Should I trust a dev company to transfer my user database?

yameth

Aspirant
Joined
Feb 10, 2007
Messages
19
I need to change platform on one of my sites and the developers of the new platform provide a paid service to transfer the database from the old platform. Data and user emails etc. Even though I have no other choice, I feel very uncomfortable to expose my user email database to a third party. How can I be sure that it will not be copied and end in the wrong hands?
Any ideas? How do you do it?
 

yameth

Aspirant
Joined
Feb 10, 2007
Messages
19
I agree, but this is not something I do on a regular basis, so I am left at the hands of the platform devs when I do it. Changing platforms is not something you can foresee.
 

Kevin

Oooh, something shiny!
Joined
Jul 13, 2004
Messages
3,412
Doesn't matter, I can still do it. Moving Databases is something I've done for fun since I was younger.
While I realize you're just offering your help and trying to be nice, do you really think somebody who is concerned about a 3rd party having access to their DB would entrust it to somebody who is doing it for "fun"? You don't know what platform they are using now, you don't know what platform they want to move to, you don't know if there were customization done to the existing DB that would interfere with a standard migration, you don't know why they are so concerned about data leaks (is it gov't data, is it highly sensitive customer data subject to regulation, is it questionable data, is an NDA required for working with the data), you don't know what kind of access is available to the server(s), you don't know what time frame the job needs to be done in, and, yet... they should trust you to do it for them so you can have some self-described fun?
 

Kyrie

Fan
Joined
Sep 2, 2009
Messages
986
While I realize you're just offering your help and trying to be nice, do you really think somebody who is concerned about a 3rd party having access to their DB would entrust it to somebody who is doing it for "fun"? You don't know what platform they are using now, you don't know what platform they want to move to, you don't know if there were customization done to the existing DB that would interfere with a standard migration, you don't know why they are so concerned about data leaks (is it gov't data, is it highly sensitive customer data subject to regulation, is it questionable data, is an NDA required for working with the data), you don't know what kind of access is available to the server(s), you don't know what time frame the job needs to be done in, and, yet... they should trust you to do it for them so you can have some self-described fun?

I guess I didn't think about how sensitive the data is.. you're right.

But other than that I am 100% confident I would be at least able to do the transfer, and I was willing to do it for free.. but after reading their post again it seems they are untrusting of a third party in general.

Regardless, another question for you: If you got some illegal data if you were working for the transfer service provider how would you (personally) handle that?
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,045
Unless you want to get involved with the legal profession I'd agree with Joeychgo, due diligence is your best option.

One minor point which may sound like semantics but it does have a minor bearing on the situation. If the platform developer is facilitating the transfer then arguably there's no third party involved. It's just you and the developer which does simplify things and should make it a little easier to check their track record.
 

Kevin

Oooh, something shiny!
Joined
Jul 13, 2004
Messages
3,412
Unless you want to get involved with the legal profession I'd agree with Joeychgo, due diligence is your best option.

One minor point which may sound like semantics but it does have a minor bearing on the situation. If the platform developer is facilitating the transfer then arguably there's no third party involved. It's just you and the developer which does simplify things and should make it a little easier to check their track record.
For most privacy regulations like CCPA the vendor would be considered a 3rd party since the originating party (the person who is associated to the email address & potentially other sensitive data) entered into an agreement with the OP, not the vendor. Of course then it would come into play if the first party agreed to any terms the OP may have presented in regards to sharing the data with a 3rd party. For a recent audit at... well, here at my current undisclosed location... we even had to take it further and attest to whether or not if there are any agreements in place with any 3rd parties in regards how they handle the data and what they do with it at the end of the agreement; that was a challenge trying to get verified.

As you said, if there are any privacy and/or legal concerns at all then due diligence is required.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,045
For most privacy regulations like CCPA the vendor would be considered a 3rd party since the originating party (the person who is associated to the email address & potentially other sensitive data) entered into an agreement with the OP, not the vendor. Of course then it would come into play if the first party agreed to any terms the OP may have presented in regards to sharing the data with a 3rd party. For a recent audit at... well, here at my current undisclosed location... we even had to take it further and attest to whether or not if there are any agreements in place with any 3rd parties in regards how they handle the data and what they do with it at the end of the agreement; that was a challenge trying to get verified.
That does make sense. Thanks, I've learnt something :)
 

Joel R

Fan
Joined
Nov 24, 2013
Messages
773
In general, you have two choices for who can assist with the transfer:
- the company itself
- a private developer from the third party Marketplace

Between the two, and no knocks to the third party Marketplace community of any community software, I would hands down trust the company more. They would at least have published policies over user data and user privacy, and can provide a copy of their migration procedures and user privacy policies This is also the same company that you're going to turn to for administrator and database support later, so quite frankly, you shouldn't even be buying if you don't trust.
 

yameth

Aspirant
Joined
Feb 10, 2007
Messages
19
When one has to respect privacy policies, handing over a large database to a third party is a major concern. But then again work has to be done and the truth is, I have no bad experience from the past. So I guess the platform company is the best bet.
Thank you all for your input.
 

Kyrie

Fan
Joined
Sep 2, 2009
Messages
986
When one has to respect privacy policies, handing over a large database to a third party is a major concern. But then again work has to be done and the truth is, I have no bad experience from the past. So I guess the platform company is the best bet.
Thank you all for your input.
Glad you figured it all out, I wish you best of luck with transfer.
 

mysiteguy

Fanatic
Joined
Feb 20, 2007
Messages
3,016
I think everyone in the conversation has a good idea which platform developer is being considered since only one of the popular commercial platforms offers it. Their starting price is *cough* incredibly high for the work involved.

I'm admittedly biased in this area, that ought to be disclosed upfront. In my case why would I have any interest in doing anything other than the job at hand? Mishandling a client's data would be suicidal. Not just my company, but my competitors as well. Our businesses live and die by reviews.
 

yameth

Aspirant
Joined
Feb 10, 2007
Messages
19
I had a great experience working with you in the past, mysiteguy and I am looking forward doing it again in the future but I am not migrating a forum but a classifieds script.
I was just checking for some general advice from more experienced webmasters.
 

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,495
It's really about reputation management. Forget past years' repute, would messing up destroy their company's future ability to conduct business? An almost unknown freelancer could secretly retain your files instead of destroying all copies still in his posession, disappear and reappear under a new identity.

If you contract a party like IPS to migrate your data, you can be sure they have several procedures in place to ensure your satisfaction and limiting retention of your data to only parties authorized and whose experience was vetted (wether its employees or trusted contractors), especially since they also handle people's websites directly (company-hosted SaaS service) and no single site's data or money is worth sacrificing several years' struggle to building a strong reputation.

How can I be sure that it will not be copied and end in the wrong hands?
Ask for recommendations/feedback and keep asking until someone ticks all your boxes.
Bigboarders running large communities tend to have the most reliable recommendations since they tend to do a lot of research and contract trusted parties or their own inhouse technicians (which may be available for custom work for thirdparties when they're not busy).
 

PoetJC

⚧ Jacquii: Chenyneh Kween ⚧
Joined
Jul 9, 2006
Messages
21,017
I need to change platform on one of my sites
Hi yameth - If you indeed are requesting or feeling out a more reasonable, professional paid service - I'd be happy to assist. I've an extensive background in migrating software platforms. Feel free to PM me with additional information and your requirements if you like. Otherwise please excuse my foray into this thread LOL

Thanks,

J.
 

mysiteguy

Fanatic
Joined
Feb 20, 2007
Messages
3,016
I had a great experience working with you in the past, mysiteguy and I am looking forward doing it again in the future but I am not migrating a forum but a classifieds script.
I was just checking for some general advice from more experienced webmasters.
Sorry, I wasn't referring to that, didn't mean to give that impression. The gist of what I meant is to take each company's reputation on its own. Not whether it's a third party or not. Every provider ultimately lives or dies by their reputation, they can't be painted with a broad brush.
 
Top