[PLUG] A dilema

[Carla Schroder]

On Tuesday 09 December 2003 1:33 pm, Ed Sawicki wrote:
<snip> 
> The main problem is my customer's attitude. They do not
> care about security if it's the least bit inconvenient.
> Worse, they don't care about the privacy of their customer
> data. Their customers are individuals who would be devastated
> by identity theft. Their personal data is stored on this
> company's server and there's no effort to protect it.
> 
> As long as attackers don't delete their data files, this
> company doesn't seem to care if their data files leak out to
> the Internet. They would be unwilling to spend the money to
> have me secure their computers. 
> 
> I'm concerned about numerous issues. Primarily, I see this
> as criminal negligence and I don't know what to do about it.
> Secondarily, I'm wondering about the risk of being named as
> a defendant should one of their customers be victimized in
> some way.

For me, there's a bigger issue here- if they're not going to listen to 
you, and take your advice, why do you want them for a customer? 
Especially over an issue this important. I would run, not walk, away 
from them. 

As far as potential liability, it does not matter how good a contract 
you have, and how rock-solid your disclaimers of responsibility are. If 
someone wants to include you in a lawsuit, you're hosed, even if you 
win. Lawsuits, even suits that go nowhere, cost a tremendous amount of 
time and energy, as well as money. Instead of being able to run your 
business and have life, your life gets eaten up.

IMO, it's not worth it. I would bid them farewell, and document why. I 
think you need to put your concerns in writing, just in case someone 
down the road gets mad and sics the lawyers on them. It could still 
rebound on you, so CYA well on the way out.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.8 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~