Government Data Request Policy

Last Updated: June 28, 2022

This Government Data Request Policy describes how we will respond to requests from law enforcement agencies or government authorities (collectively, “Government Authority”).

Hootsuite is committed to protecting the privacy of personal data under its custody and control. We will not disclose our customers’ personal data to any Government Authority unless we are instructed by the customer to do so, or as described in this Policy.

If we do receive an order by a Government Authority to disclose personal data relating to a particular customer, we will take the following steps:

Redirection of the request

We will first inform the Government Authority that we are not the original source of social media data. The original source of the social media data is managed and stored by the social networks. Hootsuite does not permanently store social media data received from social networks, except in very limited cases, as Hootsuite relies on real time APIs to retrieve the data which enables this information to be displayed in the services, and therefore, we are not the appropriate entity to receive these requests.

We will then attempt to redirect the request to the relevant customer so the customer may directly respond to the request. We may need to provide the customer’s basic contact information to the Government Authority for these purposes.

Notification

In the event that redirection is not possible, we would attempt to notify the customer unless we are legally prohibited from doing so. This would provide the customer with an opportunity to manage the request and seek a protective order or other appropriate remedy.

Reviewing the legality and enforceability of the request

Where we are compelled to respond, we would review the request to assess whether it is lawful and enforceable in the jurisdiction of the Hootsuite entity or Affiliate that controls the records that are the subject of the request, and determine if the request may need to be challenged. If the request is not lawful and enforceable, we will notify the Government Authority that we are unable to disclose any data.

Incompatibility with GDPR requirements

If Hootsuite is legally prohibited from notifying the customer of the request, and we have reason to believe that the request is incompatible with European data protection requirements and conflicts with our existing contractual commitments to our customers, we will notify the customer of our inability to comply with European Data Protection Laws, and the customer will have the right to immediately suspend any further processing of personal data and/or terminate its agreement with Hootsuite.

Minimizing the data provided

If it is determined that Hootsuite is required to provide information in response to a valid and legally binding request and/or order from a Government Authority, only the minimum information will be provided to the extent legally permissible.

Information Request - Statistics

Government Authority Statistics

The table below sets out the number of Government Authority information requests that Hootsuite receives annually.

YearNumber of Requests ReceivedNumber of Times Data Disclosed
202130
202000
201960
201820
201730

United States National Security Requests

Hootsuite has not received any United States national security requests, which include U.S. National Security Letters (“NSLs”) and requests issued under the Foreign Intelligence Surveillance Act (“FISA”).

The table below sets out the number of Government Authority information requests that Sparkcentral receives annually.

YearNumber of Requests ReceivedNumber of Times Data Disclosed
202100
202000
201900
201800
201700

United States National Security Requests

Hootsuite has not received any United States national security requests, which include U.S. National Security Letters (“NSLs”) and requests issued under the Foreign Intelligence Surveillance Act (“FISA”).