Emerging Privacy Legislation and its Risks to a Healthcare Tech Company’s Business Model

Emerging Privacy Legislation and its Risks to a Healthcare Tech Company’s Business Model

The Request: Capstone advised a client on the potential acquisition of a healthcare analytics company that paired bolstered, value-added overlays to healthcare provider contact data. Specifically, we analyzed regulation, legislation, and other government initiatives that could impact the company. Our diligence paid particular attention to the evolving landscape of amendments to the California Consumer Privacy Act (CCPA) in the legislative session, the potential impacts of expanding access to federal health insurance programs, as well as the outlook for federal and state privacy legislation, medical pricing transparency, and the European Union’s General Data Protection Regulation (GDPR).

Background: After several major international data scandals came to light, including one involving Cambridge Analytica and several global consumer breaches, pressure has stepped up on legislators in the US and Europe to tackle the issue of data protection, resulting in new landmark privacy regimes. Sweeping consumer privacy laws in California and Europe are forcing significant changes in companies that deal with personal data—especially those in the digital arena. Some firms, including those whose business models depend on personal data and that face mounting costs to comply with the law, stand to lose more than others.

Our Process: Over three weeks, Capstone conducted a rigorous review of the public record of existing and proposed regulation and legislation. We combined this research with targeted conversations with relevant regulators, policymakers, and other stakeholders to assess the risks and opportunities the companies face. We also conducted a financial analysis to determine how exposed the target company is to the looming data legislation headwinds.

Our Outreach: Capstone has engaged in hundreds of conversations about developing broader consumer privacy protections in the wake of GDPR. During our three-week engagement period for this project, we spoke with approximately two dozen key stakeholders, including:

  • Offices of Republican and Democratic US Senators
  • Office of California Assemblyman Ed Chau (D-Monterey Park)
  • IAB Europe (an association for the digital marketing and advertising ecosystem)
  • California and European privacy advocates
  • Privacy attorneys

The Outcome: Capstone provided our client with an in-depth final report, in addition to regular update calls and presentations, on the evolving policy environment, policy risks, and opportunities that will affect the company in the coming years.

Have a question?

We want to hear from you. Let us know your question and a research analyst will get back to you promptly. We love to discuss our research.


Our Latest Insights