Transparency Report FAQs
1. Why did Lumen decide to issue a transparency report, did something change?
Lumen issued this semi-annual transparency report to demonstrate to interested parties that we are committed to safeguarding our customers’ privacy to the best of our ability while also meeting the legitimate legal needs of the U.S. government and national security demands.
Following recent changes in European data protection laws, the European Data Protection Board determined that regular publication of transparency reports is considered a “supplemental measure” that may help mitigate against concerns regarding U.S. government surveillance laws and practices. We determined that in addition to the report being considered a supplemental measure, it would be in our customers’ best interest to have access to transparency reports outlining the types of law enforcement demands Lumen receives. These reports demonstrate the low level of demands that Lumen receives, particularly when referencing national security enquiries through Foreign Intelligence Surveillance Act and National Security Letters.
2. Why is it limited to U.S. only?
U.S. state and local law enforcement are the primary source of law enforcement demands and the vast majority of those demands are targeted at mass market customers in the U.S.
3. When will you report on all countries where Lumen does business?
Lumen will continue to evaluate the benefits of reporting on other countries and will expand the report when we believe there is a sufficient need.
4. Will you notify me when you receive an enquiry for my data so I can determine if the request is legitimate and take appropriate actions?
Lumen takes legal demands for customer information seriously and prefers to provide notice to the customer when we receive a legal demand. However, in most instances, law enforcement requires us not to notify the target of the legal demand, so unfortunately, we cannot legally provide notice to the customer.
5. How does Lumen decide if a request for my data is legitimate?
Lumen takes great care in reviewing each legal demand for data before providing a response to the requesting agency. We have a team that carefully reviews each demand for legality, accuracy, scope, and validity, including whether the demand is appropriately limited to obtain only the information necessary to meet the government agency’s need. If our team determines that a demand is legally invalid, overly broad, inappropriate or seeks information outside the limitations of the type of demand, we will reject the legal demand or ask for further clarification. There are instances where we cannot produce the data even when we have received a valid request. For example, we may receive a demand for data that we do not possess, did not receive or collect, or no longer maintain due to data retention limitations. Lumen works closely and has developed good relationships with government agencies that can aid in this process.
6. Is your process in compliance with my customer contract?
7. How can I be sure that Lumen is protecting my data?
Lumen follows the law in responding to lawful demands from government agencies. We take great care with how we manage this process and work hard to protect the privacy of our customers to the best of our ability.
8. Can I “opt out” of any process that requests my data?
No. If Lumen receives a lawful demand from a government agency, we must respond or be in violation of federal, state and local laws.
9. Can I be informed after you share any of my data with the government?
In general, Lumen prefers to provide notice to the customer upon receipt of a legal demand. But in many instances, law enforcement demands under the law that we not provide notice to the target of the legal demand.
10. What types of data do you share with the government?
Depending on the legal demand, Lumen may share account data such as name, address, email address, telephone number, billing information, IP address, types of services to which the customer subscribes, call detail records, and form of payment. Some legal demands are for “content,” such as email messages, actual telephone conversations (wiretap), and sites visited on the internet.
11. If I have special concerns about confidentiality of my customer data, who can I talk to at Lumen?