June 6, 2011
By David Navetta, Information Law Group
The privacy landscape appears to be shifting toward a model that promotes greater consumer awareness of and control over data. Reflecting its consumer protection mission, the FTC’s Protecting Consumer Privacy in an Era of Rapid Change issued December 1, 2010, urges companies to adopt a “privacy by design” approach. Senators John Kerry (D-MA) and John McCain (R-AZ) introduced their “Commercial Privacy Bill of Rights” which adopts some of the FTC’s privacy by design principles, requiring companies to implement privacy protections when developing their products and services. The foundational principles of privacy by design, originally developed by Information and Privacy Commissioner of Canada Ann Cavoukian, address the effects of increasing complexity of data usage. With data now ubiquitously available, as well as processed and stored on a multinational level, privacy by design is becoming internationally recognized as fundamental for the protection of privacy and data integrity.
Although privacy by design isn’t set in stone (yet), start-up companies seeking to collect and use personal information as part of their business plan may want to consider incorporating privacy by design into their everyday business practices. Similarly, as part of their due diligence process, venture capital firms scrutinizing startups seeking to leverage personal information would be well-advised to determine if privacy is being “baked into” into the products and services being offered by such startups. It may be both difficult and costly for companies to implement privacy protections retroactively if privacy concerns are overlooked during the early stages of business planning. Start-ups have the advantage of building privacy protections into their business models from the outset, which can keep those companies out of trouble in the form of litigation or agency enforcement. Privacy-conscious VCs will be more inclined to fund start-ups that reduce risk by proactively address privacy issues and potential liability. In turn, VCs that scrutinize whether privacy is part of a start-up’s business plan will be able to better protect their investment (and their investors).
So what does privacy by design mean? How can start-up companies incorporate privacy by design principles into their business practices to attract VC funding? How should privacy and security legal risks (and solutions) be written into a start-up’s business plan? This post tries to answer these questions.
Click to read the full article
About the Author:
David Navetta is one of the Founding Partners of the Information Law Group. David has practiced law for over fourteen years, including technology, privacy, information security and intellectual property law. He is also a Certified Information Privacy Professional through the International Association of Privacy Professionals.
David has enjoyed a wide variety of legal experiences over his career that have provided him with a unique perspective and legal skill set, including work at a large international law firm, in-house experience at a multinational financial institution, and an entrepreneurial endeavor running his own law firm.
For more information on David and the information law Group – click here
The views and opinions expressed within are those of the author(s) and do not necessarily reflect the official policy or position of Parker, Smith & Feek. While every effort has been taken in compiling this information to ensure that its contents are totally accurate, neither the publisher nor the author can accept liability for any inaccuracies or changed circumstances of any information herein or for the consequences of any reliance placed upon it.