[Algemarin]

I feel conflicted whenever I see a comment like this.

On the one hand, let's assume it's true: a Paytm employee acted negligently.

But on the other hand, what if it's not true? What if you happen to have a friend or family member who works for a Paytm competitor, or you have some grudge against Paytm for whatever reason, and are instead spreading low-key FUD about the company to make it seem like they have lax data controls and staff disregard for sensitive data?

The issue is that there doesn't really seem to be a way to substantiate your anecdote.

[lisasays]

Let's assume it's true: a Paytm employee acted negligently.

Not negligently - maliciously.

The employee knew exactly what they're doing, that it was "wrong" in any conventional sense -- and most likely a huge liability to their career and reputation if it got found out.

[hgsgm]

Working in a call center isn't a "career".

[officeplant]

I would say any position with upward movement possible is a career.

If you go from grill station to manager at McDonalds, that's a career.

[lisasays]

I'm not sure being a Jira monkey (uh, "engineer") is either -- but more importantly, we don't know what this person's role is.

[bloqs]

most people can't handle it as a career and it has low barriers to entry, so many people do it as an early job. I have met several 10x call center people, and it can be an incredibly lucrative career. It's effectively low level social engineering. It requires extraordinary levels of grit.

[causi]

From personal experience, people will do anything they are physically capable of doing and think they can get away with. Almost nobody I know has the slightest amount of respect for any private data to which they have access. This extends from people in healthcare breaking HIPAA to tell me about how Jane Doe is an idiot who got a mayo jar stuck in her vagina to IT workers showing me John Doe's cringey nude selfies. Trust absolutely no one. If it's possible, it's happening. The goal should be able to make it not possible to the best extent and when it is, create accountability.

[JohnFen]

> Almost nobody I know has the slightest amount of respect for any private data to which they have access.

Really? You need to run with a better set of people. It's true that there are plenty of corrupt, terrible people out there -- but it's also true that there are plenty who aren't.

[causi]

Not by choice, I assure you.

[xwdv]

This is what makes the lie more potent. It’s based on a kernel of truth, and because it reinforces beliefs, you can easily believe a Paytm employee acted negligently, with no more evidence than an anecdote.

[hgsgm]

Doesn't really matter, because unless PayTM proves it's impossible, someone is doing it. Do they have an external auditor report?

[rvnx]

It could totally be just a competitor of PayTM coming here trying to spread lies ¯\ (ツ) /¯

The requirement of proof is the other way around:

If PayTM decides to sue the owner of the comment, it would be the owner of the comment to prove what he is saying.

[sometimes_all]

Oh please. The comment was less about PayTM and more about tech companies being blasé about data privacy in general.

If I had a friend or family member who was an employee of such a publicly facing tech company, I’d be grilling them about their data security and privacy practices. I’ve been burned enough times by Indian companies so ridiculously free with their data sharing that I’ve stopped giving out my contact info to everything but the most essential of services.

Most Indians will lean towards believing the GP because they know how aggressively their personal data is being abused, unless Paytm comes out with concrete details of how they protect privacy inside and outside the firm.

[chongli]

I didn’t even realize Paytm was a real company when reading OP. It sounded like a generic name made up for purpose, like “Jane Doe” for payment companies.

[radicaldreamer]

This is why rule of law is important. India has weak rule of law... there's no confidence from anyone that wrongdoing will be punished and there's no confidence that making up stuff to hurt a competitor will be punished.

[SV_BubbleTime]

Good point. So how about the default should be zero knowledge or as close as we can get?

How about not willingly providing information of people that actually don’t NEED it?

[ifyoubuildit]

Isn't this true of much of what you read on the internet?

Edit: I'm responding specifically to this: The issue is that there doesn't really seem to be a way to substantiate your anecdote.

[dragonwriter]

> On the one hand, let's assume it's true: a Paytm employee acted negligently.

No, that's not “negligent”. Or even “reckless”; the violation of privacy is deliberate.

[dragonwriter]

> On the one hand, let's assume it's true: a Paytm employee acted negligently.

No, that's not just “negligent” or even “reckless”, its intentional wrongdoing.

[jacquesm]

Given what I've seen I have absolutely no problem believing this. If you don't then that's fine but that simply means you've been living a sheltered life. Have a look at the GDPR enforcement tables for some choice violations.

[lynx23]

So you trust a for-profit more then an aneedote by a customer of them? I am sure you'd also forcefully vaccinate your loved ones if $authority told you to do so, right?

In my experience, everything bad you can imagine, a for-profit has already done.

[ouid]

and so your conclusion about trust is?