marcell 3 days ago

Yes but I was one of only a handful of people with this access. It was heavily audited. AFAIK no one ever used it inappropriately.

Reply View 0 replies
flanked-evergl 2 days ago

Just for some perspective from outside the US: I work at a bank in a country subject to GDPR. I have access to customer data, as do most people on my team.

Reply View 2 replies
  • shelled 2 days ago

    I worked at a US startup from my world country and that company dealt exclusively with PII (i.e. IDs, face etc) of people, including from the armed forces, of NA and some European countries.

    I had access to any data I wanted to see, download on my work laptop (we all worked remotely). I didn't have to ask anyone, I didn't have to justify it, and AFAIK it was not audited. Logged? I don't know, maybe it was. I had sent mail once regarding to a director and SVP and never received even an ack. Oh by the way, everybody had access, not just me. For that no other access type was required either. Company email was sufficient. And IIRC even the stage env. had product data and stage was truly fair game.

    No, I did not misuse and used it handful of times for debugging purposes. I doubt anybody did.

    Reply View 1 reply