It is no secret that the world has rapidly changed over the last several months. Many companies are reevaluating their business models to adjust to the challenges caused by the world-wide pandemic and to hopefully identify new business opportunities that may arise as a result of a new business environment.

According to a McKinsey & Company article in June 2020, consumers in the United States who adapted to online shopping for many goods and services may decide to continue those online shopping habits well after the pandemic subsides.

Innovative high technology and bioscience companies are pivoting their product development to address industry and market needs for more digital solutions and other new technology, such as more secure videoconferencing technology, enhanced interactivity for remote learning, advanced data analytics tools, and increased privacy and security measures.

Medical and health care entities are reimagining a new world with improved medical and health-related technology, including advanced tele-medicine for real-time remote interaction between physicians and patients, reliable health-care wearable devices and technology-based public health tools.

As companies evaluate their response to these anticipated changes they should consider the following key legal and business issues:

  • Increased Need to Address Data Privacy. As businesses pivot to new business models—such as a greater emphasis of an online presence or greater use of digital solutions—these companies are collecting, sharing, and using a larger volume of personal information of consumers. Many jurisdictions have recently enacted much stricter data privacy laws which increase the protection of consumers’ personal information and impose significant new obligations and liabilities on the companies that collect and use that information. In particular:
  • The California Consumer Privacy Act (CCPA), which the California Attorney General started to enforce as of July 1, 2020, requires businesses to give California consumers notice of their new privacy practice at or before the point of collection of the personal information about the individual. The CCPA also requires businesses to clearly notify California consumers of their enhanced data privacy rights, including the right to opt-out of the sale of their personal information and the right to have their personal information deleted.
  • The European Union’s General Data Protection Regulation (GDPR) can impose significant obligations and liability on any U.S. based company that collects personal information of any EU Data Subject.

Thus, many companies may need to prepare new privacy policies and implement new internal privacy compliance programs in order to comply with new privacy laws such as the CCPA and GDPR.

  • Need Enhanced Security Measures. As companies collect more sensitive personal information they need to scale up their internal security measures to better protect the safety of that information. To accomplish this, many companies will need to re-evaluate their internal security framework, develop new internal security protocols and guidelines, and train staff what to do if a security breach occurs to minimize the risk and damage. The CCPA creates liability for data breaches resulting from insufficient security practices without a claim of harm by the subject of the breach, increasing the stakes for data breaches and opening businesses up to potentially large class action litigation.
  • Data Will Become Even More Valuable to Advance Product Development: Data is already critical to many businesses to advance their product development and marketing strategies. However, it is becoming increasingly clear that companies may need to share more of their data (such as technical data during R & D) to unlock the potential for significant technology advances, such as advancing cures of diseases or rapidly bringing new digital solutions to a demanding marketplace. This increase in data sharing raises many legal issues, including the need for parties to agree on the permitted uses of the shared data, and on who owns and controls any intellectual property rights in the data, data analytics or in any new data tools.
  • Identify New Intellectual Property Your Business May Develop As You Collect and Protect Personal Information: Companies may develop new procedures, technology, or other valuable intellectual property as they continue to innovate in how they collect and utilize personal information and how they secure the privacy of that personal information. These companies should secure all ownership rights, and adequately protect and register all worldwide rights, in these new intellectual property rights.

Buchalter has a dedicated team of attorneys in its CCPA/GDPR Data Privacy group who can assist companies to address the many legal and business issues that may arise as you shift your business models or technology to adjust to our new business environment. Please feel free to contact any one of the following attorneys in our group:

Frank X. Curci
Daniel J. Zarchy
Kari Barnes
Karl E. Gerner
Weiss B. Hamid
Akana K. J. Ma
William M. Miller
Steven M. Nakasone
Matthew L. Seror


This communication is not intended to create or constitute, nor does it create or constitute, an attorney-client or any other legal relationship. No statement in this communication constitutes legal advice nor should any communication herein be construed, relied upon, or interpreted as legal advice. This communication is for general information purposes only regarding recent legal developments of interest, and is not a substitute for legal counsel on any subject matter. No reader should act or refrain from acting on the basis of any information included herein without seeking appropriate legal advice on the particular facts and circumstances affecting that reader. For more information, visit www.buchalter.com.