Think about it . Running an Internet-connected product or service isn’t the same as just providing a physical product to someone . You’re taking and caring for a piece of them at the same time . You’re not just hosting their data—you’re hosting them! It’s a big responsibility. Hosting user data is a privilege, not a right . Privacy policies are regret-management tools . Legislation being put in place will increasingly require these .
- • What data does your product or service collect, and why your product or service need to collect that data?
- • What will this user data be used for? Why should your users share it?
- • Where can your users go to permanently delete their accounts and ensure their data is removed from your servers?
- • Where can users go to download the data that’s been gathered by your product? Users need to be able to migrate if your service closes . It is your privilege to temporarily host user data . It’s their data, not yours. And as a provider of a product, you are in your user’s debt . Your users allow your company or product to exist, and they should be respected . Respect them, and they’ll respect you.
- • What precautions have you taken to ensure your users’ personal lives will not be affected if your company is hacked?
- • What are you doing to ensure transparency? Use transparency to build trust by telling people what their data will be used for.
This outline is a good start . And it will also bring up questions to your engineering team on how data is stored and protected to begin with
ANTICIPATE AND EXPECT SECURITY BREACHES
Security breaches are organic manifestations, not mechanical ones . They come from two places: people looking for ways to take advantage of or get data and personal information out, or people simply playing with systems to see if they can work around them or break them . A lot of this is done unofficially, not by people with nine-to-five hours, but by people playing in their free time . The best thing to do is to get to know and respect these people. And hire them! Security is a difficult thing to get support for, even with all of the hacks that are currently going on, because investing the money doesn’t net returns . Most companies don’t allocate resources for attacks until they’ve happened . Then they spend a lot of money fixing hacked systems, when the hacks could have been prevented if security principles had been adopted in the early stages of product development .