KrakenIO Data Handling Policy

KrakenIO is committed to handling data responsibly in our cybersecurity efforts. This policy guides how we collect threat intelligence and manage exposed data, ensuring we follow laws like the CFAA and SHIELD Act while acting ethically to support stronger digital security for our clients and community.

Scope

This policy applies to all employees, contractors, and third parties involved in KrakenIO's data-handling activities, emphasizing adherence to legal standards and ethical practices.

Objectives

Principles of Data Handling

  1. Legitimate Use: Data handling, including intelligence gathering and data recovery, is conducted solely for legitimate cybersecurity purposes without intent to commit federal criminal violations.
  2. Compliance with Laws: KrakenIO commits to the SHIELD Act for protecting data like leaked credentials, the CFAA and ECPA for preventing unauthorized access, and the FTC Act alongside New York’s GBL Section 349 for ensuring honesty about work, such as using public data for OSRA demos. DOJ guidance supports lawful threat intelligence use to assist clients without harm.
  3. Ethical Considerations: KrakenIO ensures ethical practices by securing data during use, restricting its purpose to client protection, and erasing it immediately after that purpose ends, preventing access or requests while upholding trust and privacy in cybersecurity.

Handling Breach Data and Cyber Threat Intelligence

Reflecting the guidance from the U.S. Department of Justice, KrakenIO adopts the following principles in our cybersecurity practices: