Comment by flanked-evergl
Comment by flanked-evergl 2 days ago
Just for some perspective from outside the US: I work at a bank in a country subject to GDPR. I have access to customer data, as do most people on my team.
Comment by flanked-evergl 2 days ago
Just for some perspective from outside the US: I work at a bank in a country subject to GDPR. I have access to customer data, as do most people on my team.
I worked at a US startup from my world country and that company dealt exclusively with PII (i.e. IDs, face etc) of people, including from the armed forces, of NA and some European countries.
I had access to any data I wanted to see, download on my work laptop (we all worked remotely). I didn't have to ask anyone, I didn't have to justify it, and AFAIK it was not audited. Logged? I don't know, maybe it was. I had sent mail once regarding to a director and SVP and never received even an ack. Oh by the way, everybody had access, not just me. For that no other access type was required either. Company email was sufficient. And IIRC even the stage env. had product data and stage was truly fair game.
No, I did not misuse and used it handful of times for debugging purposes. I doubt anybody did.