Privacy by Design

Perfecting the Pitch�Solve Big Problems with Unique Solutions

Privacy by Design

Starting a consumer-facing technology company or developing a new application to make a consumer’s life easier or more fun is an exciting journey.  At this stage, you are all about the development, getting the product or service to market, and making sure it can scale.  But neglecting the privacy implications of your product or service during the development stage is a big mistake that will come back to haunt you later.

Imagine, for example, that your dream of building a great company has come true and you are faced with an acquisition offer.  During the customary due diligence phase, you quickly discover that your privacy house is not in order. Why? You neglected to plan for a situation in which you might have to transfer user data to an acquirer. The entire shape of the deal is now altered because there are significant tax consequences for the new structure and reserves or holdbacks are required that postpone or lessen the value you worked so hard to build.  All this can be avoided with a little privacy by design.  Here are a few pointers:

1.  If you don’t need the information, don’t collect it.  Avoid the engineering gene that says collect as much information as possible because it might be useful in the future.

2.  If you collect it, protect it.  This is essentially strict liability with the regulators.  If you lose the data, you will end up with an FTC-approved third party running your IT for the next 20 years.

3.  If you exit via a sale of the company or a merger or have to file for bankruptcy, be up front in your privacy policy and tell your users that you may transfer the data in the event this type of strategic move or a restructuring takes place. If you don’t do this, you will need the express opt-in consent of each user to make the transfer later, which will significantly devalue your assets.

4.  If you deal with personal information at all, say what you do and do what you say.  Do not cut and paste a privacy policy from another company’s website and hope that you’re adequately covered.  Diligence in an acquisition includes a thorough privacy review.  Misrepresentations in a privacy policy will get you sued, delay a sale and will increase your costs in the future.

5.  If you do anything, think like a user when it comes to privacy just as you would when it comes to the usability of a product or service.  Your privacy policy is a direct reflection of your product or service.

You’ve Got VC Money: The Punchlist

As outside counsel to thousands of VC-backed startups, we are often asked the same questions about what startups need to do after raising their first round of VC financing. Here is a quick and dirty list of those next steps. The action items below are described in…

You’ve Got VC Money: Board Meetings

Board meetings are your opportunity to check in with and give an update to your bosses and get feedback and guidance from the experienced members of your board. It is common for VC-backed startups to have four to six board meetings per year, though this frequency can…

You’ve Got VC Money: Board vs Stockholder Approval

While your financing agreements might have other requirements, below is a nonexhaustive list of the types of corporate decisions that typically require board and/or stockholder approval: Board Approval Is Required to: Stockholder Approval Is Required to: Amend the charter or bylaws. Approve significant corporate transactions (e.g., sale…