Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, and Jason Cronk, chair and founder of the Institute of Operational Privacy Design, are joined by two guests on this Privacy Abbreviated episode. Linsey Krolik, Associate Clinical Professor at Santa Clara University School of Law, and Katharina Koerner, AI and Privacy Advisor at Tech Diplomacy Network, sit down with our hosts to discuss the privacy questions entrepreneurs face when getting their business started.

The episode launches with a clearing of the air. What is a startup? Lindsey kicks us off with a focus on tech startups and clarifies that this term points to a new business that is building some sort of technology, and where there is technology, there is the collection of data. Katharina jumps in with an even broader viewpoint. Any business that is launched and has not existed before should be considered a startup. To further bring us listeners clarity, Katharina shares, “I think every single new business that processes personal information in any shape or form has to be aware of privacy.”

Since all businesses that collect data, big or small, one day old or 100 years old, should consider how they handle the data they receive, there is one question they all should ask themselves. Dona implores that this question regarding information collected is, “What are your must haves? What do you need versus what do you want to have or what would you like?”

Linsey agrees that minimizing the data collected is the right way to go and suggests that for businesses to do that well, goals and purpose must be defined and determined from the onset. “You can’t ask these questions without the context of what the business is trying to do and the purpose for collecting, using, and sharing the data,” Lindsey explains. New businesses should begin here to help set the course for why and how data will be collected.

After the experts’ discussion concerning privacy policy concerning business goals, Jason jumps in with a curiosity about privacy utilized as a tool businesses can use to differentiate themselves. Katharina provides a very thought-provoking perspective. She emphasizes consumer expectations in the 21st century. Today, consumers expect companies to comply with privacy laws, protect their data, and house it with the utmost responsibility and care. This isn’t a differentiator or a nice to have. Data protection done right is a must-have. “You will take care of my privacy,” Katherine reiterates as the tune consumers cry.

Jason challenges that though this is the expectation, is this the reality? He shares a few environments where this expectation may be falling short. Linsey follows up with a different kind of reality, helping to set the right tone for the amount of data startups are truly dealing with when their doors first open.

Continue reading Episode Show Notes: Privacy For Start-Ups →

In this episode of Privacy Abbreviated, hosts Dona Fraser, the SVP of Privacy Initiatives for BBB National Programs, and Jason Cronk, the President of the Institute of Operational Privacy Design, are joined by Jeewon Serrato, a partner at BakerHostetler. The three experts discuss how small- and medium-sized businesses can harness the power of Global Privacy Control (GPC) to comply with privacy regulations and protect their users. GPC is a tool that allows users to opt out of online data tracking and is required under the California Consumer Protection Act (CCPA).

02:00 – Dona explains how a particular settlement between Sephora and California’s Attorney General in August 2022 forced businesses to pay more attention to GPC. California’s Attorney General Rob Bonta alleged that Sephora failed to disclose to consumers that it was selling their personal information, failed to process user requests to opt out of the sale of their personal information using user-enabled GPC, and did not remedy these violations within the 30-day period as required by the CCPA.

Continue reading Episode Show Notes: Lessons Learned from California on Global Privacy Control →