The second most common reason we may use or disclose data is to detect and prevent abuse. But today I want to talk about one of the far less common reasons we might disclose data—to meet legal requirements. You may have noticed this figure in our annual report:
That’s the number of third-party subpoenas we received last year. Third-party subpoenas are court-approved demands for information from an entity that’s not part of the lawsuit. Basically, two parties have a dispute, and they contact us because one of the parties used MailChimp at some point, and that use is relevant to the dispute. The most common disputes we see are related to list ownership and misuse, defamation, or trademark infringement. In 2010 we received only one request for user data. That number tripled in 2011, when we received a whopping three requests. And as you saw in the annual report, that number has gone up to 13 this year! While it’s a large increase, 13 subpoenas really aren’t that many, considering we have more than two million users. Legal requests relate to a very tiny portion of our users.
We don’t produce any user data that’s subject to the Electronic Communications Privacy Act. ECPA prohibits a service provider from divulging the contents of a communication while it’s in electronic storage. So if a subpoena asks for email campaigns, we can’t comply. But there’s an exception (there’s almost always an exception with laws!): If someone who sent or received the campaign in question consents, then the prohibition can be overcome. ECPA also has stricter controls for the disclosure of information to the government, which Google recently discussed.