Rhetoric, Convenience and Privacy at the Crossroads

The Implosion of LastPass is a Stark Reminder About the Importance of Due Diligence and the Influence of Effective Promotion

  1. If they are as secure as they claim, do they have an independent audit report, provided by certified professionals that covers all the security and privacy aspects that matter?
  2. Who owns the company? Is it a private equity group or a highly regulated enterprise? Has it changed hands in the past few years? When a merger takes place, does your data go along with it?
  3. How much cyber insurance does the company carry? If your company’s operations and reputation can be impacted by a failure or breach of this vendor’s systems, then the coverage should reflect the amount of the potential loss.
  1. Is there more noise than signal? Does a name come up a lot in paid ads, sponsored videos and promotional articles without a commensurate amount of evidence to back up marketing claims? Just how independent are big name the studies that you are able to locate?
  2. Is there more than a hint of unauthorized or unethical data collection? Does this vendor force users to receive spam in order to use their service (opt-out)? Are there any detectable shenanigans in the unsubscribe process? Are there built-in trackers in their technology?
  3. Is the product independently audited, or does the assessment apply to a collection of brands, the company as a whole, or a particular subset of these? Pay particular attention to the scope and frequency of audits.
  4. Has it suffered from past data breaches? In some cases, cybersecurity incidents are opportunities for companies to learn from past mistakes. In others, they are signs that it should be retired altogether. In most cases, the way previous security issues were (mis)handled is simply an indication of things to come.
  5. Perhaps the most important thing I would want to look at is simply, who owns the company and how many times it has changed hands in the past few years. Is it controlled by private interests? Does it have a notorious reputation?
  1. how is data protected?
  2. who owns the company?
  3. what independent evidence exists?
  4. when did the company act on a previous incident?
  5. where, in the signed agreement, is accountability covered?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bad Privacy

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, collected & edited by Claudiu Popa; author, educator, booknerd.