By Janis Kestenbaum, a partner in Perkins Coie
Startups have bigger concerns than privacy, or so they think.
Many startups have learned that being young and small does not keep them off the radar screens of privacy regulators, and they can be vulnerable to costly investigations. Privacy issues that come to light in the course of the due diligence process for an acquisition can also threaten their valuation. In fact, VCs increasingly report that privacy can affect a startup’s ability to raise capital.
Avoid serious problems down the road by following a few basic steps now:
1. Say what you do.
2. Do what you say.
3. When it comes to data, less can be more.
If you don’t need it, don’t collect it. Collecting data because it might be useful one day can get you into trouble. For example, collecting the date of birth of your users can trigger obligations under the Children’s Online Privacy Protection Act.
4. Secure it.
If you collect information about your users, take reasonable steps to protect it. The Federal Trade Commission offers 12 tips for mobile app security and a general guide for all businesses.
5. Be choosy in selecting who has access to your users’ data.
If you give a service provider or other business access to your users’ data, make sure you understand how it is being used. Look for companies that follow industry codes of conduct such as the Network Advertising Initiative’s rules for interest-based advertising or cross-app advertising.
Janis Kestenbaum is a Commercial Litigation partner in the Privacy & Security practice and Advertising, Marketing and Promotions group in Perkins Coie. Her practice focuses on consumer privacy, data security, advertising and marketing practices. Janis regularly counsels technology, consumer products, and financial services clients on compliance with federal and state privacy and consumer protection laws and has represented companies before the Federal Trade Commission and Congress.