There are many standards in place when it comes to data privacy and security. GDPR and Hipaa are the most obvious ones in our industry.
But, it is also important to see how new situations can open the door to new requirements. For example, imagine you are interacting with a student or an employee and giving this person a review.
You are doing this remotely. All of a sudden you and the platform you are using need to be aware of other rules such as Ferpa.
And of course whenever payments are involved, PCI compliance and strong audit trails are needed.
Think people first
We truly believe in following the Golden Rule. When it comes to putting people (and their data) first, we have several processes in place:
- We do not sell, share, or trade the end-user data.
- A user opts-in to share data with someone else. This is a critical step as it guarantees that people have agency over their data and how it is being used.
- When you delete your account we delete your data.
- We believe end-users should be able to see who accessed their data (think of it like the LinkedIn feature of “who viewed my profile”