On Demand Library
Created in partnership with
Early Stage Companies and Privacy Law
5:35
Legal Disclaimer 
The information provided in this video does not, and is not intended to, constitute legal advice, instead, all information, content, and materials available on this site are for general informational purposes only. The law changes fast, so information in the video may not constitute the most up-to-date legal or other information. 
Overview of Major Global Privacy Laws
General Privacy Law Principles
What Kinds of Companies Need to Worry About Health Data?
Overview of US Privacy Laws
Who Engages in a Data Breach?
Transcript

00:06
Adam Stofsky
Hey, Shannon. How are you? 


00:07
Shannon Yavorsky
Hey Adam. How's it? 


00:09
Adam Stofsky
Good, good. So I wanted to hear from you about how, like, pure startups, really early stage companies, like, you know, pre Funding, Angel Round, Precede, these really early companies, software companies and other tech companies, or really, actually any company, how should they be thinking about privacy law? It's probably not the first thing on their mind. They're thinking about how do I make money? How do I build my product? Who the heck do I hire? How do I raise money? But this is going to be an issue. So how should folks start thinking about this issue? 


00:45
Shannon Yavorsky
It's a good question. I think they need to start by thinking about risk and what's exposing them to the most risk. And one of the things that we talk to companies about is the observable traits of their privacy program. And the first port of call is the privacy policy. So if you're a website that is launching and you're selling a product or you're offering services, you need to have a privacy policy. It can be basic, absolutely, depending on the level of personal information that you're collecting. But you need to have one. And you'll see that every website has a little link at the bottom of the page that says privacy Policy and Terms of Use. And both of those things are really critical even for early stage companies. The second thing that I counsel companies about is thinking about privacy by design. 


01:36
Shannon Yavorsky
And what I'm talking about there is thinking about how privacy fits into a product or service so that you don't get caught out down the line and you've developed something that is collecting far too much information or you're collecting all kinds of children's data or financial data without having thought through what the associated issues are. So privacy by design is a principle that I talk to even very early stages of companies about. So those two things, the observable traits of the privacy program, the privacy policy, and privacy by design are two really important pieces that we talk to early stage companies about. 


02:16
Adam Stofsky
Okay, so I have a few follow up questions on this. Let me start with this privacy by design, because that's easier for me to wrap my brain around. This is fairly straightforward. You have compliance obligations. You have limits to what you're allowed to collect or duration of time you're allowed to keep it, or you have to be able to respond to requests of customers to delete data. The idea is you need to build your software with that in mind early so you're not, like, undoing a lot of stuff later. It's cheaper to build it in compliance now than later, basically. 


02:45
Shannon Yavorsky
Yeah, that's right. To think about that data collection, whether you're collecting sensitive data in particular. So health data and we come across this in health. Like, there's a proliferation of health apps or financial apps or software that is really aimed at helping consumers, but at the same time, they're collecting vast quantities of personal information which could be sensitive in nature and expose the company to risk if they're collecting it in the wrong way. 


03:15
Adam Stofsky
So, like, product managers, engineers, even CEOs of small companies need to kind of become like mini privacy experts early on. Right. At least have know the basics. 


03:26
Shannon Yavorsky
They need to think about it so they're not building something that then has to be dismantled and put back together in a privacy compliant way. 


03:34
Adam Stofsky
Right. Okay, let's go to the observable traits. First of all, that's a little legale easy. What does that mean? 


03:39
Shannon Yavorsky
So when you get to the end of a privacy compliance program, you don't get a compliance certificate or a gold star. You have the good knowledge that you have a nice program in place. The only place that anyone can check whether you've done anything in terms of your privacy program is to look on your website and see what you have, what public statements you're making in relation to your privacy practices. And we do that in rounds of financing and exit. The first place I go is to the privacy policy, and that gives me an idea of the level of sophistication of the company or how they've thought about privacy and the collection of personal information. So when I talk about observable traits, I'm like, what can people see? 


04:28
Shannon Yavorsky
And it's not just investors, but it's also competitors and your customers and privacy activists potentially, but that's the public face of your privacy program is anything that's posted publicly on your website or at your events, anything like that. 


04:46
Adam Stofsky
Okay, so let's recap. If you're a startup or presumably it sounds like useful for later stage companies too, but if you're a young company, two critical things to think about. One is observable traits. These are the things people can see about your privacy practices. So, like, primarily have a privacy policy, and presumably you have to follow that policy. Right? I'm assuming you have to do that also. And then privacy by design. So, like, bake privacy into your products early so you don't have to spend a lot of money and time retrofitting things later. Did I get that right, Shannon? 


05:23
Shannon Yavorsky
You got it right. Yeah. Bake privacy in at an early stage. That is the right message. 


05:29
Adam Stofsky
Great. All right. Thank you so much for that. 


05:32
Shannon Yavorsky
Thanks, Adam. 

PDFs
Audio
Share Video
Embed Video
© 2024 Briefly
Terms of Use
Privacy