this post was submitted on 15 Jun 2023
73 points (100.0% liked)

Malicious Compliance

19527 readers
4 users here now

People conforming to the letter, but not the spirit, of a request. For now, this includes text posts, images, videos and links. Please ensure that the “malicious compliance” aspect is apparent - if you’re making a text post, be sure to explain this part; if it’s an image/video/link, use the “Body” field to elaborate.

======

======

Also check out the following communities:

!fakehistoryporn@lemmy.world !unethicallifeprotips@lemmy.world

founded 1 year ago
MODERATORS
dystop@lemmy.world
Kaiser@lemmy.world
Imotali@lemmy.world
archonet@lemmy.world
73
[REPOST] You might like to back up that decision... (lemmy.world)
submitted 1 year ago by dystop@lemmy.world to c/maliciouscompliance@lemmy.world
14 comments fedilink hide all child comments
 

[REPOST] Years ago, I was the CTO of a software company that was perhaps the worst run company I've ever seen. It was run by a "chairman" who used to be a flight engineer, and who had no experience at all in the software industry. One day, in his expansive wisdom, Mr. Chairman decided that we were going to give his friend (a local pastor) an office. I was ordered by Mr. Chairman to make it impossible for anybody ("Even you!!!") to access any of Mr. Pastor's files (because, y'know, privacy and stuff). I attempted to point out a couple of problems with that scenario, but was immediately shut down and ordered to do what I was told.

Now, this particular person had... well, let's call it a quirk. When anything went wrong with his computer, his solution was to format his C: drive. (Yeah, I know...) The inevitable happened, and Mr. Chairman ordered me to restore all of Mr. Pastor's files from the backup (which we normally did... ahem... religiously). I looked at him innocently and said "What backup?" It took possibly five seconds for steam to begin pouring from his ears, and for him to start screaming, "YOU MEAN YOU DIDN'T DO A BACKUP??? WHY YOU....!!!!" and so on. I waited for him to finish, and then asked him politely how he proposed that I do a backup of files that I'm not allowed to have any access to? The silence that followed was glorious.

top 14 comments
sorted by: hot top controversial new old
[–] eee@lemm.ee 20 points 1 year ago (2 children)

a pastor who doesn't want anyone to see the contents of their hard drive... more red flags there than a Soviet parade

[–] HamsterRage@lemmy.ca 2 points 1 year ago (2 children)

Perhaps, although a pastor is likely to have legitimate confidential information about parishioners.

[–] no_kill_i@lemmy.ca 5 points 1 year ago

Nah, where I work (and where we all work, teally) we have legitimate confidential information about our customers... that the appropriate employees can access appropriately. That's not an abnormal use case.

Definitely has something to hide, especially if he's formatting his computer every time he has a "problem". Not that data can't be recovered after a format anyway.

[–] eee@lemm.ee 1 points 1 year ago

That's fair.

[–] seeCseas@lemmy.world 1 points 1 year ago

yeah Mr Chairman is lucky that the police didn't come knocking on their door.

[–] arcrust@lemmy.fmhy.ml 7 points 1 year ago (1 children)

That's absolutely wild. I bet if he owned a garage, he'd expect you to be able to fix a car in the dark.

Question tho, as someone not in IT, how do you handle HIPPA policies. Clearly you have to have access, but I assume the info would just be backed up seperately from other data.

[–] Steeve@lemmy.ca 7 points 1 year ago (1 children)

I worked as a Data Engineer in health insurance for almost a decade. I'm Canadian, but we have similar laws and the answer is basically that every employee signs a lot of NDAs. Data access should be limited to what you need to do your role, and any data that leaves the company has to be totally stripped of personal identifying information (usually some form of data masking).

That being said, I never found it difficult to get access to data, it was usually just another NDA to sign. I did work with government policies for a bit where I had to go to a government facility and get finger printed and all that before they gave me access, that was interesting. I work in tech now and the controls around data access are a lot more serious, gotta jump through a lot of hoops to get access to anything. Probably because of the scrutiny tech is under these days.

[–] darcy@lemmy.blahaj.zone 0 points 1 year ago (1 children)

What if you need personal info? Or will you never need it?

[–] Steeve@lemmy.ca 1 points 1 year ago

Personal info is fine to use if you're using it internally for uses that clients agreed to in the ToS and you've signed the appropriate NDAs. If personal data is being sent externally the clients have to agree to the external personal data use, or it has to be masked/aggregated so that it no longer contains personal data.

[–] roofuskit@kbin.social 5 points 1 year ago (1 children)

And it's that day that Mr. Chairman and his Pastor friend lost their massive CP collection.

[–] dystop@lemmy.world 4 points 1 year ago

given their reaction, i'm sure that was it.

"DO YOU KNOW HOW LONG I SPENT CURATING ALL THIS - er, nevermind"

[–] PlasticExistence@lemmy.world 5 points 1 year ago

Yikes. Was the company profitable at all?

[–] Tangent@lemmy.world 5 points 1 year ago

My money's on the chairman not learning from the experience either; he still blamed you even though he was totally unable to find a way to actually blame you.

[–] Revan343@lemmy.ca 1 points 1 year ago

I waited for him to finish, and then asked him politely how he proposed that I do a backup of files that I'm not allowed to have any access to?

I mean, set up Borg to back up his machine, in theory, but you'd have to set up backups first, and then blindly trust Borg that nothing's going wrong. And of course Borg doesn't do Windows, so you'd need his machine to run an SMB server