protect privacy to protect your startup
DESCRIPTION
learn about privacy policies, terms of use, and how to deal with privacy issues in your website or mobile appTRANSCRIPT
![Page 1: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/1.jpg)
Protect Privacy to Protect Privacy to Protect Your Protect Your
StartupStartupDon’t catch an FTC (Action), Don’t catch an FTC (Action), practice safe data collectionpractice safe data collection
![Page 2: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/2.jpg)
Thank You to Our Sponsors
![Page 3: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/3.jpg)
Presentation Content
• Privacy Policy vs. Terms of Service• Process of Creating Your Privacy Policy• Compliance with the Law• Avoiding the FTC• Online Services for Protecting Privacy
![Page 4: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/4.jpg)
United States v. Path, Inc.
• Path: mobile app developer• Contrary to privacy policy,
automatically collected personal info• Got info from ~3,000 kids under age 13• FTC charged Path for deception and
violation of COPPA• Settlement: $800,000; 20 yrs of audits
![Page 5: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/5.jpg)
Our Startup: Dragon Digs
• The social hub of Drexel University• Relies on user-generated content• Features:
– Create, RSVP to events– Post pictures, comments– In-app ticket purchasing– Promo emails from Dragon Digs– Third-party advertising
![Page 6: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/6.jpg)
Privacy Policy
• Explains how company gathers, uses, discloses, manages user info
• Separate from TOS• More specifically:
– Type of data collected and how it’s used, stored, protected
– How user data is shared with third parties– Compliance with privacy laws and user control
![Page 7: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/7.jpg)
Terms of Service
• Rules users must abide by on website/app
• Legally binding; subject to change• More specifically:
– Software license; website/app operation; users’ rights
– Information ownership; copyright; incorporates privacy policy– Disclaimers/limitation of liability; notice
![Page 8: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/8.jpg)
Ensuring Enforceable Terms
• Forming an enforceable contract– Notice and assent
• Click-wrap vs. Browse-wrap
• Additional tips and considerations
![Page 9: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/9.jpg)
Notice and Assent
• Click-wrap: – Present users with copy of terms, and– Require action showing user read and agrees to
terms
![Page 10: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/10.jpg)
Notice and Assent
• Browse-wrap:– Available to users via web links– Does not require action indicating user agrees
to terms• Typically state that site use is deemed acceptance of
terms
![Page 11: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/11.jpg)
Additional Tips and Considerations
• Use plain English• Consider device it will be read on• Place in a conspicuous location
![Page 12: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/12.jpg)
Our Startup: Dragon Digs
• The social hub of Drexel University• Relies on user-generated content• Features:
– Create, RSVP to events– Post pictures, comments– In-app ticket purchasing– Promo emails from Dragon Digs– Third-party advertising
![Page 13: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/13.jpg)
What Info Should I Collect?
• Relationship with user determines what should be collected
• De-identify personal identification info where possible
• Whatever you collect, give users notice
– Helps create user trust
![Page 14: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/14.jpg)
Give Users a Choice
• No consent needed: If collected data is expected for a relationship with user– Such as product fulfillment, analytics, security,
and website improvements
• Consent needed: If collected data is outside what would be expected
• Do Not Track options
![Page 15: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/15.jpg)
Tracking
• Cookie: Text file that collects user information
• Beacon: Graphic image file that collects user information
• Types: Persistent or session cookies• Can be used for website operation or
advertising
![Page 16: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/16.jpg)
Privacy by Design
• Build in privacy and security at all stages of design and development
• Implement and enforce strategically sound privacy practices throughout company
![Page 17: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/17.jpg)
Best Practices
• Data security– Firewall and virus protection– SSL encryption– Encrypt user names and passwords– Keep security current
• Reasonable collection limits– Collect only what is needed
![Page 18: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/18.jpg)
Best Practices
• Sound retention practices– Right to be forgotten– Retention depends on industry
• Data accuracy– Allow users to access and change their profiles
• Knowledgeable, designated staff
![Page 19: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/19.jpg)
Our Startup: Dragon Digs
• The social hub of Drexel University• Relies on user-generated content• Features:
– Create, RSVP to events– Post pictures, comments– In-app ticket purchasing– Promo emails from Dragon Digs– Third-party advertising
![Page 20: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/20.jpg)
Compliance
Be Sure You Read Be Sure You Read Your Your Own Own Policy!Policy!
![Page 21: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/21.jpg)
FTC Act and Regulations
• Unfair or deceptive• Avoid the FTC:
– Comply– Notify– Protect
![Page 22: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/22.jpg)
CalOPPA
• California Online Privacy Protection Act• Conspicuously post your policy• Comply • Do Not Track amendment
![Page 23: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/23.jpg)
CalOPPA ComplianceCalOPPA Compliance
• Privacy policy must include:– Collect info– Sharing policies – User review/control – Notification– Effective date
![Page 24: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/24.jpg)
COPPA
• Children’s Online Privacy Protection Act
Are You Under the Age of 13?
![Page 25: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/25.jpg)
COPPA Compliance
• Who is collecting the info?• Description of info collected • Use • Disclosure to third parties• Parental review & consent• User notice
![Page 26: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/26.jpg)
CAN-SPAM ACT
• Controlling the Assault of Non-Solicited Pornography and Marketing Act
• Are you spamming?• Compliance is simple
![Page 27: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/27.jpg)
HIPAA
• Health Insurance Portability and Accountability Act
![Page 28: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/28.jpg)
FERPA
• Family Educational Rights and Privacy Act
![Page 29: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/29.jpg)
Gramm-Leach-Bliley Act
• Governs financial information
![Page 30: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/30.jpg)
European Union E-Privacy Directive
• The right to be forgotten, among other things
![Page 31: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/31.jpg)
Our Startup: Dragon Digs
• The social hub of Drexel University• Relies on user-generated content• Features:
– Create, RSVP to events– Post pictures, comments– In-app ticket purchasing– Promo emails from Dragon Digs– Third-party advertising
![Page 32: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/32.jpg)
Avoiding the FTC
• FTC– Statutory authority to remedy privacy
infringements• Power to prohibit unfair and deceptive practices
• Statutory requirements– CalOPPA; COPPA; CAN-SPAM; HIPAA; FERPA; GLBA
![Page 33: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/33.jpg)
FTC Actions
• Google• RockYou• Snapchat• The Brightest Flashlight App
![Page 34: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/34.jpg)
Our Startup: Dragon Digs
• The social hub of Drexel University• Relies on user-generated content• Features:
– Create, RSVP to events– Post pictures, comments– In-app ticket purchasing– Promo emails from Dragon Digs– Third-party advertising
![Page 35: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/35.jpg)
Privacy Policy Generators
• Tested 28 online generators• Factors: ease of use, guidance, cost, and
policy generated• Recommendations:
– FreePrivacyPolicy.com– GeneratePrivacyPolicy.com; SEOToaster.com– TRUSTe.com (for mobile apps)
![Page 36: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/36.jpg)
What Needs Protection?
![Page 37: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/37.jpg)
Seals of Approval
• The best individually– TRUSTe– TrustGuard– Qualys– Comodo
• The best for you– Mix-and-match to suit your needs– Each service has strengths & weaknesses
![Page 38: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/38.jpg)
Our Startup: Dragon Digs
• The social hub of Drexel University• Relies on user-generated content• Features:
– Create, RSVP to events– Post pictures, comments– In-app ticket purchasing– Promo emails from Dragon Digs– Third-party advertising
![Page 39: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/39.jpg)
Questions?
![Page 40: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/40.jpg)
Thank You to Our Sponsors
![Page 41: Protect Privacy to Protect Your Startup](https://reader033.vdocuments.mx/reader033/viewer/2022060202/559b97a01a28ab9c798b4622/html5/thumbnails/41.jpg)
Thank You to Our Audience
Apply to be a client at
www.drexel.edu/law/ELC