Like most organizations, Okta may be subject to requests from public authorities and government agencies to disclose Customer Data. In such instances, Okta will always adhere to its Law Enforcement Data Request Policy and only disclose Customer Data (a) pursuant to a valid legal request, or (b) in the case of an emergency where there is a danger of death or serious physical injury to a person that Okta may have information necessary to prevent. Unless Okta is prohibited from doing so or there is a clear indication of illegal conduct or risk of harm, Okta will notify its customer of the request before disclosing any Customer Data so that the customer has an opportunity: (a) to process the request itself (in collaboration with Okta if necessary), and (b) to seek legal remedies. If Okta is legally prohibited from notifying the customer prior to the disclosure, then Okta will take reasonable steps to notify the customer of the disclosure after the non-disclosure requirement expires.
As a company built upon trust and transparency, we believe it is important to report on these requests and how Okta responded. Please note that informal requests for Customer Data, which do not include valid legal process, are not included in this report as Okta does not consider these to be official requests and no Customer Data will ever be disclosed. As you will see below, Okta did not receive any public authority or government agency Customer Data requests in 2019.