Overview

Note: The Breach Intelligence feature was turned off in October 2018 and historical data purged.  We no longer store and present data retrieved from our breach scrapers other than the specific matching term(s) set up by our subscribers. As such, the below historical policy is less relevant as the quantity of data we present is unlikely to ever be significant enough to cause an issue.

--

This document outlines Hivint’s approach to handling requests received from Security Colony subscribers for taking down information collected, stored and displayed in the Breach Intelligence database and Breach Monitor features (a ‘take-down request’).

Our scrapers continuously scour the Internet looking for evidence of breaches, password dumps and sensitive data. All records discovered as part of this process are stored in our Breach Intelligence database.

A take-down request involves situations where a subscriber finds a breach record via either the Breach Intelligence or Breach Monitor feature that they believe is inappropriate to be made available and should be removed from further display to the broader community of Security Colony subscribers. The subscriber can then request the data be hidden from other subscribers via the “Request dump data be hidden” option (available when the record is accessed).

 

Note: If a take-down request is lodged in relation to a specific breach record, it is important to be aware that this does not guarantee that specific data within the record (which may be the reason the take-down request was lodged) is not also contained in other records stored within the Breach Intelligence database. It is the subscriber’s responsibility to identify each of these records using appropriate search terms and lodging a separate take-down request for each.

What happens once we receive a take-down request

Following the submission of a take-down request, the Hivint team will immediately receive an email notifying them of the particulars of the request – specifically, the user who sent the request and the specific breach record for review. We will generally endeavour to review these requests within 24-36 hours.

In reviewing all take-down requests, Hivint will aim to work with our subscribers to find a mutually satisfactory outcome wherever possible. However, we reserve the right to exercise our discretion as to whether to hide a specific record from the Breach Intelligence database where we believe the record the subject of a take-down request has considerable value to our broader community of subscribers.

Where we will choose to hide a breach record

We will generally hide data referred to in a take-down request where the relevant data:

  • is part of a breach record that is highly or entirely specific to your organisation;
  • is highly offensive or illegal in nature;
  • contains sensitive intellectual property belonging to your organisation;
  • has the potential to cause significant harm to your organisation if it were not taken down; or
  • we are otherwise legally obligated to do so.

In other circumstances, Hivint may, at our discretion, hide a breach record in a take-down request where it contains information sensitive to your organisation and you can demonstrate that no other remedial measures can be taken by your organisation to mitigate the risks that would exist if it were not taken down.

Where we will choose to keep breach records visible

Generally, we will not hide a breach record where:

  • there is no clear or demonstrated link between the record subject to the take-down request and the subscriber who made the request; or
  • if the data in the take-down request forms only a small part (generally, no more than 10%) of a broader ‘dump’ of information that contains data highly relevant to other organisations.

What happens once we make our decision

While you won’t receive a formal notification of the decision we have made in relation to a take-down request, if your request has been approved you should notice that the relevant breach record is no longer visible in search results within 24-36 hours.

If you have any questions about a specific request you have made, or where the circumstances of the original take-down request have changed over time, please contact us via [email protected] or via the Help widget and we will do our best to address your concerns.