Should I give my personal data to a startup?

TOPICS: Start-up

by Raymond Wyand

Hong Kong’s startup scene is booming in the recent years, whether you are looking for personal services, like storage, education, repair, travel, banking, biking or business-related offerings, like IT support, cloud, security, HR solution, and few more, you can all operate at your fingertips. It is now commonplace for apps or websites to ask for your personal information like email, mobile number, birthday and even credit card details during account set up or for future payment purpose. Yet, have you ever had hesitation to input your personal data? And ask why should I trust a startup?

As a startup, we of course can tell you how seriously we treat security and privacy - but unlike large corporations like HSBC, startups have not spent decades building a brand that gives us faith based on track record. So as consumers, we should carefully examine the below areas before we hand in our vulnerable information to a startup and most importantly, startups need to work hard to earn users trust and ensure they maintain the security level from a user perspective.

Industry endorsement and recognition matters
Cybersecurity is complex, and some would say it’s too complicated for general public to make an informed decision. You may find it difficult to understand 256, 128, 192-bit encryption or a multi-factor authentication (not to mention blockchain) but users can always look for industry standards, certificates or recognitions which you can trust. For example, the Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. It is a widely accepted set of policies and procedures intended to optimize the security of card and protect cardholders against misuses of their personal information. It means products or services with the PCI certificate are well-assessed and up to industry security level.

Provide data only when genuinely needed
The consequences of a hack are complicated, time-consuming and can ultimately close businesses, thus startups are serious about security, as they can’t afford to wait until getting hacked. The progressive way to avoid cyber-attack is to provide personal data only when they genuinely needed. A comparative or review apps won’t ask for your credit card or bank information. If you can’t figure out a reason why the company is collecting your personal data, then just skip it or abandon the service.

Understand your rights
Hong Kong has one of the most stringent data privacy guidelines in the world, and is one of the few jurisdictions where breach of consumer rights is a criminal offence and not a civil offence. It is important for HK consumers to understand that this protection realistically applies to HK domiciled companies. For example, when Octopus breached consumer rights by selling their personal data without consent - the company was investigated by the Hong Kong Data Privacy Officer and the CEO of the company had to resign. But practically speaking, it is hard for the Data Privacy Office to take action against a company domiciled outside of HK. 

Transparency builds trust
Company website is a place to showcase company and product information. Even startups, they should disclose important information, such as privacy, terms of use, the purpose of collecting the personal data, publicly on the official website.  Read carefully the security and privacy terms, only start using the service if you agree with them.
Security cannot solely rely on a third-party to maintain, users should take up a more active role to protect their data. Here are a few tips to help keep you safe online.

Strong and secure password
Passwords are often the key to guarding access to personal information and data stored on computers or mobile. It is crucial for us to not only create strong password, but also keep it safe. Longer and complex passwords are safer and more difficult to guess, and do remember to change your passwords regularly.

Firewall or antivirus applications on your laptop and mobile
If you want to safeguard mobile devices, security threats from public hotspots can be reduced by utilizing a personal firewall or antivirus applications. Public WiFi networks, the free wireless networks found at hotels, airports and cafes, are unsafe and can exposure your sensitive data to hackers.

Lost device protection
There is no doubt that our mobile devices contain highly sensitive personal data. If we lost our phones, it is important to locate, lock and wipe a missing mobile device. Android phones and iPhones should have been installed a similar application, if not you can download one in the app stores. 

About the Author

Raymond Wyand is the Chief Executive Officer and co-founder of gini. Prior to this, Ray is a former Vice President at Citibank, part of the Global Credit Trading Business based in Hong Kong. His areas of expertise included Regulatory Capital Optimization, CLO Syndication, Securitization and Credit Derivatives.