Paizo Update from Jeff Alvarez

The impression I get is that nobody really reacted the first time it happened, so it's possible it was just overlooked. My read of it is more "extremely unprofessional and ignorant" than "deliberately malicious".

And, like, that's still very serious.

Also exasperated, I suspect. The Ninja Division fiasco is not an easy thing to deal with.

Obviously, I don't think it's okay to dig out a user's name they've chosen to keep secret and publish it on the website, even if you are exasperated. But that part, in particular, isn't a regular, business-as-usual event, in my opinion.

It needs addressing, but it's different from claims of long-running discrimination and poor working conditions.

EDIT: In my mind, anyhow. I appreciate everyone has their own boundaries and events that are a bridge too far. If that's yours I'm certainly not trying to talk anyone out of it.

Also exasperated, I suspect. The Ninja Division fiasco is not an easy thing to deal with.

Obviously, I don't think it's okay to dig out a user's name they've chosen to keep secret and publish it on the website, even if you are exasperated. But that part, in particular, isn't a regular, business-as-usual event, in my opinion.

It needs addressing, but it's different from claims of long-running discrimination and poor working conditions.

EDIT: In my mind, anyhow. I appreciate everyone has their own boundaries and events that are a bridge too far. If that's yours I'm certainly not trying to talk anyone out of it.

No argument there, and for sure I care more about other issues than that one, but this is *indisputable* malfeasance and yet... silence.

Steve Geddes wrote:

Also exasperated, I suspect. The Ninja Division fiasco is not an easy thing to deal with.

Obviously, I don't think it's okay to dig out a user's name they've chosen to keep secret and publish it on the website, even if you are exasperated. But that part, in particular, isn't a regular, business-as-usual event, in my opinion.

It needs addressing, but it's different from claims of long-running discrimination and poor working conditions.

EDIT: In my mind, anyhow. I appreciate everyone has their own boundaries and events that are a bridge too far. If that's yours I'm certainly not trying to talk anyone out of it.

No argument there, and for sure I care more about other issues than that one, but this is *indisputable* malfeasance and yet... silence.

And to be clear, not a one-off scenario. That's from the very top of the company, and there has never been any consequence that matters in regard to it. It's pretty plain.

I think it's more when it's personal and violating the business/customer relationship that things are a lot more scary. There's any number of truly horrific things you can do to someone if you have their name, address, contact info and billing information. If a business is already willing to breach part of that, there's so so much worse that someone with an ax to grind could do that would be practically untraceable.

As someone who has worked at a bank and knows that all security is basically smoke and mirrors, ANY kind of breach in that façade should be taken incredibly seriously.

But we also know there will be *absolute silence* on any issue that matters from the likes of the affiliates - from the Glass Cannon, from Find the Path. And any action must involve them as well until they're willing to stand up for the values they claim.

And that wrecks me. It's hard to reconcile, but they're supporting the status quo and benefiting away from it. "No" to participation in the structure is also "no" to participation with affiliates, since the money talks.

There wasn't nothing, since, like, he did acknowledge wrongdoing. But the situation demanded more. At the very least, an up-front post explaining why it was wrong, fully and deeply apologizing, and promising to do better. I can fully believe it was a rookie screwup - he'd only been president for five months, the situation was hectic, and Paizo has often been pretty informal when engaging with posters - but it was a serious mistake to make.

But we also know there will be *absolute silence* on any issue that matters from the likes of the affiliates - from the Glass Cannon, from Find the Path. And any action must involve them as well until they're willing to stand up for the values they claim.

And that wrecks me. It's hard to reconcile, but they're supporting the status quo and benefiting away from it. "No" to participation in the structure is also "no" to participation with affiliates, since the money talks.

I'm pretty sure if these companies don't do business with Paizo, they cease to exist. The TTRPG industry is stupid fragile. It always has been. That's not to say there's no expectations for accountability, but they have to tread pretty lightly.

There wasn't nothing, since, like, he did acknowledge wrongdoing. But the situation demanded more. At the very least, an up-front post explaining why it was wrong, fully and deeply apologizing, and promising to do better. I can fully believe it was a rookie screwup - he'd only been president for five months, the situation was hectic, and Paizo has often been pretty informal when engaging with posters - but it was a serious mistake to make.

Catulle wrote:

But we also know there will be *absolute silence* on any issue that matters from the likes of the affiliates - from the Glass Cannon, from Find the Path. And any action must involve them as well until they're willing to stand up for the values they claim.

And that wrecks me. It's hard to reconcile, but they're supporting the status quo and benefiting away from it. "No" to participation in the structure is also "no" to participation with affiliates, since the money talks.

I'm pretty sure if these companies don't do business with Paizo, they cease to exist. The TTRPG industry is stupid fragile. It always has been. That's not to say there's no expectations for accountability, but they have to tread pretty lightly.

I believe it's technically called subinfeudation.

There wasn't nothing, since, like, he did acknowledge wrongdoing. But the situation demanded more.

But yes, agreed.

That there has been nothing in years until any pressure is applied tells us a great deal.

That Paizo feels that somebody who is willing to abuse data security is worthy to stand as their president years later tells us a lot more.

Aaron Shanks wrote:

I have two trans godchildren out of five, one I just officiated his marriage last summer and the other, a minor, just announced her new name last week. So, I'd like think, I get it.

Personally, while I understand the emotional and intellectual tension of this ambiguous state, I think it is better for the company to talk to the staff, and third party experts, to take the time to get it right. That is what I see happening from my limited work-from-home vantage point.

My job is half Marketing and half PR. I love the opportunity to work with influencers and interview the staff. So I...

Aaron, unless there is *some* acknowledgement and response to the company's President publicly and on the record exposing a (okay, two) community member's(') identities in order to "underscore how seriously he takes things" on top of the trans-discrimination issues, there will be questions about how trustworthy Paizo can be about data (mis)management. There is using information for a specific purpose, and then there's that purpose being to win forum arguments.

Jeff publicly apologized in the thread where this happened for his behavior. It was definitely not the best apology but it was indeed an acknowledgement that he was wrong and an apology for what he did.

He may speak on it again or write up a more formal apology for it but as far as whether or not he has apologized for it.. He has.

If I shatter someone's kneecap and say "whoops, my bad" I have also apologized.

We don't want an apology we want accountability.

Kobold Cleaver wrote:

There wasn't nothing, since, like, he did acknowledge wrongdoing. But the situation demanded more.

But yes, agreed.

That there has been nothing in years until any pressure is applied tells us a great deal.

That Paizo feels that somebody who is willing to abuse data security is worthy to stand as their president years later tells us a lot more.

That feels like the most cynical reading of his actions, which I'm not saying is unfair, it's just not mine, I guess. I read them as him simply being ignorant to the norms of running a company and the boundaries that are set. Like I said, Paizo has historically been pretty informal, for better and for worse. I gathered from what he said at the time that it hadn't even occurred to him that what he was doing was seriously abusive. Is that a red flag itself? Yes. But I don't think it's damning. The first poster it happened to didn't even fully register what had happened; they were just sort of nonplussed. It doesn't read to me as a knowing act of abuse, nor does the silence that follows feel like a deliberate cover-up so much as carelessness.

What I'm saying is that Paizo has a culture of kind of informal nonprofessionalism. Sometimes I think I prefer that--it's nice to have James Jacobs posting casually making jokes and stuff. Some aspects of it are more concerning. As we've all agreed, this needs to be acknowledged and seriously addressed.

I'm not trying to pivot, but have you emailed Paizo on the matter? I haven't yet had the chance to compose an email about everything over the last couple weeks, personally. Did anyone follow up with them through the normal channels about what happened? Like, I don't mean you specifically should have. Do we know that anyone ever told Paizo that the apology wasn't enough? Because nobody seems to have in the thread that I can see

If I shatter someone's kneecap and say "whoops, my bad" I have also apologized.

We don't want an apology we want accountability.

I would hope that we all would want accountability, but I think we each have a different view of what accountability would look like.

I mean, should Jeff be held accountable for revealing someone’s real name? Sure, but I mean, do you want him fired to meet your sense of accountability?

What does accountability mean for the person or persons who came up with the whole bizarre policy about hotel rooms?

I care much more about accountability than I transparency - I’d rather they fix these problems with the right solutions than I do about them giving us an update on the spot because people demand it.

And what is your sense of accountability for someone using their position to get someone's personal identifying information to use as a threatening manner to win an argument?

EDIT: Nevermind, I'm scrapping this post. I'm not saying anything of substance. I don't feel confident in any position right now. I'm pretty sure I agree with both Rysky and Mark, though.

The court of public opinion tends to be driven by outrage and the punishment [demanded] generally far exceeds the weight of the crime. Most people are quick to call for someone's head, but when they themselves do something wrong, we are supposed to be sympathetic and provide them a path to redemption.

And outside of WotC powered by Hasbro, you will never see a union in this niche industry. Most of these companies operate out of peoples houses, apartments, or vans.

And let's be honesty, I can *Hands waves at Mountain of Corporations* that we are using this very moment who make Paizo look like Angels made of the Tears of Holiness. Hell all RPG books are printed in China. Along with the rest of the worlds products. They're committing genocide.

Off the top of my head, I can think of two RPG book companies that gets printed in the USA [that isn't from a POD service thingy]; one would be the WotC D&D books [unless that's been changed recently] and the other would be Troll-Lord Games for the Castles and Crusades/Siege Engine books [being based outta Arkansas, they bought out a local printing company that had gone out of service there].

PS. haz some orchestral "Let It Be" singin' to help for some relaxations. ;p

And being printed in the USA is good? Not like their track record on human rights and labor law is stellar……

It’s al about which standards are acceptable to you….

If I shatter someone's kneecap and say "whoops, my bad" I have also apologized.

We don't want an apology we want accountability.

Acknowledgement that it was wrong and apologizing is accountability. It's a fairly weak form of it but it definitely is. What are you asking for here? Do you want him to step down for his mistake? Do you want him to give himself a pay cut? Are you asking for something else?

He was wrong and made a mistake. He was likely spoken to by several people high up in Paizo about his mistake and understands that it was not appropriate in the slightest. I'm pretty sure he learned his lesson over it.

The point was more to illustrate that nearly all TTRPG books sold domestically in the US were printed outside of the US with the majority being printed in China.

Onyx Path did switch their traditional print runs to US printers recently because of the extensive delays and paper scarcity issues that beginning to hit everyone, so that’s at least one more.

“It's a fairly weak form of it but it definitely is.”

You defeat your own rebuttal.

“He was likely spoken to by several people high up in Paizo”

He is the “people high up in Paizo”.

“I'm pretty sure he learned his lesson over it.”

And you’re allowed to tell yourself that, sure.

Wow. Yeah, that is... deeply unprofessional. Reading it as kindly as I can, it's incredibly ignorant and reckless and dangerous. My deadname has been available to the company for a long time. Do I get to feel safe buying from Paizo if that name is seen as a potential tool to put me in my place? I don't think that would ever happen, but that's the kind of thing I shouldn't have to even worry about with a private company!

His apology wasn't off the mark, but still... that is such a serious breach of consumer trust. I can understand it being a nonstarter for people in the absence of any visible consequences.

Take a look at my profile. The day Jeff Alvarez was found Doxxing community members is the day I decided it was needed.

Here is my original response to Jeff after the initial statement explaining what happened. Jeff removed quite a few posts from that thread. He left enough up so that people later could see what transcribed. But the actions he took not only affected the 2 people he doxxed, but tore quite a rift in the community. Some members not only agreed with him for doxxing but applauded him. At least one of those members came to me later and apologized in hind sight seeing just how wrong what Jeff did.

My original response to Jeff's official response which also takes you to the original thread.

https://paizo.com/threads/rzs43h04&page=7?Staff-Change-Update-from-Paiz o-President-Jeff#335

Go to Clickified.

There wasn't nothing, since, like, he did acknowledge wrongdoing. But the situation demanded more. At the very least, an up-front post explaining why it was wrong, fully and deeply apologizing, and promising to do better. I can fully believe it was a rookie screwup - he'd only been president for five months, the situation was hectic, and Paizo has often been pretty informal when engaging with posters - but it was a serious mistake to make.

Catulle wrote:

But we also know there will be *absolute silence* on any issue that matters from the likes of the affiliates - from the Glass Cannon, from Find the Path. And any action must involve them as well until they're willing to stand up for the values they claim.

And that wrecks me. It's hard to reconcile, but they're supporting the status quo and benefiting away from it. "No" to participation in the structure is also "no" to participation with affiliates, since the money talks.

I'm pretty sure if these companies don't do business with Paizo, they cease to exist. The TTRPG industry is stupid fragile. It always has been. That's not to say there's no expectations for accountability, but they have to tread pretty lightly.

Sorry KC.... But it took weeks of constant hounding and many posts were removed from the thread if I remember right. As I was in the thick of it I believe I do.

I don't believe he actually ever understood what he did was wrong. It is just another indicator of someone who has no problems visibly showing they are willing to use coercion and fear to try to keep customers in line. I can only imagine that the stories that have come from former employees about how they are handled when they spoke up in defense of themselves are true.

It shows someone who I personally believe could foster a workplace of fear and submission, and is just an example that we in the public can see. One that, mind you, is horrifying and without consequence.

I gave Jeff a second chance after it. I did not amplify it outside of that thread until the accusations hit the social media and the initial response from Paizo was so far lacking that I would call it abysmal.

Remember, this started because Sara Marie was unceremoniously fired and Diego walked in protest. What kind of environment do you have when someone quits in protest and states it is because 2 managers above them make work life unbearable?

Yes we are amplifying the Trans issues and LGBTQ+ community issues. But lets not forget who fostered an environment where those issues could flourish.

“It's a fairly weak form of it but it definitely is.”

You defeat your own rebuttal.

“He was likely spoken to by several people high up in Paizo”

He is the “people high up in Paizo”.

“I'm pretty sure he learned his lesson over it.”

And you’re allowed to tell yourself that, sure.

I do not defeat my own rebuttal by saying it's a weak form of accountability. It probably just doesn't rise to the standards of what you would ask for. It does however rise to my standards of a minimum.

Regarding the second point, even the President of a company is consulted and reprimanded by people under them including by leadership for HR, Legal, PR, and Support departments. Just because he is at the top doesn't mean that he isn't held accountable for his actions by the people under him.

“I do not defeat my own rebuttal by saying it's a weak form of accountability. It probably just doesn't rise to the standards of what you would ask for.”

…

If it took him several weeks of pressuring to apologize, and his only apology was what we saw in the thread, I agree that it does not seem likely to have been an earnest blunder - and even if it was, a stubborn unwillingness to admit mistakes like that from leadership is exactly what leads to toxic environments forming.

I understand what Gloom is saying. In this case, I don't think the apology Jeff gave is sufficient. I am open to seeing a more humble and complete admission of wrongdoing, but I believe that the most appropriate action is likely for him to either step down or at bare minimum be assigned specific transparent safeguards that will hold him accountable in the future.

I think it might be best to make a separate thread for this. I had no idea of the issue until another poster kept alluding to it and I finally asked them what they were talking about, and it's a little frustrating to spend, what, two weeks processing everything only to find out there was a gigantic additional professionalism issue that I wasn't in the loop on. That's no one's fault, to be clear, it's just rough to deal with now. A new thread would do more to call attention to this.

If it took him several weeks of pressuring to apologize, and his only apology was what we saw in the thread, I agree that it does not seem likely to have been an earnest blunder - and even if it was, a stubborn unwillingness to admit mistakes like that from leadership is exactly what leads to toxic environments forming.

I understand what Gloom is saying. In this case, I don't think the apology Jeff gave is sufficient. I am open to seeing a more humble and complete admission of wrongdoing, but I believe that the most appropriate action is likely for him to either step down or at bare minimum be assigned specific transparent safeguards that will hold him accountable in the future.

I think it might be best to make a separate thread for this. I had no idea of the issue until another poster kept alluding to it and I finally asked them what they were talking about, and it's a little frustrating to spend, what, two weeks processing everything only to find out there was a gigantic additional professionalism issue that I wasn't in the loop on. A new thread would do more to call attention to this.

Yeah. I brought it up the day after the initial response but that thread is locked and I am only amplifying it now because it got brought up again.

The conversation shifted towards amplifying the Trans voices in the community and LGTBQ+ voices and so I haven't been hammering on this.

But a lot of what came up in the first few days got drowned out by people shouting down anyone who was speaking up. Conversation has gotten a lot more civil believe it or not.

As for a separate post. It was never my intention to do anything except amplify the voices of the community members being drowned out. I don't want to take the conversation away from the very good and deep threads that are existing which is why I keep referencing my original post which went largely unanswered in the first thread and the members of the community who tried to drown out the voices who are currently speaking up spent a lot of time casting doubt on what anyone can clearly see.

Literally was told by members that unless Jeff posted the doxxed members actual addresses it wasn't doxxing at one point....

Yeah, I edited my post because I don't want to come across as criticizing you. I appreciate you bringing it up. I do think in this case that it's worth focusing on every bit as much as the transphobia and the pay and the firing and so on. It's not about which is most important. It's all connected. The Jeff who wouldn't understand the sanctity of irl names probably didn't understand trans issues that well either.

Rysky wrote:

“It's a fairly weak form of it but it definitely is.”

You defeat your own rebuttal.

“He was likely spoken to by several people high up in Paizo”

He is the “people high up in Paizo”.

“I'm pretty sure he learned his lesson over it.”

And you’re allowed to tell yourself that, sure.

I do not defeat my own rebuttal by saying it's a weak form of accountability. It probably just doesn't rise to the standards of what you would ask for. It does however rise to my standards of a minimum.

Regarding the second point, even the President of a company is consulted and reprimanded by people under them including by leadership for HR, Legal, PR, and Support departments. Just because he is at the top doesn't mean that he isn't held accountable for his actions by the people under him.

What HR department? He fired the head of the support department, so clearly that wasn't doing it either.

I do want to say that if Paizo hires an independent watchdog company that specifically looks into this incident, that would be a good step. Accountability, as in making sure this can't happen again and that the cultural elements that enabled it in the first place are dealt with, is my priority. It just might be that one of those cultural elements is the current president of the company. Which is a tough one.

I am positive there are consulting companies that specialise in creating positive and inclusive workplaces. If I were Paizo I would be looking for one of those and asking for a lot of help.

Just a thought: isn’t this sort of interaction illegal in the state of WA? I’m no lawyer, so I don’t know if it applies here specifically, but there’s a cyberstalking law on the state books. And I mean “criminal misdemeanor” and not “civil case.”

EDIT: specifically, the doxxing issue

Just a thought: isn’t this sort of interaction illegal in the state of WA? I’m no lawyer, so I don’t know if it applies here specifically, but there’s a cyberstalking law on the state books. And I mean “criminal misdemeanor” and not “civil case.”

EDIT: specifically, the doxxing issue

So, it is a grey area.

It is illegal if both parties are in Washington and the person doxxing is intending to intimidate/harrass clear cut. It is illegal if the doxxing party is in Washington and the other party is outside of Washington and something bad happens as a result clear cut.

What isn't clear cut is you have to prove in a court of law that you felt harrassed by the doxxing and if the people accused can afford better lawyers than you? Good luck.

Jeff apologized initially saying he felt he was still justified for doxxing trying to '...I wanted to get your attention and get the rest of you guys to understand how seriously we are taking this..." Jeff didn't apologize in a real manner until I pointed out the actual laws down thread of him that if something happened to the Doxxed customer that he and Paizo could be held legally accountable. Even then he apologized then saying "I honestly had no idea that this was such a big deal and I apologize for my behavior"....

This is when I stopped engaging on this at the time and hoped that he really did understand the ramifications of what he had done.

It wasn't until Sara Marie was fired, Diego quit and the accusations popped upon Social Media did I feel he most likely doesn't understand the ramifications of his actions and likely never would.

Rysky wrote:

If I shatter someone's kneecap and say "whoops, my bad" I have also apologized.

We don't want an apology we want accountability.

What are you asking for here? Do you want him to step down for his mistake? Do you want him to give himself a pay cut? Are you asking for something else?

I too am curious about this.

Something tangible and better than an "ah, whoops?"

That seems like a good bare minimum, yeah.

It's like a burden of proof; the one who has broken the trust is the one who needs to figure out how to rebuild it.

I also want to point something out: "Redemption" and "head-chopping" are entirely irrelevant to anything we've talked about. This isn't about Jeff's personal journey or our thirst for revenge. It's about who you trust to be in power, and how someone can lose that trust or seek to recover it. Power is a privilege, not a right.

I'm deeply opposed to acts that strip away someone's access to personal redemption. At the same time, someone's eternal access to redemption has absolutely nothing to do with forgiveness or trust. It's a personal thing.

I've been through my fair share of mandatory learning modules in a few different businesses. "Business need to know" is a basis most companies share. You shouldn't have access or be able to request access to any data that isn't required for you to perform your job duties. There's really no good reason why the CEO of the company has personal access to all of their customer's data. That's the kind of thing that causes massive security breaches rather easily. If they didn't have access and requested the data from another department...what in the world is going on at Paizo?

Like...did Jeff send an email to whomever would have access to that data and ask for it? How was that email even worded? "Hey, can you look up this person's information and tell me their real name so I can use it in a forum post when referring to them?" Does whoever that has admin privileges on the website always have access to everyone's data? Seems like an IT security nightmare.

I've been through my fair share of mandatory learning modules in a few different businesses. "Business need to know" is a basis most companies share. You shouldn't have access or be able to request access to any data that isn't required for you to perform your job duties. There's really no good reason why the CEO of the company has personal access to all of their customer's data. That's the kind of thing that causes massive security breaches rather easily. If they didn't have access and requested the data from another department...what in the world is going on at Paizo?

Like...did Jeff send an email to whomever would have access to that data and ask for it? How was that email even worded? "Hey, can you look up this person's information and tell me their real name so I can use it in a forum post when referring to them?" Does whoever that has admin privileges on the website always have access to everyone's data? Seems like an IT security nightmare.

There are very few reasons why anyone in the company should have access to that information. Ostensibly we provide our names/addresses for shipping & billing purposes - the only time someone should view those details at all are if they need to for those exact purposes, and only the people who work in that role. Those details shouldn't have anything to do with interacting with us on the public forums.

When I worked in local government, if the Mayor or the CEO had sent me an email requesting someone's personal information, they would have had to have a really good reason backed up by government policy for me to give up that information. Being in charge of the organization does not give you free reign to personally access all of the information that organization is entrusted with.

When someone in charge inappropriately accesses information, they are doing not one but three bad things - they are personally misusing private information, failing in their responsibility to make sure their organization and staff protect people's information, and putting the staff they get the information from in the awkward position of having to choose between complying with their boss or complying with ethics/the law.

I believe Jeff is kind of straddling the roles of CEO and COO (his old job). Paizo is small enough that there were times he helped out as COO (hes helped out with an awkward order for me since becoming president, in fact - something that I was extremely grateful for).

Lisa Stevens has physically packed parcels for subscribers in the warehouse from time to time.

We shouldnt forget that the corporate titles mask a very small company.

Doxxing is an issue. But executive having operational roles (and hence access) is a fact of life for a company like paizo.

For some context, some carelessly-Googled numbers:

Paizo: 142 employees.
My old community college: 310 faculty.
Valve, a company kind of infamous for being run unprofessionally and deliberately kept as small as possible: 360 employees.
Discord, a company constantly scrambling to manage a steady profit: 450 employees.
Wizards of the Coast: 1,500 employees.
Blizzard, which, you know: 4,700 employees

This isn't to say Paizo's not still on the hook. It's just something to keep in mind. Accountability and checks and balances are bureaucracy, and bureaucracy is labor, and a lot of small companies skimp on it early on for the same reason a lot of small companies avoid unionizing and a lot of married couples don't sign prenups--"Aw, c'mon, nobody's gonna be an a~@+%&+ here, we don't need that kind of formality to ruin things."

That is absolutely zero reason not to hold Paizo to standards of basic professionalism and decency. Actually, it's pretty good reason to do the opposite, because these are the exact kinds of reckless attitudes that lead to basically everything we're talking about here and a lot worse.

You shouldn't have access or be able to request access to any data that isn't required for you to perform your job duties.

While I completely agree with you, putting such controls in place isn't completely trivial nor are such barriers completely without cost (due to introduced inefficiencies if nothing else).

Lets not forget that
1) Paizo is quite a small company
2) Understanding computing related stuff isn't exactly one of their Core Competencies as a company.

Lots of small companies have woefully inadequate procedures in all sorts of ways. Like just about everybody who has worked in small companies, I could tell you some stories that would make the CEO having admin access seem like nothing at all :-)

If someone is occupying an operational role and has access to confidential information, they should be properly trained in the use and protection of that information.

Clearly he was not.

This didn't happen back in the early 2000s, this happened only a couple of years ago. The public discourse and industry standards had advanced well past 'maybe don't go slinging confidential information around in public online spaces'.

If small town doctors can manage not to violate HIPAA, an exec at a small publisher can manage to not violate customers' trust.

Honestly, I generally expect small-town anything to be run like a complete corrupt dumpster fire, because nobody ever holds anyone to account in small towns. The only reasons Parks and Rec isn't a plausible documentary are a) there are people working in the department who aren't related to the head of the department or one of his buddies, and b) Ron Swanson would be too much of a bleeding heart liberal to ever get appointed there. My older sibling, Gark the Goblin, worked at a small-town department for a few years, and it was the worst job I think they ever held. They'd drive me home every day and rant about the corrupt or abusive BS their coworkers or supervisors were up to that week.

And you know what? That kind of thing sucks. I'm glad we're all paying attention here and holding people to account for their actions. Paizo can and should be better than that. It should have been better than that.