Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Every business that collects information from its customers — from their e-mail addresses to their credit information — must comply with the privacy protections imposed by federal laws (such as the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act), state laws and, because of the Internet’s worldwide reach, the laws of foreign counties and the laws of the European Union. There is also the public’s interest in privacy to keep in mind; some companies, such as Earthlink, direct their advertisements to users seeking to maintain their privacy. Accordingly, start-up companies, particularly ones doing or planning to do business over the Internet, should include privacy on their checklist of issues to address in the early days of Web site and business planning and development. The following is a checklist of privacy issues that start-up companies should consider and address. 1. What information does your business intend to collect, and from whom does it plan to collect it? Will it collect information about businesses only, or will it collect information about individual consumers (even if obtained indirectly through a B2B model)? Certain types of information (consumer credit, health and financial information, as well as information about or from children) are protected by law, their uses are proscribed and their misuses are subject to penalty. 2. Information for marketing purposes, even by the same company that collected it, may be prohibited, particularly in regulated industries. 3. Have your users consented to the use of the information that they have provided to you? Particular uses of certain information (such as medical, credit and child-related information) require proper consent. This consent can be obtained only through prescribed procedures. 4. If your company has protected consumer information, is it keeping the information in accordance with the standards required by law? 5. Does your business plan to enter into joint ventures or alliances with other businesses with which it will share information? Does your business plan to outsource data management or data processing and thereby share customer information with a third party? If so, are you permitted to share the desired information? Some privacy laws may require the compliance of both your business and the party with whom you conduct the joint venture. 6. Does your company have a privacy policy? If it does, is your business in compliance with it? Does your Web site make its users or customers aware of the policy? Is the policy flexible enough to permit changes in the market condition or to your business plan? By implementing a restrictive privacy policy, a company could be precluded from using earlier generations of collected data altogether. The wrong privacy policy could make the data collected of little value, and preclude a merger or buyout. 7. Do your company’s data collection and use practices follow the policy you’ve provided to your users? If not, the privacy policy may provide a basis for your Web site users to claim that your company is breaching a contract — the policy itself. 8. Has your company addressed the privacy issues of its employees in connection with their own on-the-job expectations? Has it specified to employees what they are permitted to disclose to third parties in the course of their jobs? 9. Has your company addressed how it will secure the personal information it has received? How will it address breaches of that security? Does your company have the economic means or insurance to cover potential liability resulting from a substantial breach of security? Are procedures in place to address and process information that, for the good of the public’s safety, must be disclosed to law enforcement personnel but is otherwise private? 10. Can someone outside the United States access your business’s Web site? If so, does your business collect information during the course of that use? Unless your business collects information only from users within the United States, it must comply with foreign and international law, including that of Europe. Under current European law, even the collection of a Web site user’s Internet Protocol address may be subject to privacy restrictions. A start-up company should consider these privacy issues from the outset. Confronting them early will preclude dangerous pitfalls and expensive business plan revisions and may help you to gain the confidence of your end-users, who undoubtedly will appreciate knowing how their privacy concerns are being addressed. Vivian Polak is a partner in the New York office of LeBoeuf, Lamb, Greene & MacRae, where she heads the i-Business Department. She is also editor-in-chief of this newsletter. E-mail: [email protected] Jonathan A. Damon is a senior associate in the firm’s New York office, where he specializes in i-Business and litigation.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.