It is no secret that the world has rapidly changed over the last several months. Many companies are reevaluating their business models to adjust to the challenges caused by the world-wide pandemic and to hopefully identify new business opportunities that may arise as a result of a new business environment.
According to a McKinsey & Company article in June 2020, consumers in the United States who adapted to online shopping for many goods and services may decide to continue those online shopping habits well after the pandemic subsides.
Innovative high technology and bioscience companies are pivoting their product development to address industry and market needs for more digital solutions and other new technology, such as more secure videoconferencing technology, enhanced interactivity for remote learning, advanced data analytics tools, and increased privacy and security measures.
Medical and health care entities are reimagining a new world with improved medical and health-related technology, including advanced tele-medicine for real-time remote interaction between physicians and patients, reliable health-care wearable devices and technology-based public health tools.
As companies evaluate their response to these anticipated changes they should consider the following key legal and business issues:
- Increased Need to Address Data Privacy. As businesses pivot to new business models—such as a greater emphasis of an online presence or greater use of digital solutions—these companies are collecting, sharing, and using a larger volume of personal information of consumers. Many jurisdictions have recently enacted much stricter data privacy laws which increase the protection of consumers’ personal information and impose significant new obligations and liabilities on the companies that collect and use that information. In particular:
- The California Consumer Privacy Act (CCPA), which the California Attorney General started to enforce as of July 1, 2020, requires businesses to give California consumers notice of their new privacy practice at or before the point of collection of the personal information about the individual. The CCPA also requires businesses to clearly notify California consumers of their enhanced data privacy rights, including the right to opt-out of the sale of their personal information and the right to have their personal information deleted.
- The European Union’s General Data Protection Regulation (GDPR) can impose significant obligations and liability on any U.S. based company that collects personal information of any EU Data Subject.
Thus, many companies may need to prepare new privacy policies and implement new internal privacy compliance programs in order to comply with new privacy laws such as the CCPA and GDPR.
- Need Enhanced Security Measures. As companies collect more sensitive personal information they need to scale up their internal security measures to better protect the safety of that information. To accomplish this, many companies will need to re-evaluate their internal security framework, develop new internal security protocols and guidelines, and train staff what to do if a security breach occurs to minimize the risk and damage. The CCPA creates liability for data breaches resulting from insufficient security practices without a claim of harm by the subject of the breach, increasing the stakes for data breaches and opening businesses up to potentially large class action litigation.
- Data Will Become Even More Valuable to Advance Product Development: Data is already critical to many businesses to advance their product development and marketing strategies. However, it is becoming increasingly clear that companies may need to share more of their data (such as technical data during R & D) to unlock the potential for significant technology advances, such as advancing cures of diseases or rapidly bringing new digital solutions to a demanding marketplace. This increase in data sharing raises many legal issues, including the need for parties to agree on the permitted uses of the shared data, and on who owns and controls any intellectual property rights in the data, data analytics or in any new data tools.
- Identify New Intellectual Property Your Business May Develop As You Collect and Protect Personal Information: Companies may develop new procedures, technology, or other valuable intellectual property as they continue to innovate in how they collect and utilize personal information and how they secure the privacy of that personal information. These companies should secure all ownership rights, and adequately protect and register all worldwide rights, in these new intellectual property rights.