Hacker News new | past | comments | ask | show | jobs | submit login

Agreed. I would be interested to hear thoughts on this as well. As an example, if Coca-Cola uploaded its secret formula to a Dropbox, the damages resulting from a data breach would seem to be immeasurable. But I'm sure Dropbox's TOS limits damages to cost of the service (no extraordinary, consequential, etc.) Is this amount what's at issue here, or is there something I'm missing?



The issue in IT doesn't arise around the Coke formula on Dropbox, unless Coke could somehow sue Dropbox for damages. The issue arises around large quantities of sensitive information. What if those Red Box video rental machines could be stolen to get the credit card data inside (they can't, the data aren't in there).

The issue hits hard in medical record IT. Losing control of 500 or more folks' medical records gets your name in lights here, and you're required to try to notify everybody who might be affected. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachno...

What kind of insurance could possibly cover a startup against the reputation cost of this? Not insurance that any startup could afford. Plus, the liabilities for misuse of the leaked data (identity theft, employment blacklisting of sick people, you name it) are unlimited.

So, a business that holds medical records for people is inherently a Ferrari car wash, unless the entrepreneurs can somehow persuade their hospital customers to bear the reputation risk. That's very hard.


eh, yeah, but you need to set expectations. I mean, people that will lose thousands of dollars every minute you are down have... rather different hosting expectations from people that are making a thousand dollars a month.

I mean, which would you rather have, assuming they were paying you the same money (and using the same capital resources, e.g. both of them use a full low-power dedicated server that costs $1,200 up front in parts and $20/month in power. Both use about as much bandwidth.)

Customer A. who is hosting email, web and ftp for his family, and maybe has a dev setup so she can test out the new webapp she's developing.

or

Customer B. who is running a website with $10,000 per day worth of sales.

Assuming they both have my phone number and can wake me up at 4am and yell at me, I can tell you that I am going to want a lot more money to give customer B the same service as customer A, because first, customer A isn't going to call me at 4am very often, and if I do flub something up, I can give customer A a free month, an apology and an explanation of what happened, and she is going to think I'm okay.

Customer B? man, customer B is going to wake me up every time there is even a little networking blip. And if I screw it up? they are going to have reason to be really angry, and possibly sue me for a bunch of money. a free month is unlikely to mollify them.

(also note, insurance might cover the payout if I get sued, but they certainly won't cover the time and aggravation, even in the best case.)

So yeah, I can see how hosting customer B would be exciting, but I'd want a whole hell of a lot more money to deal with those increased expectations.

If we want to go to the car wash example, when I was driving my maxima with unrepaired body damage? my neighbour caved in the rear passenger door with her land rover. "Don't worry about it," I said, "You did not significantly lower the utility or value of my car." - I mean, the whole thing was probably worth about as much as the bumper on her land rover.

If she had done the same to the new M3 in the next space over? you can bet her insurance would be making it just perfect, for a price that could have bought my jalopy several times over.

That's the thing. Nobody reads the legal bullshit until the knives are fully out and the lawyers are at the table. When you think about it, it doesn't make sense to spend the effort until then. I mean, you're talking about thousands of dollars of effort to understand a contract, and that doesn't make any sense on a contract that is worth two hundred bucks. Setting expectations is an important part of avoiding the situation where the lawyers need to come out and understand the contracts.

(Of course, this is why most contracts are as one sided as legally possible; there is no advantage to giving quarter, as the counterparty won't really read it until the relationship has soured and they are actively hostile.)




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: