I came across an article titled “Dismantling A Dream: What Happens When Startups Fail” at huffingtonpost.com. Basically, the writer wonders “what happens to all my data when a startup fails?” and finds out. The answer turns out to be: it depends. Thankfully, there are some whose heads are screwed on right. There are those who aren’t. I particularly feel sorry for one entrepreneur who, apparently, uses “password protection” instead of data encryption software to safeguard data (I feel sorry for his customers).
Three Interviews, Two Responses
I’d recommend reading the article but essentially, the three interviewees had two different ways of taking care of customers’ (self-submitted) information:
Interviewee #1: Keep it. He stores all of his customers’ email addresses and login information on his laptop, protected with password protection. And by “password protection,” I think it actually refers to “password protection,” as opposed to mistakenly calling encryption software “password protection.”
He has also lost a hard drive with customers’ data. He just doesn’t know where it is. It’s not mentioned whether the data was protected at all.
Interviewee #2: Keep it. He plans on keeping his customers’ data, just like interviewee #1. His rationale? “Why not”? One hopes that he’ll use adequate protection.
Interviewee #3: Destroy it. “I think it’s a violation of user privacy to continue storing email addresses if you tell users your service is shutting down…I sign up for a service, and if you’re no longer providing that service, why should you keep my information?”
And the Right Attitude Is….
We may live in a world of gray, but some things are surprisingly black and white. Interviewee #3 has it right. You have to destroy that data. It’s the only ethical thing to do. Customers didn’t sign up with you, the entrepreneur. They may have cheered you on, but it’s the service they were really interested in. When your project fizzles and pops, that’s it. Finished. Kaput. Finito. The tit for tat is over because there is no “tat.”
Plus, I don’t know about others, but I for one would not appreciate it if an unknown service’s introductory email was addressed to me with personal details or whatever. What’s the first thing I’m going to think? That I got spammed…or that someone’s database got hacked. Hardly a salubrious way to commence a relationship.
Furthermore, there is the issue of legality. In the US, what interviewees #1 and #2 are doing is not illegal (at least, I don’t think it is). In other parts of the world, like Europe, it is illegal: data can only be collected with one’s consent, and only for the stated reasons. If an organization decides to share the information, it has to gain consent upfront or get it later on. Here’s an interesting question: how’s a defunct company going to gain consent? It doesn’t exist anymore.
Of course, you can get around these legal troubles by pursuing projects that are limited to only those countries where going bust doesn’t mean having to destroy personal data. The count of such countries is becoming smaller with each passing year, though.
And you certainly don’t want to “deal with it later.” That’s essentially what Google did with their Street View for Google Maps — vacuuming up data and deciding to deal with it later…allegedly — and look where it’s gotten them.
Encrypt that Stuff
If you’re an entrepreneur whose projects involve the collection of people’s data — be it sensitive or not — and you do end up having to fold and move on to your next megabucks project, do yourself and your past clients a favor: encrypt any data that you’ve collected, assuming you’re not going to destroy them.
Related Articles and Sites: