Starting a consumer-facing technology company or developing a new application to make a consumer’s life easier or more fun is an exciting journey. At this stage, you are all about the development, getting the product or service to market, and making sure it can scale. But neglecting the privacy implications of your product or service during the development stage is a big mistake that will come back to haunt you later.
Imagine, for example, that your dream of building a great company has come true and you are faced with an acquisition offer. During the customary due diligence phase, you quickly discover that your privacy house is not in order. Why? You neglected to plan for a situation in which you might have to transfer user data to an acquirer. The entire shape of the deal is now altered because there are significant tax consequences for the new structure and reserves or holdbacks are required that postpone or lessen the value you worked so hard to build. All this can be avoided with a little privacy by design. Here are a few pointers:
1. If you don’t need the information, don’t collect it. Avoid the engineering gene that says collect as much information as possible because it might be useful in the future.
2. If you collect it, protect it. This is essentially strict liability with the regulators. If you lose the data, you will end up with an FTC-approved third party running your IT for the next 20 years.
3. If you exit via a sale of the company or a merger or have to file for bankruptcy, be up front in your privacy policy and tell your users that you may transfer the data in the event this type of strategic move or a restructuring takes place. If you don’t do this, you will need the express opt-in consent of each user to make the transfer later, which will significantly devalue your assets.
4. If you deal with personal information at all, say what you do and do what you say. Do not cut and paste a privacy policy from another company’s website and hope that you’re adequately covered. Diligence in an acquisition includes a thorough privacy review. Misrepresentations in a privacy policy will get you sued, delay a sale and will increase your costs in the future.
5. If you do anything, think like a user when it comes to privacy just as you would when it comes to the usability of a product or service. Your privacy policy is a direct reflection of your product or service.

Building Your Personal Brand: Top 10 Takeaways
In celebration of Women’s Entrepreneurship Day, Valeska Pederson Hintz and Wendy Moore of Perkins Coie hosted a fireside chat with Elisa Schreiber and Priya Cherian Huskins on the theme of “Command Your Narrative: Building a Resilient Personal Brand for Women Entrepreneurs.” Elisa, a partner at Greylock and […]

Fundraising Without General Solicitation
When you’re building the next big thing in the startup world, it’s easy to overlook some crucial regulatory requirements in your quest for success—especially when it comes to fundraising. Securities laws (which apply to any fundraising) tend to be an afterthought for many founders, but this oversight […]

Rise in Popularity of AI Transcription Services Brings Litigation and Disclosure Risks
The increasing use of artificial intelligence (AI) transcription and note-taking services in virtual meetings allows participants to focus on discussions without the distraction of taking notes. But this convenience comes with novel litigation and disclosure risks that businesses must assess and manage as they roll out these […]