October 15, 2009

Do You Trust Small Companies With Your Data More, Or Big Ones?

A few of this summer's acquisitions featured a scrappy upstart much beloved by the Web masses getting absorbed by a larger, more-established acquirer - with two of the more prominent examples being Intuit's buy of Mint.com and Facebook's takeover of FriendFeed. And amidst the ensuing responses, I saw two truly oppositional reactions - the first from people who swore they would never use the larger company or service because they hated it or didn't trust it, and the second, from people who now thought it was "safe" to use the smaller service as it finally had some parental supervision.

I recognize that some people have a greater tendency to accept risk in their lives, including risk to their data, than do others. Some lines of business and people operating those businesses are as a rule conservative - not venturing to buy one company's goods until they have done a full background check on the firm's financial stability, or have seen a flurry of similar use cases from peers. Others flock toward a series of early adoptions, where a personal relationship with a site's founders or employees is possible, thanks to the product's newness. And no doubt, the two sides rarely agree on a set strategy.

What are the underlying concerns both parties may have?

For Those Who Favor Big Companies Over the Upstarts
  • A small company may not have taken all necessary precautions to protect their data, making it vulnerable.
  • A small company may not have longevity, and if it expires, so too could your data.
  • A small company may grow desperate for funds and could sell your personal information.
For Those Who Favor Small Companies Over the Giants
  • A large company is more likely driven by sheer dollars than by customer service.
  • A large company may have a history that contains questionable moves.
  • A large company may act unilaterally in terms of how your data is used.
In parallel with the two acquisitions I had mentioned, there have been a few isolated cases of the smaller company putting itself up for auction, essentially turning its user base into a marketing list for sale to the highest bidder, whether or not that may contain personally identifiable information, or possibly passwords. But in parallel, you can see people who strongly dislike Google, don't trust Microsoft, or think that Facebook is evil. I even saw a post go up yesterday saying that Cisco was evil. The bigger they are, the bigger a target they are.

I tend to trust companies rather than distrust them. I am an optimist. I think there is a possible point where personal relationships with the founders trumps a robust multi-tier support system or flashier GUI. But it's not for everyone. What are your thoughts, and do mega mergers change the way you perceive your data being protected?