Privacy for Start-Ups

October 25, 2023

Privacy Abbreviated: Privacy for Start-Ups


There are tens of thousands of entrepreneurs in the United States. When getting their business off the ground, often growth, not necessarily privacy, is the primary focus, especially in the technology sector where data is often central to the business. 

In this episode of Priv, our hosts are joined by the Tech Diplomacy Network’s Katharina Koerner and Santa Clara University’s Professor Linsey Krolik to discuss the questions entrepreneurs face when getting their business started, how to ensure privacy is part of any pivots or growth plans, and best practices for navigating the data wants vs the must haves. 



Related Resources

Global Privacy Division

A Privacy Review a Day, Keeps the Regulators Away

Vendor Privacy Program Certification



Show Notes

Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, and Jason Cronk, chair and founder of the Institute of Operational Privacy Design, are joined by two guests on this Privacy Abbreviated episode. Linsey Krolik, Associate Clinical Professor at Santa Clara University School of Law, and Katharina Koerner, AI and Privacy Advisor at Tech Diplomacy Network, sit down with our hosts to discuss the privacy questions entrepreneurs face when getting their business started.

The episode launches with a clearing of the air. What is a startup? Lindsey kicks us off with a focus on tech startups and clarifies that this term points to a new business that is building some sort of technology, and where there is technology, there is the collection of data. Katharina jumps in with an even broader viewpoint. Any business that is launched and has not existed before should be considered a startup. To further bring us listeners clarity, Katharina shares, "I think every single new business that processes personal information in any shape or form has to be aware of privacy."

Since all businesses that collect data, big or small, one day old or 100 years old, should consider how they handle the data they receive, there is one question they all should ask themselves. Dona implores that this question regarding information collected is, "What are your must haves? What do you need versus what do you want to have or what would you like?"

Linsey agrees that minimizing the data collected is the right way to go and suggests that for businesses to do that well, goals and purpose must be defined and determined from the onset. "You can't ask these questions without the context of what the business is trying to do and the purpose for collecting, using, and sharing the data," Lindsey explains. New businesses should begin here to help set the course for why and how data will be collected.

After the experts' discussion concerning privacy policy concerning business goals, Jason jumps in with a curiosity about privacy utilized as a tool businesses can use to differentiate themselves. Katharina provides a very thought-provoking perspective. She emphasizes consumer expectations in the 21st century. Today, consumers expect companies to comply with privacy laws, protect their data, and house it with the utmost responsibility and care. This isn't a differentiator or a nice to have. Data protection done right is a must-have. "You will take care of my privacy," Katherine reiterates as the tune consumers cry.

Jason challenges that though this is the expectation, is this the reality? He shares a few environments where this expectation may be falling short. Linsey follows up with a different kind of reality, helping to set the right tone for the amount of data startups are truly dealing with when their doors first open.

Dona then asks our guests to share key privacy regulations every startup should know. The top three that come to bear:

  • Know your privacy policy. Have one in place and know what those policies are and why this will be the privacy roadmap your startup will follow.

  • Get familiar with the Federal Trade Commission (FTC). The FTC has a wealth of resources to help startups understand and comply with federal and state privacy laws.

  • If partnering with larger companies, be aware of the privacy obligations you have to each other and understand how compliance or non-compliance impacts each business.

An additional must-know is understanding that consumers are savvy and becoming increasingly familiar with their rights. Startups must consider privacy in their cost of doing business in order to service consumers well. Katharina interjects with an old but true principle, "Not knowing the law doesn't protect you from enforcement." Though new to the game, businesses just getting started must know their privacy obligations—it's part of the job.

Lindsey and Katharina share an emerging trend or technology that startups should monitor regarding privacy. Lindsey mentions that the world of facial recognition and virtual and augmented reality is on the rise, and the extensive biometrics data collected by these products and platforms is beyond our understanding. She recommends a book to listeners, Your Face Belongs to Us, by Kashmir Hill. Enlightening and chilling.

Katharina suggests listeners keep an eye on machine learning. She advises us to familiarize ourselves from the onset with privacy-preserving machine learning. Katherina specifically points to synthetic data. She mentions that it is still in its early stages and is unsure how much it will take off, but it is definitely worth the watch.

Speaking of worth watching, both Linsey and Katherina leave us with final words of advice to apply to our startup privacy space.

Linsey reminds listeners that privacy is about the user. "Startups should keep in mind the user as they build their products," she recommends, "We call that privacy by design." With this thinking in mind, Lindsey continues by providing three surefire to-do's startups should begin with.

Katharina rounds out Lindsey's advice with the idea of putting privacy into practice. "I also recommend combining those privacy thoughts with training for employees," she notes. Determine who you want to teach and develop a program or initiative that allows privacy to be at the forefront and done well according to your business goals.

One last reminder to our listeners: Privacy is a must-have, not a nice to have. Tune into the entire episode to truly understand why.

Latest Podcasts


Cross Border Privacy Rules Goes Global: A Deep Dive on CBPRs

Privacy professionals are faced with what seems like a never-ending, sometimes overwhelming stream of new privacy laws and regulations, both here in the U.S. and abroad. In this episode of Priv, host Dona Fraser is joined by Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives to take you from APEC to global CBPRs, explaining all of the acronyms in...

Listen to the Podcast

The Evolution of Advertising in the Children’s Space

In 1974 the Children’s Advertising Review Unit (CARU) was established to protect children under age 13 from deceptive or inappropriate advertising. Over the years, CARU expanded to address new media platforms, new advertising techniques, and to ensure that children’s data is collected and handled responsibly online. Join us to discuss how advertising has changed, identify CARU’s...

Listen to the Podcast

Revisiting Consumer Reviews: Incentivized, Inflated, or Authentic?

In this episode of Ad Watchers, our hosts address an issue that is on the FTC’s radar this year: the power of consumer reviews in influencing consumer purchasing decisions, including recent NAD cases reflecting updates to the FTC’s Endorsement Guides as well as the good, the bad, and the gray in advertising using consumer reviews.

Listen to the Podcast

Consumer Privacy in Telehealth: An Interview with the ATA

In this episode of Priv, Dona Fraser is joined by Kyle Zebley from the American Telemedicine Association (ATA) to get a check-up on consumer health data privacy in the telehealth industry. From HIPAA to the pandemic to Dobbs to a hodge podge of new state-level privacy laws, Dona and Kyle discuss the companies navigating this complex terrain, how the world of telehealth has changed,...

Listen to the Podcast