Tag: discussion

Posted on

Privacy Matters

By now you’ve all heard about GDPR and how it affects just about everything you do with data. The sad thing about it is that the bulk of it is really all common sense when it comes to the use of Personally Identifiable Information (PII). Of course, we all know that common sense isn’t very common either…

I received an email from a recruiter the other day which brought privacy matters back into my mind again. I’m used to getting various emails with all sorts of different job opportunities or even just introductions. This one though caught my attention. It wasn’t the email content, or the job opportunity (it was actually saying that there were possibly multiple openings all over the place and I could pick and choose), or even the awful formatting that it was in (please stop copying content from Word, complete with random bolding and highlighting, into your emails without reformatting it!). It was the email distribution list. Instead of relying on an email service, or even adding multiple emails in the BCC line, this recruiter added 207 emails to the CC line…

Is my email PII? The US Department of Labor says it is (and the EU’s GDPR legislation agrees).

Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification.
– US Department of Labor

I emailed this recruiter back, chided them for not respecting my privacy, and due to that requested that they remove me from their system and to never contact me as since I could not trust them with something as simple as an email address, how could I trust them with client confidentiality and any other information I might give them? I did get an apology from them along with a promise to remove me. Who knows if they really deleted me or not…

I know I was making a bit of a mountain out of a molehill. At the very least, it could have turned into another Replyallcalypse with a flurry of resumes and queries going out to everyone. Worse would be someone using that list of CC’d emails to attempt to access our various professional and social accounts and such. Enough of the speculation though. After all, common sense says that “this information wasn’t meant for me, so I should ignore and delete it.” Right?

As an engineer, privacy is critical. You should only be looking at the specific data you need to complete your task (such as fixing a bug that happens only to User X). If you’re using data to achieve a larger task in the system, you should only be referencing the data you need for the task (no more “SELECT *” SQL).

As a manager, privacy is no less important. You’re the next layer of privacy defense, helping to ensure that your team is producing privacy compliant software, regardless of if it is GDPR, HIPAA, PII, or just plain common sense.

Avoid The Replyallcalypse and keep your employees’ and customers’ data safe; only use what you need, when you need it, and avoid the CC field at all costs. You don’t want data loss to be yor folt

Posted on

Welcome to Geek 2 Man

As a software engineer, scrum master, and, in my humble opinion, generally intelligent guy, I have often found myself sitting in meetings thinking, “I could do that.” and on a few other occasions, thinking to myself, “What in the world is that manager thinking?” And so my quest to leave development and enter the magical, mystical realm of management began.

This site exists for several reasons.

Think of this as a diary

This isn’t some super secret diary with a lock on it stashed away in the night stand. While it might do me some good to have one of those, it won’t server the full purpose: dialog. Let me get me thoughts out, and in exchange for reading my diary, I hope some of you will respond back with your thoughts. Tell me I’m nuts. Tell me you agree with me. Either way, ideas can’t grow or help others without the open dialog.

I like to tell stories

I’ve heard lots of great analogies over the years. Quite a few were stories when I first heard them. Others were just good ideas that then were turned in to parables (of sorts…) when I explained them to others. So why not share?

Consulting

OK, yes, there is an ulterior motive here… I’d like to think that some of my thoughts are good enough, or important enough, or even just entertaining enough, that maybe someone out there wants to pay me to use those ideas. Maybe that’s a speaking engagement. Or maybe it’s just for help with instigating change within their organization. Or maybe I’m just so darn handsome. The sky is the limit with what I can accomplish and what I believe I can help others accomplish. Like what you see? Let’s talk.

 

It’s because of this journey of being a geek to becoming a manager that this site exists.