@WPalant in this case it just sounds like he used the key to open the front door, saw an absolute mess & notified the company of the issue
Top-level
@WPalant in this case it just sounds like he used the key to open the front door, saw an absolute mess & notified the company of the issue 3 comments
@RakowskiBartosz @thisismissem @WPalant Well, no. You can't demand the right to look into the internals of your partners - they have a right to privacy as well. You are instead "protected" by the law that requires the partner to protect your privacy interests, or by contracts. What that law is missing, however, is a way to universally verify that they do it correctly, e.g. by independent auditors. Which isn't often feasible, though. It's all a compromise, and it sucks. Surely you forgot to add a sarcasm tag. The vendor is almost certainly out of GDPR compliance. |
@thisismissem @WPalant this seems to omit the other side of the story. If I understand this correctly, vendor software was making undocumented calls to outside infrastructure and sharing potentially sensitive data. It should be in company's right to check the level of exposure to properly protect their and their customers' rights.