Mastering Data Privacy for Your Startup
Kolvin Stone and James Drury-Smith, Orrick, Herrington and Sutcliffe LLP
Wednesday, September 12th from 6:30 pm - 8:00 pm. Classes meet every Wednesday at 6:30 pm for three more weeks.
For a country seemingly obsessed with reality television and tabloid journalism, the United Kingdom is suddenly very worried about privacy. And we're not talking about celebrity privacy; consumer privacy is a hot-button issue.
Previously, security and privacy was often an afterthought for startups - but that’s changing in the era of big data. In this four-part series we will deconstruct the impact privacy can have on a startup and sketch out the pitfalls to avoid in your formative years.
Taught by lawyers from Orrick, a leading global law firm for fast growing companies, this course will cover topics from managing personal data to security breaches, before tackling the explosion of mobile data.
Session I (12/9): Navigating Data Privacy Rules - Outlining the Essentials for Safe Sailing
For Facebook users, questions of privacy and security are nothing new. In fact, concern over those topics are regularly raised by users and critics alike. Even the Federal Trade Commission has looked into (and mandated) how Facebook handles your private data.
But Facebook is a big fish. Today, there are hundreds, if not thousands, of smaller fish which are dealing with the same kind of access to personal data but without the army of advisors to help them navigate privacy issues and avoid scrutiny.
This session will provide a straightforward introduction to the privacy requirements that impact the collection and use of personal data by businesses. Attendees will leave with a better understanding of their business’s obligations, the key privacy issues businesses face, the consequences of getting privacy wrong and what practical steps can be taken to get it right.
Session II (19/9): Personal Data the New Gold Rush – Legal Pitfalls of Exploiting and Monetising Customer Data
Whether your business is collecting “Big Data” or smaller data sets, being able to recognise the value in the data it holds requires compliance with privacy laws. The development of databases for analysis, marketing or future sale purposes can be seriously undermined if a business has not taken steps to ensure it has the right to use personal data as it intends.
This session will look at what businesses should be doing to avoid common privacy issues. Attendees will learn what personal data is and when privacy laws apply, the information that must be provided to users and customers before using their personal data, the restrictions on the use of personal data for marketing and how best to prepare for the sale or monetising of a database in the future.
Session III (26/9): Protecting Personal Data in a Mobile World
The recent controversy over the popular social networking app Path has prompted questions about developer best practices and privacy concerns for users of these apps. Can users (particularly those using iOS devices) ever let their guard down when installing social apps? It seems the answer might be "no."
Today it is possible to amass substantial information on a person’s background, interests and location but when the European Data Protection Directive was first drafted the most advanced technology in the business world was a pocket calculator.
In this session we will be looking at the challenges businesses face complying with an outdated law in a new traceable and mobile world and take a deep dive into the privacy laws that apply to the online tracking of individuals and the collection and use of location based data.
Session IV (3/10): Managing Data Security Breaches
Data security breaches are increasingly high profile news that incure regulatory scrutiny and unwanted brand publicity. Whether the breach is due to a malicious attack on IT systems or staff error, being prepared to respond quickly is an essential part of limiting damage to your business and maintaining user and customer trust.
This session will look at the steps businesses can take to prepare in advance for a security breach and what steps they need to take when one occurs. Attendees wil leave with practical insight into data breach procedures, how to assess whether an obligation to notify individuals and regulators has arisen, and the consequences businesses face following a breach event.
Kolvin Stone is a partner at Orrick, Herrington and Sutcliffe and heads the IP, data privacy and technology practice in London.
James Drury-Smith is a managing associate at Orrick, Herrington and Sutcliffe. James specialises in data privacy and internet law.
Can't make it? Sign up at http://galondon.com to stay in the loop on future events and classes.