Data Privacy: What Founders Need to Know to Avoid Disaster, with Lucas Beal
In an increasingly online world, we’ve become comfortable with volunteering more and more of our personal data to websites and applications, and it’s the companies’ responsibility to keep that data safe.
When you’re moving quickly in the startup world, data privacy might not always be the highest priority, but Hutchison attorney Lucas Beal says that the penalties of violating the EU’s General Data Protection Regulation can be substantial.
“There are massive fines,” Lucas said, “And as a small startup company, that's scary.”
The U.S. doesn’t currently have a federal data privacy law, and some founders doing business in America wonder why they should be concerned about concerned about the foreign policy.
“The tentacles are long,” Lucas said, “And just because you're not focusing on EU, there could be ramifications.”
At an North Carolina Bar Associates and Privacy annual meeting, the group discussed a fine a small mom-and-pop shop in Canada faced after the store’s CCTV footage passed along personal data of an EU citizen. While the fine was not as big, we’ve Google and Facebook face, it was significant enough for this small business.
Generally, personal information is anything that makes an individual identifiable, like birthdays, addresses and phone numbers, but different jurisdictions can have more specific definitions. In California, the California Consumer Privacy Act says that personal information can also include your online browsing history. For businesses in the healthcare sector, the Health Insurance Portability and Accountability Act’s Protected Health Information can be billing information and test results.
In Lucas’s opinion, an ounce of prevention is worth a pound of cure.
“My number one advice for startup clients is to create data map at a foundational level,” Lucas said. “What are you doing? What are you collecting? What information are you sharing? How are you protecting that?”
And if you do that as you're growing, it can save you time.
“Data mapping is the plumbing network of your data privacy,” Lucas said,” Because truly, if you've got a breach, you can look through that data map and see, ‘Well, here's the leak. Let's clog it.’”
He said that privacy must be a part of your business’s foundation, it isn’t something that can be retroactively done when you’re ready to make your exit.
“Data privacy is becoming a huge button in due diligence for mergers, acquisitions and asset sales,” Lucas said, “And that is going to be a good gateway and foundation for you to avoid those hiccups and potential roadblocks in that transaction.”
And consumers might be more likely to do business with your company if they know their information is safe with you.
“People are very mindful about their data and their personal information and how that's being shared and how that's being used,” Lucas said. “So, I think if you put that at your forefront, how trustworthy of a company you can be from a commercial aspect, there are a lot of gains there that your Chief Marketing Officer doesn't have to spend resources on, just knowing that you've got that trust from the community, the individuals, that you're targeting.”
To dive deeper into data privacy regulation, tune in to the latest episode of the Founder Shares podcast, available wherever you like to listen.
The blog content should not be construed as legal advice.