Hacker News new | past | comments | ask | show | jobs | submit login

The unfortunate thing about startups is that a lot of them are this fast and loose with PII. Incentives are low to do better, and the tools that make it easy to do better cost money.

This isn't to excuse Adafruit; it's to remind everyone that the hot young startup you just signed up for is probably keeping your signup information in a mysql database that everyone in the company has access to right now with a plaintext password thumb-tacked to the one office wall they have.




Yep. And there’s a good chance the company’s production database is on employee laptops so they can test features with real data sets.

When a stranger has their laptop stolen on a bus, who knows what data was on it. Fingers crossed most people have FileVault turned on these days.


> The unfortunate thing about startups is that a lot of them are this fast and loose with PII

Unless it is a HIPAA-compliant startup. Then scrubbing PII is priority number 1.


I know of business units IN government who explicitly ignore compliance. They sign off claiming they "accept the risk". It's worth your job if you push compliance too hard with them.


I thankfully have never had the displeasure of working with a business unit that explicitly ignored compliance with regulations.

i know they exist. i just havent, personally, had that experience, thankfully.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: