Emerging Privacy Legislation and its Risks to a Healthcare Tech Company’s Business Model

Emerging Privacy Legislation and its Risks to a Healthcare Tech Company’s Business Model

The Request: Capstone advised a client on the potential acquisition of a healthcare analytics company that paired bolstered, value-added overlays to healthcare provider contact data. Specifically, we analyzed regulation, legislation, and other government initiatives that could impact the company. Our diligence paid particular attention to the evolving landscape of amendments to the California Consumer Privacy Act (CCPA) in the legislative session, the potential impacts of expanding access to federal health insurance programs, as well as the outlook for federal and state privacy legislation, medical pricing transparency, and the European Union’s General Data Protection Regulation (GDPR).

Background: After several major international data scandals came to light, including one involving Cambridge Analytica and several global consumer breaches, pressure has stepped up on legislators in the US and Europe to tackle the issue of data protection, resulting in new landmark privacy regimes. Sweeping consumer privacy laws in California and Europe are forcing significant changes in companies that deal with personal data—especially those in the digital arena. Some firms, including those whose business models depend on personal data and that face mounting costs to comply with the law, stand to lose more than others.

Our Process: Over three weeks, Capstone conducted a rigorous review of the public record of existing and proposed regulation and legislation. We combined this research with targeted conversations with relevant regulators, policymakers, and other stakeholders to assess the risks and opportunities the companies face. We also conducted a financial analysis to determine how exposed the target company is to the looming data legislation headwinds.

Our Outreach: Capstone has engaged in hundreds of conversations about developing broader consumer privacy protections in the wake of GDPR. During our three-week engagement period for this project, we spoke with approximately two dozen key stakeholders, including:

  • Offices of Republican and Democratic US Senators
  • Office of California Assemblyman Ed Chau (D-Monterey Park)
  • IAB Europe (an association for the digital marketing and advertising ecosystem)
  • California and European privacy advocates
  • Privacy attorneys

The Outcome: Capstone provided our client with an in-depth final report, in addition to regular update calls and presentations, on the evolving policy environment, policy risks, and opportunities that will affect the company in the coming years.

Connect with us

Our Latest Insights

The Gathering Regulatory Storm for Visa and Mastercard

The Gathering Regulatory Storm for Visa and Mastercard

By: John Donnelly August 15, 2022 — The dominance of Visa Inc. (V) and Mastercard Inc. (MA) in traditional electronic payments—debit and credit cards—has rarely been questioned. If consumer spending increased, the two companies benefitted, aided by the ongoing move...

The Case for a Midterm Election Surprise

The Case for a Midterm Election Surprise

By: David Barrosse, CEO of Capstone August 8, 2022 — As I have said many times, Capstone is in the prediction game. We make predictions about state and federal policy and then conduct the complex task of modeling or financial analysis to help our clients understand...

The Looming Shift in Crypto Regulation  

The Looming Shift in Crypto Regulation  

August 1, 2022 — Capstone expected 2022 to be a pivotal year for cryptocurrency regulation, and policymakers haven’t disappointed—though action and results are two different things. We believe the regulatory sands are set to shift further, a development that will have...