[guptaneil]

This is how I’m building my startup[1]. All data stays with the customer and we actively don’t want it, because that’s how I wish all my products worked. I suspect you will see more startups who treat data more respectfully in the future, as the next wave of founders have experienced the consequences of unrestricted data collection.

Having said that, I also think a large part of the problem is that treating data like toxic waste is hard. There are more established patterns for data collection than data destruction. How do you know when it’s safe to delete some piece of data? What if the user comes back and complains about a transaction after you’ve deleted the associated data?

1: https://hiome.com

[laydn]

Exactly. A lot of businesses MUST keep the data.

Imagine EasyJet putting the burden of keeping all your transaction logs on you: "Passenger assumes responsibility of downloading this electronically signed package and keep it for 2 years"

On a completely tangential note: How does your product work with pets?

[guptaneil]

Ha, that makes me wonder if we could have a future standardized protocol where your browser handles the responsibility of storing a signed package of data, and sending it back to the company when needed. Basically treat each package of data like a product that might need to be RMA'd if there's an issue. Obvious first question is what happens when you switch browsers/devices.

Regarding pets: it'll depend on the size of your pet. For most people, the sensors properly ignore pets, but they can be confused by large dogs. You can adjust the sensitivity of the sensor, so it's generally only an issue if you have both large dogs and small children, and only want to count one of them. We're working on a software update that should help that scenario too. Feel free to send me more questions at neil@hiome.com :)

[nickff]

The government wants many companies to keep certain data, to prevent fraud by the customers (and sometimes the businesses). Decentralizing the data makes such frauds (including tax fraud) more difficult to audit or detect, so it seems unlikely that governments will permit it.

[hazmazlaz]

But wait, isn't this exactly how MOST businesses operate today? I certainly can't go to my local dry cleaners and request the transaction data for something that happened 2 years ago, much less any sort of metadata about that transaction (3 shirts, one blue two white, no starch). The normal principle most businesses adhere to is a strictly limited time period of "memory" of any particular transaction or interaction, after which it is solely the customer's responsibility to keep records.

[thephyber]

> There are more established patterns for data collection than data destruction. How do you know when it’s safe to delete some piece of data?

I agree, but this is exactly analogous to the SDLC. Most coders only learn to hack together barely-working code. Those who spend the effort to learn the craft figure out how to {version control, unit test, static analysis, benchmark, integration test, upgrade library dependencies} and automate these processes.

Similarly, there needs to be a data lifecycle with defined retention lifetimes for different data, defined processes for actually disposing of data, and special handling cases for backup blobs (which may be retained longer than the retention lifetime of a subset of the data in the backups). This is effectively intended by the GDPR (not sure if it states explicitly) and similar laws.

[csharptwdec19]

Startups now have to think about things like GDPR and Cali's laws, so they have to think about this data more -anyway-.

> I also think a large part of the problem is that treating data like toxic waste is hard.

Yep. It's a -lot- of extra work to do. It's a balancing act between:

- Keeping data long enough to satisfy govt regulations, rulings, or existing contracts with your vendors (i.e. merchant account with a bank for CC processing.) You can't just order something from amazon, Send a GDPR request and expect all your data to be gone; They can't delete it until -after- those retention periods have expired.

- Following Regulations like GDPR/Cali Privacy law.

- Still doing meaningful things with the data.

Generally speaking, I'd say this is all stuff that makes a Data architect very handy in the modern climate.