Emerging Privacy Legislation and its Risks to a Healthcare Tech Company’s Business Model

Emerging Privacy Legislation and its Risks to a Healthcare Tech Company’s Business Model

The Request: Capstone advised a client on the potential acquisition of a healthcare analytics company that paired bolstered, value-added overlays to healthcare provider contact data. Specifically, we analyzed regulation, legislation, and other government initiatives that could impact the company. Our diligence paid particular attention to the evolving landscape of amendments to the California Consumer Privacy Act (CCPA) in the legislative session, the potential impacts of expanding access to federal health insurance programs, as well as the outlook for federal and state privacy legislation, medical pricing transparency, and the European Union’s General Data Protection Regulation (GDPR).

Background: After several major international data scandals came to light, including one involving Cambridge Analytica and several global consumer breaches, pressure has stepped up on legislators in the US and Europe to tackle the issue of data protection, resulting in new landmark privacy regimes. Sweeping consumer privacy laws in California and Europe are forcing significant changes in companies that deal with personal data—especially those in the digital arena. Some firms, including those whose business models depend on personal data and that face mounting costs to comply with the law, stand to lose more than others.

Our Process: Over three weeks, Capstone conducted a rigorous review of the public record of existing and proposed regulation and legislation. We combined this research with targeted conversations with relevant regulators, policymakers, and other stakeholders to assess the risks and opportunities the companies face. We also conducted a financial analysis to determine how exposed the target company is to the looming data legislation headwinds.

Our Outreach: Capstone has engaged in hundreds of conversations about developing broader consumer privacy protections in the wake of GDPR. During our three-week engagement period for this project, we spoke with approximately two dozen key stakeholders, including:

  • Offices of Republican and Democratic US Senators
  • Office of California Assemblyman Ed Chau (D-Monterey Park)
  • IAB Europe (an association for the digital marketing and advertising ecosystem)
  • California and European privacy advocates
  • Privacy attorneys

The Outcome: Capstone provided our client with an in-depth final report, in addition to regular update calls and presentations, on the evolving policy environment, policy risks, and opportunities that will affect the company in the coming years.

Question about this note? We want to hear from you. Let us know your question and a research analyst will get back to you promptly. We love to discuss our research.

Connect with us

Our Latest Insights

The Growing Disaster Resilience and Recovery Economy

The Growing Disaster Resilience and Recovery Economy

By Matt Wiederrecht and Elena McGovern March 28, 2023 - The phrase “atmospheric river” is quickly becoming a household term among Americans this year, joining the likes of “bomb cyclone” and “polar vortex.” These and other extreme weather events, as well as (the more...

Consumer Finance Monthly Rundown

Consumer Finance Monthly Rundown

Supreme Court Timing Will Hamstring CFPB into 2024; States Likely to Play Larger Regulatory Role By: John Donnelly, Jackie Davey, and Thomas Dee In this report, we highlight the latest consumer finance developments, that we think companies and investors should be...

UK Politics and the Silicon Valley Bank Fallout

UK Politics and the Silicon Valley Bank Fallout

By Mathew Gilbert, Head of Capstone’s European Practice March 19, 2023 - Prudential standards in the UK financial services sector have become an unlikely political football as politicians tussle with regulators over the balance between increasing UK competitiveness...