At a government job, new contractors had to watch a video of a serious man telling us the jailtime and monetary penalties for accessing Personally Identifiable Information (PII) inappropriately. I never even tried to get the PROD credentials.
Thank you. As an early-startup variation on that, I think the solution for intentional snooping might be (assuming you you did a good job picking and incentivizing people) to impress upon everyone that snooping is NOT OK, and is a potentially company-ending scandal, that threatens the mission and the personal futures that the entire team are working towards.
That, and don't let anyone get stressed (for whatever reason) to the point that their judgment goes bad.
I'm still wondering about low-hanging fruit tactics to avoid unintentional exposure to user data in the course of moving fast with too little resources.
(Say, prod is down, and normally debugging would include looking at tables, but you haven't built a fleet of privacy-protecting ways to rapidly get the same diagnostic information and intuition about the database that you can just by looking at it.)
"Doctors are told to weigh the benefits vs. costs of every treatment. So what are the benefits and costs of IRBs?
"Whitney can find five people who unexpectedly died from research in the past twenty-five years. ...
"What are the costs? ...the monetary costs are around the order of $1.6 billion.
"What about non-monetary costs? ... Low confidence estimate, but somewhere between 10,000 and 100,000 Americans probably die each year from IRB-related research delays.
"So the cost-benefit calculation looks like - save a tiny handful of people per year, while killing 10,000 to 100,000 more, for a price tag of $1.6 billion. If this were a medication, I would not prescribe it."
You have to understand, LGBT-friendly today means that there are forced diversity inclusions at every corner so noone can possibly not see the progressiveness.
