On Demand Library
Created in partnership with
Getting Started With Privacy Policies
5:56
Legal Disclaimer 
The information provided in this video does not, and is not intended to, constitute legal advice, instead, all information, content, and materials available on this site are for general informational purposes only. The law changes fast, so information in the video may not constitute the most up-to-date legal or other information. 
Overview of Major Global Privacy Laws
General Privacy Law Principles
What Kinds of Companies Need to Worry About Health Data?
Overview of US Privacy Laws
Who Engages in a Data Breach?
Transcript

00:09
Adam Stofsky
We all know that pretty much any company, pretty much that does anything on the Internet takes data at all from customers really ought to have a privacy policy as part of their sort of public facing pers. Sona right. You need to tell your customers what your privacy policy is. So if you're like a pure startup, you're not exactly rolling in money yet. How do you do this? What is like the first step you take to get a policy and get one that's going to work for your company? 


00:41
Shannon Yavorsky
Yeah, it's a really good question. I think a lot of very early stage companies can obtain templates of privacy notices or privacy statements, but as soon as they're able to, we really recommend working with council to ensure that they're tailored to the company's actual practices. And it's important from a privacy compliance perspective to be able to say what you do and do what you say. And the privacy policy really needs to reflect your actual privacy practices. That needs to talk about the data that you're collecting and the purposes for which you're using it for. And that's better to do as early as possible. 


01:24
Adam Stofsky
So say what you to do what you say. That means if you find some privacy policy on the internet and throw it up on your website and you're not following it's not going to do anything for you. Basically. 


01:34
Shannon Yavorsky
It's not super helpful. That might actually be more dangerous than not having a privacy policy at all. 


01:43
Adam Stofsky
Because you're creating some false impressions for your customers, basically. 


01:46
Shannon Yavorsky
Right? But there's nothing to say. You can't go to competitors websites, look at their privacy policies, and help you think about how they're talking about data collection, what data elements are collected and how the data is being used. Obviously not copying it, but using it to help understand what that universe out there looks like. 


02:07
Adam Stofsky
Okay, so then I'm hearing this, like, higher council, and I run a startup, and I'm already kind of freaking out about this. Is this a hugely complex project? What are we talking about in terms of number of lawyer hours? How much would people expect to pay basically for this kind of work? For a normal call, it like seed funded tech company. 


02:26
Shannon Yavorsky
If it's a fairly straightforward company that's not doing a lot of detailed or sensitive personal information collection, it's a few thousand dollars. It's not really an expensive exercise if other jurisdictions are implicated. So Europe, the GDPR, general Data Protection Regulation, or other jurisdictions are at issue, then you're looking at the numbers are going to go up a little bit. But if we're looking at a vanilla privacy notice for a website that's not doing anything really crazy with respect to personal data collection, it really is just a few thousand dollars. 


03:06
Adam Stofsky
So if I have an apparel company and I take customer data because I'm selling apparel to people, that's a pretty simple job is what you're saying. Or maybe if I run like, a cool new health, innovative health tech company or some kind of fintech company where I'm getting more sensitive data, banking data, health data, we're looking at something potentially a little more complicated, a little more money. 


03:28
Shannon Yavorsky
Yeah, that's exactly right. You have to think about the legal regimes that apply and whether there are state laws that apply to the organization. So California or Virginia or Colorado, now Utah in terms of any state law disclosures that are required. But in general, if it's a pretty straightforward company, very early stage, you're not going to need anything that has lots of bells and whistles. 


03:52
Adam Stofsky
Do investors get this? They understand that, hey, look, there's going to be some legal expenses incurred. It's going to reduce the risk. What is your sense of that? 


04:00
Shannon Yavorsky
Yeah, I think investors are definitely aware of what privacy maturity should look like at different stages. And they understand that very early stage companies are not going to have fully blown global privacy compliance programs, but they're going to want to see a privacy notice. They're going to want to know that you've thought about it and that you've put something that is credible in place that really accurately reflects your data collection and use practices. Now you get further down the series of financing, and they're going to want to see more developed privacy practices in place, data mapping, maybe agreements that speak to data protection, those kinds of things later on. And you'll sometimes see that in one round there will be a covenant that the company has to, within 180 days of closing, put in place a credible compliance program. 


04:58
Shannon Yavorsky
So we work with companies on that too, to help them satisfy these financing covenants in the different rounds. 


05:05
Adam Stofsky
Okay, well, we're zooming back way far to an earlier stage of company. We're looking at you're getting started very early on. You should have some notice up there that reflects what you do. You can maybe hack it, look at some similar companies, what they're doing, but as quickly as possible. Get a lawyer. For a simple company, you're looking at a couple of $1,000, maybe a little more to get a policy done that's tailored to you. If you run a more complex company with sensitive data, you're probably looking a little more money, but you really want to that's the process. Start by at least having something. If you need to kind of hack it together, that's fine. But then quickly get counsel and do it. It's not a huge expense. Good summary, Shannon. 


05:46
Shannon Yavorsky
Great summary, adam, you got right. 


05:49
Adam Stofsky
All right. And get to work on your privacy notices. Thank you. 


05:54
Shannon Yavorsky
Thanks, Adam. 

PDFs
Audio
Share Video
Embed Video
© 2024 Briefly
Terms of Use
Privacy