Jump to content

jarad69

Level 2
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

5 Neutral

About jarad69

  1. I commend you on password protection of sensitive documents, but with MS Office, one can easily get tools to perform brute force attacks to find the passwords ==> https://www.iseepassword.com/recover-ms-word-password.html The other thing is that when you encrypt the documents on Evernote, it eliminates a core function of Evernote Premium (searching inside of documents) -- I suppose that encrypting text notes inside of Evernote does the same thing however. Security as with many other things in life, is a matter of trade offs, which I think you understand since you use encryption regularly. Many others here won't understand the implications of encrypting all documents before putting them into Evernote, which is something that should be pointed out so everyone understands. That said, I may have to start encrypting all documents I put into Evernote as well. The serious pain in the *** is that with Text notes, you can't even have formatting (bulleted lists, bold, italics, underlining, etc) in any note that you want to encrypt. That is a serious functionality drawback and eliminates the use to Evernote for notes on business projects. That is quite frankly shortsighted & yes I'll say it -- stupid!
  2. I’ve pressed the GDPR issue pretty hard via multiple channels at Evernote. The first official response from a support guy identified as Anderson A. was an exercise in dodging the issue and refusing to provide direct answers. I refused to accept that and demanded an answer to my questions. Jason C., Technical Support Manager replied with a direct answer, albeit an unsatisfactory one. Pasted below are excerpts from that email: A formal GDPR compliance explanation is being worked on and will be available between now and May 25. I don't have a more specific date I can give you there. We are committed to complying with GDPR as we have with other EU laws and regulations. We have many customers in Europe and we understand how important this is to their ability to continue to use Evernote. It is possible to dive in to the database file and view that content as plain text. It takes some work but the content is there. This isn't true for encrypted note text. We don't have any plans at the moment to permit entire notes or notebooks to be encrypted. Based on that response, companies need to make contingency plans to migrate in case the official stance falls short of compliance. It also means that everything in Evernote that has attachments, has formatting (such as bulleted text, bold, underlined, or italicized text) CANNOT be encrypted and if a company has the app on laptops and those devices are compromised by malware, your cyber adversary will be able to access the data you have In Evernote. Because the Evernote app does not provide proper data security of data in its database on endpoints (laptops, desktops, etc), full disk encryption is your best defense against data breaches, but that will still not protect your data when your endpoint is compromised by malware and you decrypt your hard drive to work in Evernote. Whatsmore, Evernote has migrated its cloud to Google, which means your data might be stored on servers in the USA and could be swept up by a FISA court warrant that Evernote cannot fight and that your company will never know about.
  3. The issue is that there has already been approximately 2 years for business to get ready. If I were a DPA (data protection authority), I’d have no sympathy for any company that isn’t prepared. If one cannot meet a 24 month implementation period, should that mean that a law is suspended or its implementation should be pushed back until everyone is ready? If that’s the way the world worked, every business globally could decide to pick and choose which regulations would be implemented and which ones wouldn’t. I suspect, but won’t know until after 25 May, that there will be an example or two made as a warning shot across the bow of all enterprise doing business in Europe to send a clear signal that they need to get their affairs in order fast!
  4. I’m not convinced that non-compliance for GDPR is cheaper than compliance. Here’s my back of the napkin analysis... Evernote has approximately 220 million users Stated assumption 1 - 5% are paying users Stated assumption 2 - all pay €59.99 for an annual subscription Possible revenue under those assumptions is €659.89 million non-compliance penalties for GDPR are either €20 million or 4% of global gross revenue - whichever is greater using assumptions 1 and 2, potential fines for GDPR non-compliance for Evernote would be €263.95 million that would be the potential fine for only one major data breach where PII is compromised. Each additional breach that comprises PII, will theoretically start the fines all over again As we know, many companies have had multiple data breaches - Yahoo in the USA, TalkTalk in the UK, etc. GDPR also holds responsible the companies using a service who put PII into that service, so enterprise clients of Evernote could theoretically be hit with devastating fines as well. Today, it looks like there is no other option for people in Europe other than to drop Evernote and migrate to Microsoft SharePoint. It’s not my preferred option, but I’ve been put into a corner by C-Level execs at Evernote!
  5. It's official. The IT Department in my company has prohibited Evernote for work because it is not GDPR compliant.
  6. Painful to admit, but I fear you are correct.
  7. Hi rezecib, Thank you for the reply. I’m an American that emigrated to Austria 3.5 years ago. I work at an international market research consultancy & my focus is privacy and cybersecurity, which means I have to look at regulatory compliance and corporate governance issues. I was a keynote speaker at a security conference in 2015, before I’d been in Europe for 1 year. The comment some told me privately was that American companies just don’t get it regarding privacy in Europe. I’ve come to realize that’s an accurate assessment. Privacy here is enshrined in the law as a basic human right. GDPR: 1 - further solidifies that position 2 - addresses the out of control problem of companies not taking sufficient steps to prevent data breaches 3 - sets forth an enforcement penalty regime intended to get the attention of companies at the board of directors level 4 - enables examples to made of companies that display willful non-compliance - €20 Million or 4% of gross annual revenues, whichever is greater. 5 - It also holds liable companies that use services that do t comply with GDPR - in other words, your customers! As an Industry Principal with 18 years analyzing markets and the IT vendors in those markets, I have to tell you, your CEO, your BoD, and your investors that Evernote is clearly not ready for a globally game changing regulation in one of the biggest trading blocks in the world. My inability to get real answers from Evernote on this issue, as a paying customer, tells me that your company won’t be ready by 25 May 2018, which will put Evernote in the crosshairs of every DPA (data protection authority) across the 28 member state block - Britain included, because despite BREXIT, the UK govt supports GDPR implementation. I’m wondering now if my company should write an Insight article on American companies that put their own business and the business of their enterprise customers at risk by not having set plans to comply with GDPR. With respect to what Evernote has built and how enthusiastic I personally am about the platform, GDPR goes into law in about 9 weeks. To comply, you need to have already been working on/implementing technology, process, and policy changes. Clearly that hasn’t happened. That means all personally identifiable information (PII) I have in the system needs to be deleted, starting with a few hundred business cards. I trust that you will pass this up to the office of the CEO, because from my perspective, Evernote management is asleep at the wheel.
  8. This is going to pose some substantial business problems fro Evernote in the European Union. GDPR goes into effect on 25 May 2018 and potential fines for non-compliance are €20 million or 4% of gross global revenue - whichever is greater. If Evernote doesn't address this issue, it will have to pull out of Europe or risk devastating fines. In addition, anyone using Evernote for business in Europe will have to stop using it, so all revenue across the 28 member states will dry up immediately. I'm stunned that Evernote's CEO and legal department are not on top of this issue.
  9. Is there any movement at all at Evernote HQ on this issue? GDPR is the biggest change to data privacy the world has seen. I will have to stop using Evernote for certain things if this issue is not adequately addressed prior to May 25th. As an American working on cybersecurity and privacy issues in Europe, I've been told that American companies "don't get it" regarding data privacy in Europe. I'm beginning to wonder if there is truth to that. Anyone at Evernote want to contribute something from your legal department on this issue? There are potential fines of €20 million or 4% of global gross revenue for non-compliance (whichever is GREATER). It seems this should be on the radar at the CEO level over there.
  10. I have a security question for Evernote moderators. I'm security conscious, so I have a very strong alphanumeric + symbols password and I use 2FA. I'm also aware I can encrypt text inside of notes, but I cannot encrypt a note with attachments (documents, photos, recordings, html, etc) and I cannot encrypt an entire notebook. I'm also aware that there have been measures to secure the Evernote cloud by moving over to the Google Cloud Platform (GCP). My first question is specific to the desktop versions for Windows and Mac as well as the app version for iOS. Is it correct, as is reported here -- https://www.lifewire.com/evernote-tips-you-should-avoid-153286 - that " third-party tests reveal that in the local database, the selected text still remains searchable in plain text." My second question is "what has Evernote done to ensure it is GDPR compliant for Europe?" My third question is "how does Evernote comply with strict data privacy laws in Austria? (that's in Europe, not down under) My final question is when can users expect to be able to encrypt entire notebooks and when can we expect to encrypt notes that have file attachments?
×
×
  • Create New...