Pro Tips From Silicon Valley Lawyer Louis Lehot On CCPA Enforcement And Its Impact On Startups Amid The Pandemic July 1st, 2020
Palo Alto, CA (PRUnderground) July 1st, 2020
CCPA enforcement goes into effect July 1st and Silicon Valley lawyer Louis Lehot, Attorney-at-Law at L2 Counsel, P.C., offers guidance:
If not already done, given the pending application of the California Consumer Privacy Act or CCPA on July 1st, Louis Lehot advises companies at all stages of growth to:
1. Make sure you notify consumers (including employees) about your privacy policy.
2. Review your data security measures to ensure reasonable security procedures and practices.
3. Make it easy for consumers to opt out of the sale of personal information with simple, easy-to-find communication channels where consumers can express their preferences.
4. Watch out for all privacy rules new or anticipated wherever you do or anticipate doing business (e.g., CCPA, GDPR, China, Brazil, or other region).
Whether B2B or B2C, at the earliest point in the life of a startup, says Louis Lehot, its stakeholders must design in architecture, set a mission, adopt policies and articulate procedures to protect and secure data containing personal information, especially health.
When conducting due diligence for startups, Louis Lehot commented that investors and their counsel are now requiring that startups represent that they have adopted a clear set of policies and procedures to handle both the privacy and protection of data containing personal information. NVCA standard forms now require companies raising venture money to stand behind them past, present and future.
According to Louis Lehot, in later stage financings where the amount of capital being raised is sufficient to warrant the expense, and particularly in merger or sale transactions, buyers are diving in to do deep due diligence on data protection, making serious inquiries into compliance, sometimes deploying an army of specialists and experts to ward off post-closing complaints about the architecture, or past breaches.
As employees are increasingly working-from-home (with working-from-anywhere becoming the norm), the danger of an unintentional breach of data privacy by an employee or agent, theft of data or cyber-attack, has never been more acute.
According to Louis Lehot, insurers will be asked to write policies for buyers and sellers to externalize the risk. Access to insurance may not be available to startups that fail to demonstrate a culture of compliance with data protection regulations from the earliest days.
Given the serious civil and criminal penalties that can be implicated by failure to comply with government regulations applicable to the protection of personal information, or failure to prevent, disclose or remedy data breaches, Louis Lehot described a new demand for startups that can help other businesses meet the challenge.