Companies in the sharing economy — such as Uber, Lyft, AirBnB, TaskRabbit and many others — are credited with lowering barriers to economic participation for millions of people, allowing them to share their cars, homes, skills and assets with others. Of course, these companies are also gaining access to massive amounts of private personal data provided by their site users, including driving records, financial information and criminal history.
While many of these companies are established brands with strong internal systems to collect and store this data according to regulations, many others are start-ups that may not have the experience or the bandwidth to properly handle all this sensitive material.
On April 21, Daniel T. Rockey, a partner in the San Francisco office of Bryan Cave LLP, will host a web cast, “What In-House Counsel Need to Know about Data Privacy in the Sharing Economy”, that will focus on some of the key privacy issues facing sharing economy companies and strategies for how their in-house counsel can reduce the legal risks involved.
Legal Executive Institute recently spoke to Rockey about these issues and how in-house counsel at sharing economy companies can best address them.
Legal Executive Institute: In regards to data collection and storage, what do sharing economy companies face?
Daniel Rockey: While, in some ways sharing economy companies are like any other company that has a variety of data privacy issues, there are some unique aspects that would be of interest to in-house counsel. For example, in order to thrive, sharing economy companies must establish trust among their users. Not only do these companies have to do a lot of up-front collecting of information, but there are also privacy issues in terms of the use of that information.
Because of the nature of their businesses, I think these companies need to focus very carefully about what data they are going to collect, how the company is going to use that information, what can they share and what they can’t.
Legal Executive Institute: It sounds like pre-planning is key. What other issues do the legal departments of these companies need to keep in mind?
Daniel Rockey: You’re also going to want to have rules on what kinds of information you will provide when requested. For example, a lot of these are frequent targets for law enforcement subpoena. If law enforcement is doing an investigation and know that an individual drives for Uber, for example, they may subpoena for a record of any ride that is given on a certain day or days.
“Because of the nature of their businesses, I think these companies need to focus very carefully about what data they are going to collect, how the company is going to use that information, what can they share and what they can’t.”
A company is also going to have think about and establish a policies for what they are willing to share and under what circumstances. How long should companies retain this data? Some data they’ll have to keep on file forever. There’re a whole host of things that in-house counsel need to do to really think through these issues very carefully.
Legal Executive Institute: What about other uses for this data that the company may consider?
Legal Executive Institute: What do you hope attendees learn from this webinar?
In-house counsel will also want to make sure that the business side of the company is aware of these issues, and is integrated and working in cooperation with the legal department. That way, when a big business initiative is launched everyone can be sure that the company is considering the impact on user privacy.