What Do Startups Need to Know About Data Privacy Law?

data privacyIt’s hard to imagine a startup that does not collect some form of sensitive information in digital form, and the collection, use, and disclosure of such information is regulated under federal, state, and even international laws. The purpose of this post is to outline the legal framework that creates your obligations to safeguard customer data and the consequences of failing to comply with these laws. Startup founders that understand their legal obligations and make the investment to comply with them can reduce the likelihood of liability and ultimately compete more effectively by earning a reputation for protecting their customers. [Read more…]

Thoughts on the Apple iPhone Encryption Case

Last week, US Magistrate Judge Sheri Pym ordered Apple to assist the FBI in unlocking an Apple iPhone used by Syed Rizwan Farook, one of the terrorists in December’s San Bernardino mass shooting. This story and its resulting controversies have since dominated the technology press. I’m not going to summarize the facts of this case or the various arguments regarding whether the government should be able to require Apple to do such a thing since a good summary can be found here.  I will, however, give my observations and thoughts on the matter. [Read more…]

Discussion of Recent Invalidation of the US-EU Safe Harbor Framework for Online Privacy

Last week, I was a guest on the “This Week in Law” Podcast, where I talked about the potential impact of the recent invalidation of the US-EU Safe Harbor framework for online privacy. This will likely have far-reaching consequences for startups with users in the EU. Click on the link below for my discussion and for a lively debate on privacy public policy in general.

Court’s Invalidation of’s Arbitration Provision Offers Lessons for Company Websites

Late last year, the United States District Court of Nevada handed down a ruling that has significant consequences for companies engaged in commerce on the internet.[1] In the case, customers of online retailer sued the company seeking damages resulting from a security breach in which a hacker accessed Zappos’ customer information in 2012. Zappos attempted to invoke the arbitration provision contained in its website’s Terms of Use, but the court held that the Terms of Use did not constitute a valid or enforceable agreement to arbitrate. [Read more…]