All demands for customer data Cisco receives from government and law enforcement agencies are carefully reviewed and subject to Our Principled Approach to Government Demands for Data.
We publish a record of these demands twice yearly as our Transparency Report, which covers a period of either January to June or July to December. Each report is published six months following the end of the reporting period.
Cisco requires that government and law enforcement agencies first seek to obtain data from Cisco customers directly.
When they demand data from Cisco, we require strict adherence to applicable laws as outlined in our Law Enforcement Guidelines for Government Data Demands.
Cisco may receive demands for data from U.S. national security organizations. This includes Foreign Intelligence Surveillance Act (FISA) warrants, orders, directives, or National Security Letters (NSLs). The table below lists the number of U.S. National Security demands Cisco has received during the applicable period.
January 1, 2020 to June 30, 2020
|National security orders, directives, or national security letters received||0|
|Number of accounts affected under all national security orders, directives, or national security letters||0|
Sorry, no results matched your search criteria(s). Please try again.
Reporting is subject to the USA Freedom Act of 2015, which limits Cisco’s ability to report the exact number of orders received. Demands for data must be reported within a broader range of numbers and with a six-month delay.
To ensure that data is not destroyed, lost, or tampered with, government entities may request that data be saved for a specified period of time in anticipation of a legal process such as a search warrant, criminal investigation, or court order.
|January 1, 2020 to June 30, 2020||Totals|
|Preservation Requests Received from the United States||2|
|Preservation Requests Received from outside of the United States||0|
Sorry, no results matched your search criteria(s). Please try again.
This time frame is specified in the preservation request and may result in data being stored longer than its standard retention period but will not exceed 90 days in accordance with the Electronic Communications Privacy Act of 1986.
A. Cisco will assess and respond to government and law enforcement demands for customer data in accordance with Cisco’s Terms of Service and applicable law. We carefully review each demand we receive to ensure we are protecting the privacy of our customers while meeting our legal obligations. For more detail on how we respond to demands for customer data, please see Our Principled Approach to Government Demands for Data. The Trust Center is the best source of information on how Cisco is Trustworthy, Transparent and Accountable to our customers.
A. Content data includes text, audio, video, or image files our customers create in connection with the use of Cisco products or services. Content data has previously been referred to as customer data. Non-content data includes basic subscriber information such as name, address, phone number, IP address and email address, payment data such as credit card information, and telemetry data generated in connection with customer’s use such as URLs, net flow data, and information relating to the existence of cookies. A greater level of legal process is required to obtain content data.
A. Law enforcement may demand information from Cisco that is needed to help resolve imminent threats to life or serious physical harm. Where authorized by applicable law, Cisco may provide information in such emergencies and we have an established process to respond to emergency demands.
A. Demands that are not accompanied by a valid legal process or a valid legal basis are challenged or rejected. Our legal team will seek additional clarification from government and law enforcement officials to narrow the scope of demands that are unclear or overly broad. Cisco believes that governments and law enforcement agencies should go directly to customers for content and non-content data requests in the first instance.
A. The Clarifying Lawful Overseas Use of Data (or CLOUD Act) is a United States federal law passed in 2018 that allows federal law enforcement to compel, via warrant or subpoena, U.S.-based technology companies to provide requested data regardless of whether the data is stored domestically or abroad. It also authorizes the U.S. government to enter into executive agreements allowing foreign governments to request data directly from American providers. As of this Transparency Report, the United States has entered into one such agreement with the United Kingdom. In the past, Cisco has provided reporting on the CLOUD Act. Through incorporating customer feedback, we are in the process of revamping future iterations of our Transparency Reports to provide more granularity on the impacts of this legislation. All requests received by Cisco are carefully reviewed and subject to Our Principled Approach to Government Demands for Data, below.
A. Cisco will notify the customer that its data has been requested upon receipt of a legally valid demand that correctly identifies the customer with a reasonable degree of specificity, so that the customer may attempt to limit or prevent disclosure, unless such notification to the customer is prohibited by applicable law or emergency circumstances prevent advanced notification. Where appropriate, Cisco will challenge demands that prohibit notification to the customer, through appropriate legal process or other means. For more information, please see Our Principled Approach to Government Demands for Data.
A. We are constantly working to improve our internal processes and to bring increased transparency to our customers. As a result, we have expanded this report to include country-level information on demands, the number of demands Cisco rejected, the percent of demands where data was disclosed, and the number of preservation requests we have received.
A. Countries that provided a government data demand to Cisco during the current reporting period are illustrated above.
A. Cisco never gives governments or law enforcement agencies direct access to content or non-content data without following the appropriate legal process. Consistent with Cisco's Security Vulnerability Policy, our product development practices specifically prohibit any intentional behaviors or product features that are designed to allow unauthorized device or network access, exposure of sensitive device information, or a bypass of security features or restrictions (including, but not limited to, undisclosed device access methods or "backdoors").
A. Cisco’s approach to respecting human rights is outlined in our Global Human Rights Policy, which is grounded in the United Nations Guiding Principles on Business & Human Rights. Our Principled Approach to Government Data Demands is designed to minimize disclosure of customer data, uphold and respect human rights, and promote accountability and transparency with our customers and the public.
A. If you are an official representative of a Government or Law Enforcement agency and you are seeking data from Cisco, you may email your legal demand to firstname.lastname@example.org. If government and law enforcement agencies have served the legal process by email to email@example.com, there is no need to serve a duplicate hardcopy process on Cisco by mail.
A. Cisco is committed to the transparency of our systems and processes, and accountability to our customer promises. Please direct any questions regarding the Transparency Report or Cisco’s Principled Approach to firstname.lastname@example.org.