this post was submitted on 15 Jun 2023
79 points (98.8% liked)

Malicious Compliance

19569 readers
3 users here now

People conforming to the letter, but not the spirit, of a request. For now, this includes text posts, images, videos and links. Please ensure that the “malicious compliance” aspect is apparent - if you’re making a text post, be sure to explain this part; if it’s an image/video/link, use the “Body” field to elaborate.

======

======

Also check out the following communities:

[email protected] [email protected]

founded 1 year ago
MODERATORS
 

[REPOST] Years ago, I was the CTO of a software company that was perhaps the worst run company I've ever seen. It was run by a "chairman" who used to be a flight engineer, and who had no experience at all in the software industry. One day, in his expansive wisdom, Mr. Chairman decided that we were going to give his friend (a local pastor) an office. I was ordered by Mr. Chairman to make it impossible for anybody ("Even you!!!") to access any of Mr. Pastor's files (because, y'know, privacy and stuff). I attempted to point out a couple of problems with that scenario, but was immediately shut down and ordered to do what I was told.

Now, this particular person had... well, let's call it a quirk. When anything went wrong with his computer, his solution was to format his C: drive. (Yeah, I know...) The inevitable happened, and Mr. Chairman ordered me to restore all of Mr. Pastor's files from the backup (which we normally did... ahem... religiously). I looked at him innocently and said "What backup?" It took possibly five seconds for steam to begin pouring from his ears, and for him to start screaming, "YOU MEAN YOU DIDN'T DO A BACKUP??? WHY YOU....!!!!" and so on. I waited for him to finish, and then asked him politely how he proposed that I do a backup of files that I'm not allowed to have any access to? The silence that followed was glorious.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

What if you need personal info? Or will you never need it?

[–] [email protected] 1 points 1 year ago

Personal info is fine to use if you're using it internally for uses that clients agreed to in the ToS and you've signed the appropriate NDAs. If personal data is being sent externally the clients have to agree to the external personal data use, or it has to be masked/aggregated so that it no longer contains personal data.