ISPs: when and when not to reveal information on your client

//ISPs: when and when not to reveal information on your client

Hosting companies and Internet Service Providers (ISPs) are often faced with the dilemma of being requested to reveal information about the identity or activities of their clients.  The request may come from:

  1. a third party who alleges that a wrong has been done to him (or an attorney acting on his instructions) or
  2. a police officer investigating a matter after a complaint has been laid with the SAPS.

Whilst most ISPs would not want to be seen to obstruct an investigation of an alleged crime, the confidentiality and privacy principles that apply towards their clients must also be taken into consideration.

A third party

ISP’s should be cautious of revealing information to third parties.  ISPs should steer away from getting involved in personal disputes between individuals and deciding the merits of a complaint – especially where the complaining party is also a client of the ISP.  Unless compelled by law or ordered by Court, the information should not be made available.

Unless compelled by law or ordered by Court, the information should not be made available

A police officer

The general principle of law is that a person does not have to give information to a police officer investing a crime, unless the crime at stake is high treason.  This general principle is subject to exceptions specified in various pieces of legislation.

The RIC Act (which deals with monitoring) and the ECT Act (which deals with cyber crimes) are of importance to ISPs hosting companies. In these Acts, no specific exceptions have been listed to put an obligation on an ISP or hosting company to provide information to a police officer investigating an alleged crime in terms of these Acts.

However, section 205 of the Criminal Procedure Act makes it possible for a police officer to obtain a subpoena, directing the ISP to reveal the requested information, in which instance the ISP will have to co operate and give the information.

In order for ISPs to safeguard themselves against any possible repercussions regarding the provision of information in terms of a section 205 subpoena, the following principles should be followed:

  1. Include an express term in your agreement with client that where required to do so by law, you will reveal personal and other information on the client;
  2. As a courtesy, inform the client once you have received a subpoena of the fact that you will be revealing information about him or his activities to the police;
  3. Do not delete any logs or information regarding the client under any circumstances.
By | 2017-12-07T07:01:49+00:00 October 16th, 2009|Categories: IT Law|Tags: , , , , |