Dear Evernote Community:
Good businesses are built on trust and collaboration — not only within their own walls, but also between the people who build a product and the people who rely upon it. You place billions of your most important thoughts and ideas in Evernote; we must honor that trust by ensuring they remain private and confidential.
First, I’ve reviewed our internal controls and processes with our technical, security, and legal teams. While I’m confident that our existing controls provide a level of security comparable with other cloud providers, it has become clear to me that parity is not enough. Our goal should be to lead the thinking in this area, as new technologies continually challenge society’s understanding and expectations of what privacy is and should be. As a first step, we have heightened our already strict controls on employee access levels across the company and, starting today, I will be managing this process personally. In addition, we are reviewing options to give users more control over the security of their own notes.
Second, I have reached out to data and privacy experts around the world and intend to seek their ongoing guidance around privacy and emerging technologies. I have spoken with John Verdi at the Future of Privacy Forum (FPF), and we will partner with FPF as we define our future approach to privacy. You will see a new policy from us early in 2017. In addition, our leading privacy expert (and VP of Legal) Emily Hancock has been a co-chair of the Enterprise Cloud Privacy Group for the past two years. I’ve asked her to work directly with ECPG and other similar industry organizations in advising us on privacy matters going forward, and to expand the groups she works with.
Finally, I’ve asked Josh Zerkel, our Director of Community, to establish a new Evernote Customer and Community Advisory Board that will meet quarterly. This group will provide a systematic way to inject customer feedback into major decisions. The first of these panels will meet in February in San Francisco.
The past few days have been deeply humbling for us, but I believe these steps will put us in the forefront of cloud privacy thinking. My promise to you is simple: collaboration and trust. You deserve nothing less.
If at any point you feel we aren’t listening, please don’t hesitate to contact me personally via Twitter (@croneill) or email (firstname.lastname@example.org) with your concerns. I thank the many of you who did so in the past week.