KrakenIO Data Handling Policy

KrakenIO is dedicated to upholding the highest standards of data handling in the cybersecurity sector. This policy ensures our practices in gathering cyber threat intelligence and recovering stolen data are both legally compliant and ethically sound, reflecting our commitment to contributing positively to cybersecurity defenses.

Scope

This policy applies to all employees, contractors, and third parties involved in KrakenIO's data handling activities, emphasizing adherence to legal standards and ethical practices.

Objectives

• To conduct data handling activities for legitimate cybersecurity purposes.
• To adhere to the SHIELD Act, U.S. federal guidelines, and ethical considerations in all data handling practices

Principles of Data Handling

1. Legitimate Use: Data handling, including intelligence gathering and data recovery, is conducted solely for legitimate cybersecurity purposes, without any intent to commit federal criminal violations.
2. Compliance with Laws: KrakenIO commits to full compliance with the SHIELD Act, federal laws, and the specific guidelines provided by the U.S. Department of Justice regarding cybersecurity practices.
3. Ethical Considerations: Emphasizing the importance of ethical considerations in all cybersecurity activities.

Handling Breach Data and Cyber Threat Intelligence

Reflecting the guidance from the U.S. Department of Justice, KrakenIO adopts the following principles in our cybersecurity practices:

• Legitimate Cybersecurity Activities: "If a practitioner does not intend to use information obtained on a forum to commit a federal criminal violation, asking questions or soliciting advice on a forum is unlikely to constitute as a crime."
• Ethical Intent for Use of Information: "... assumes the practitioners obtain information solely so that it can be used and shared for legitimate cybersecurity purposes (e.g., to help others and defend against cybersecurity threats) and with no criminal or malicious intent or motive."