On the Friday before Memorial Day in 2002, FBI agents descended on a chain of scuba diving stores across the country called Dive Shops, trying to get data on everyone who had learned how to scuba dive since 1999. In order to help out panic-stricken shop owners, the Professional Association of Diving Instructors, the primary organization that oversees scuba certification, gave the FBI a zip drive containing names and other information on about 2 million Americans who had learned to dive over the previous three years. It was one example of the private sector’s role in the war on terrorism. The U.S. government has over 30 data mining projects that use private-sector data. And while last year the departments of Justice and Homeland Security spent more than $25 million to purchase commercial records from data brokers such as ChoicePoint and LexisNexis, more often than not investigators get the data they want directly from companies, a tactic publicized by the recent National Security Agency project using telephone records. As the CIO, you are in charge of your company’s data. Therefore it is up to you to indemnify your company against legal liability by following the proper procedures when an investigator wants your data. The first rule, says Behnam Dayanim, a partner with the law firm Paul, Hastings, Janofsky & Walker, is to take every request to the corporate counsel’s office. “You have to get a court order,” he says, or else you may be violating your company’s ¿privacy policy. Also, it is important to make sure that you comply with the request in the order and don’t give more than you are asked for. Dayanim says that unless a company has a dedicated staffer to deal with requests from law enforcement (many telecommunications companies do, for example), investigators will most likely contact you through a letter addressed to a vague title like IT manager, or will call a junior-level database administrator directly. It is your responsibility to train your staff so they know that all requests must go through the legal department. “I think you have to hit people over the head with it,” says ¿Dayanim. “Most people’s response is to cooperate, but it exposes the company to a tremendous amount of legal liability. It puts the company at risk.” Related content brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing feature 10 business intelligence certifications and certificates to advance your BI career From BI analysts and BI developers to BI architects and BI directors, business intelligence pros are in high demand. Here are the certifications and certificates that can give your career an edge. By Thor Olavsrud Dec 01, 2023 8 mins Certifications Business Intelligence IT Skills brandpost Sponsored by Huawei Beyond gigabit: the need for 10 Gbps in business networks Interview with Liu Jianning, Vice President of Huawei's Data Communication Marketing & Solutions Sales Dept By CIO Online Staff Nov 30, 2023 9 mins Cloud Architecture Networking Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe