• Maeve@kbin.earth
    link
    fedilink
    arrow-up
    2
    ·
    17 hours ago

    The comments on combinator:

    I have a real problem with the pretense posed by the article that the club has no blame. They should have understood the risk they were taking on by subcontracting a vendor to collect passports, and better vetted that vendor. Obviously the service provider was completely inept, but that doesn’t absolve the fools using them. I preach to my clients this sort of PII should be treated as a toxic, hazardous substance. Ideally don’t touch it with a 10 foot pole, and if you can’t help it then limit the scope, protect it with strong access policies that severely limit who can touch it (including encryption keys conservatively custodied), and securely delete it all as soon as possible.

    Too many companies these days point you to shoddy third parties for some kind of functionality (e.g. book an appointment, perform KYC on you, host the online learning platform for your course, etc.), inappropriately foisting both a new business relationship on you that you never asked for along with their partner’s terms of service that you have no bargaining power in negotiating.

    This is a side-effect of the SaaS era, and the model is broken.

    jwr 9 days ago | parent | next [–]

    If these kinds of breaches were actually costly, then people would indeed treat PII as toxic. But they aren’t. The media brouhaha blows over within a week or so, and things are fine again. Leaking PII should be very, very expensive, and then this idiocy would stop.

  • Hirom@beehaw.org
    link
    fedilink
    arrow-up
    22
    ·
    edit-2
    10 days ago

    […] PuffPal, a platform that manages membership and age verification for cannabis retailers and clubs across Europe.

    Get ready for many more leaks, as governments require identity and age verification everywhere online.

    Many organisations, which cannot be trusted with this data, are going to be processing it.

  • AmyAye@nord.pub
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    10 days ago

    “Oops, welp, better get a new one with a stupid scowling Trump on it!”

    – Idiot Administration probably