When do founders start thinking about user data security

Grace Lu
4 replies
Currently working on developer tools that gives startups a frictionless way to secure their user data or and build privacy preserving apps. Wondering if this is top of mind to start? or usually closer to launch? or triggered by compliance requirements? Would love to chat with anyone who has run up with this problem

Replies

Anna
Snowball Analytics
The earlier the better. If users trust you with their personal info - you should respect their privacy and take it seriously.
Tommy De Rossi
You need to think about it from the start, generally every endpoint that returns user information should have authentication and authorization. You also need to check that every SQL query does not return data not owned by the user, which sometimes can be tricky and complex
Alex
User privacy and data security should be through about from the beginning. It's much easier to build in security and privacy focused processes and tech at the start than it will be to retrofit later on. But as Steven alluded to in his earlier comment, the reality is that you might be able to only do what you can afford to do or have time to do. The risk in what you store should be a good guide to how much effort gets invested. In my experience the most likely reasons to "think" more about data security have been big customers, compliance requirements for the industry you build in, or a security finding from a penetration test or vulnerability disclosure.
Steven Birchall
It should always be from the start, though I've seen plenty of companies compromise on this to get an MVP out the door. The reality is, it needs to be done at some stage. Either a customer will demand it, you'll be forced to do it from a legal / compliance side (GDPR, CCPA, etc) or worse case, you will have a breach. So the earlier you can do it, the less pain it causes, and the less chance of a horrible, reputation destroying event occurs.