively, if you are logged into your LinkedIn account, you may search for the subject’s profile through LinkedIn’s search box in the upper right hand corner of the screen. If you are able to locate the subject’s profile and can view the subject’s profile page, the public profile URL will be identified under the field “Public Profile” at the bottom of the box located near the top of the web page.
What types of data may be available in response to a request?
Much of the information on LinkedIn is public – it can be found searching on LinkedIn or even using a search engine such as Google, Bing, etc. However, depending on the type of formal legal process provided, we may be able to respond with one or more of the following types of data:
Basic subscriber information, which may include:
- Email address
- Member Identification number
- Date and time stamp of account creation
- Billing information
- Snapshot of Member Profile Page (see description below)
- IP Logs (see description)
Snapshot of Member Profile Page may include:
- Profile Summary
- Network Update Stream
- User profile photo
Please Note: LinkedIn’s commitment to its Members’ privacy extends beyond protecting what Members choose to share with our professional community. LinkedIn also respects our Members’ choices about what they no longer want to share. Accordingly, LinkedIn does not retain a copy of information from a Member’s profile page once the information is revised by the Member. Additionally, if a Member closes his or her account, we delete or de-‐personalize all information from that account within 30 days.
IP Logs, when available, may include:
- Member ID – the LinkedIn Member ID accessing the account
- IP address – the source IP address
- The date the account was accessed
- Visits – the number of times the linkedin.com website was accessed by that account on the date
Pursuant to a search warrant from an entity with proper jurisdiction over LinkedIn, LinkedIn may also be able to provide Member connections and private communications, which may include (1) Invitations, (2) Messages, and (3) Connections. NOTE, however, that LinkedIn cannot recover the content of Invitations or Messages once they are permanently deleted by the Member, and will not be able to recreate evidence of Connections that have been severed.
LinkedIn strongly believes that all data, whether analog or digital, whether stored on personal computers or in the cloud, is subject to full Fourth Amendment protection, no less than documents stored in a file cabinet or in a desk drawer. Thus, given our members’ expectations of privacy, we require a search warrant to produce all content, including without limitation, Connections.
Will LinkedIn notify Members of Requests for account data?
Yes. When our Members trust LinkedIn with information about their professional lives, they expect to have control over their data. Thus, LinkedIn’s policy is to notify Members of requests for their data unless it is prohibited from doing so by statute or court order. Law enforcement officials who believe that notification would jeopardize an investigation should obtain an appropriate court order or other processes that specifically precludes Member notification, such as an order issued pursuant to 18 U.S.C.
Are there any additional requirements for non-‐U.S. requests?
Yes, a Mutual Legal Assistance Treaty (MLAT) request or letter rogatory is required for disclosure of information regarding a non-‐U.S. request.
What should I do if I have an emergency request for data?
As set forth above, LinkedIn takes significant steps to protect its Members’ data, including requiring a valid legal process before producing any information regarding any of our Members or their accounts. However, we are also aware that certain emergency situations may arise that require the disclosure of Member data. For these purposes, an emergency situation is only one involving imminent serious bodily harm or death. Where these circumstances are present, emergency requests must be made using the attached Emergency Request Form. The Emergency Disclosure Request must be submitted by a law enforcement officer and signed under penalty of perjury. LinkedIn will respond to these requests only if it believes in good faith that imminent serious bodily harm or the death of a person may occur if we do not respond without delay. In all other cases, LinkedIn will disclose information only pursuant to a valid legal process that satisfies the requirements set forth above and all applicable legal standards.
How do I serve a data request on LinkedIn?
A data request may be served by fax to 650-‐810-‐2897, by certified mail, express courier, or in person at our corporate headquarters at our address set forth below:
LinkedIn Corporation ATTN: Legal Department 2029 Stierlin Court Mountain View, CA 94043 USA
Reference: LinkedIn.(n.d). Law Enforcement Guidelines. Retrieved from http://help.linkedin.com/ci/fattach/get/2730181/0/filename/LinkedIn%20Law%20Enforcement%20Guidelines.pdf