[PLUG] A dilema

Steve Bonds 1s7k8uhcd001 at sneakemail.com
Tue Dec 9 14:00:04 UTC 2003


On Tue, 9 Dec 2003, Ed Sawicki ed-at-alcpress.com |PDX Linux| wrote:

> The main problem is my customer's attitude. They do not care about
> security if it's the least bit inconvenient. Worse, they don't care
> about the privacy of their customer data. Their customers are
> individuals who would be devastated by identity theft. Their personal
> data is stored on this company's server and there's no effort to protect
> it.

Some discussions that might help:

http://ask.slashdot.org/article.pl?sid=02/05/21/1836256
http://ask.slashdot.org/article.pl?sid=02/12/13/0333231

And this might provide some guidance:

http://sageweb.sage.org/resources/publications/code_of_ethics.html

As a consultant you have the advantage that you can walk away easier than
if you were an employee.  Unfortunately, you also have the disadvantage
that they probably value your opinions even less than usual.

One thought that might help get their attention-- go see a lawyer and
draft up an exclusion of liability which basically states that you KNOW
there are massive security problems and have been prevented from repairing
them.  Have the company assume any liability for damages which might be
brought against you and have the paper signed by an officer of the
company, preferably the CEO.

I'm pretty sure you can't reassign liability for criminal charges, so if
it's really criminally negligent-- get out fast.

  -- Steve




More information about the PLUG mailing list