25 May 2019
With hacker attacks on the rise, consumers as well as businesses need to be more careful about the issue of data security. Photo: Unsplash
With hacker attacks on the rise, consumers as well as businesses need to be more careful about the issue of data security. Photo: Unsplash

Should I give my personal data to a startup?

Hong Kong’s startup scene has been booming in recent years. Whether you are looking for personal services, like storage, education, repair, travel, banking, and biking; or business-related offerings, like IT support, cloud, security, and HR solutions, all these are available at your fingertips. But it is commonplace for apps or websites to ask for your personal information like email, mobile number, birthday and even credit card details during account set-up or for future payment purpose. Now, have you ever had hesitation in inputting your personal data? And ask yourself this question: why should I trust a startup?

As a startup, we of course can tell you how seriously we treat security and privacy – but unlike large corporations like HSBC, startups have not spent decades building a brand that gives us faith based on track record. So as consumers, we should carefully examine the below areas before we hand in our vulnerable information to a startup. And most importantly, startups need to work hard to earn users’ trust and ensure they maintain the security level from a user’s perspective.

Industry endorsement and recognition matters

Cybersecurity is complex, and some would say it’s too complicated for general public to make an informed decision. You may find it difficult to understand 256, 128, 192-bit encryption or a multi-factor authentication (not to mention blockchain) but users can always look for industry standards, certificates or recognitions which you can trust. For example, the Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. It is a widely accepted set of policies and procedures intended to optimize the security of card and protect cardholders against misuses of their personal information. It means products or services with the PCI certificate are well-assessed and up to industry security level.

Provide data only when genuinely needed

The consequences of a hack are complicated, time-consuming and can ultimately close businesses. Hence, startups are serious about security, as they can’t afford to wait until getting hacked. The progressive way to avoid cyberattack is to provide personal data only when they are genuinely needed. A comparative or review apps won’t ask for your credit card or bank information. If you can’t figure out a reason why the company is collecting your personal data, then just skip it or abandon the service.

Understand your rights

Hong Kong has one of the most stringent data privacy guidelines in the world, and is one of the few jurisdictions where breach of consumer rights is a criminal offence and not a civil offence. It is important for HK consumers to understand that this protection realistically applies to HK domiciled companies. For example, when Octopus breached consumer rights by selling users’ personal data without consent – the company was investigated by Hong Kong Privacy Commissioner for Personal Data and the CEO of the company had to resign. But practically speaking, it is hard for the Data Privacy Office to take action against a company domiciled outside of HK.

Transparency builds trust

Company website is a place to showcase company and product information. Even startups, they should disclose important information, such as privacy, terms of use, the purpose of collecting the personal data, publicly on the official website. Read carefully the security and privacy terms, and start using the service only if you agree with them.

Security cannot solely rely on a third-party to maintain; users should take up a more active role to protect their data. Here are a few tips to help keep you safe online:

Strong and secure password

Passwords are often the key to guarding access to personal information and data stored on computers or mobile. It is crucial for us to not only create strong password, but also keep it safe. Longer and complex passwords are safer and more difficult to guess, and do remember to change your passwords regularly.

Firewall or antivirus applications on your laptop and mobile

If you want to safeguard mobile devices, security threats from public hotspots can be reduced by utilizing a personal firewall or antivirus applications. Public WiFi networks, the free wireless networks found at hotels, airports and cafes, are unsafe and can expose your sensitive data to hackers.

Lost device protection

There is no doubt that our mobile devices contain highly sensitive personal data. If we lose our phones, it is important to locate, lock and wipe a missing mobile device. Android phones and iPhones should come installed with such application, if not you can download one from the app stores.

– Contact us at [email protected]


CEO and co-founder of gini

EJI Weekly Newsletter

Please click here to unsubscribe