Just released: How to raise venture capital in 2023

Download

Investors’ Use of Data and Privacy Implications

TL:DR

Key Takeaways


This is a guest post from Kyle Schryver, Growth and Content Marketing Manager at DataGrail.


Over the past few years, we’ve observed a dramatic shift in data processing spending by investment firms, including hedge funds, investment banks, and venture capital firms. According to Greenwich Associates, the average institutional investment firm spends $900,000 on alternative data each year. In total for 2018, investors are projected to spend $300 million on data sets — up from $170 million last year.

Read on to learn how investment firms use alternative data to analyze trends in consumer decisions as well as company performance and receive insights on how the GDPR and other upcoming regulation impact current practices.

The Growing Breadth and Depth of Personal Data

The tremendous growth in big data and personal data available has revolutionized many industries. Further, as companies — including Google, Facebook, and many others — collect and utilize massive amounts of user information, it’s only expected for other industries to follow in step.

According to the IDC, the volume of personal data available has grown from 2 to 33 zettabytes over the past 8 years and is expected to grow to 175 zettabytes in 2025. As a result, this growth will allow for more analysis and extractable information while also making it increasingly difficult to clean and find niches in data.

Investors Turn to Data for Market Analysis / Predictions

The way investors utilize data sets can appear in stark contrast to other companies that use data for targeting, advertisements, or outreach. Converse to companies, investment firms are not looking at the individuals, but rather they identify trends in consumer decisions and how companies perform in the evolving marketplace.

Michael Recce, the chief data scientist at asset manager Neuberger Berman said,

“This data is lying all over the place… If we can analyze it and figure out who’s really gaining market share, then we can make better investment decisions. Knowing exactly who is winning in the marketplace in real time is going to be a huge advantage”.

Now, investors are presented with the opportunity to buy information from numerous companies. This information can lead to incredible advantages in investing because it can often be analyzed to locate trends and predict market changes. Furthermore, the data can also be used to analyze a company’s current and future position in a perpetually evolving market.

In years past, more traditional investment firms lacked the resources necessary to utilize personal data, but with a growing supply of data and tools to analyze it, firms have finally begun employing data scientists to work with investment professionals to maximize their profits.

Privacy Obligations Investment Firms Face

As investment firms dive deeper into data analysis and the collection of personal data, they’ll become liable under relevant regulation. As a processor of personal data, investment firms are required to comply with subject access and deletion requests. What’s more, consent must also be obtained for EU users.

For quite some time, businesses have bought, sold, and analyzed large quantities of user data, and investment firms have recently joined this practice. However, according to Jon Shammah of Computer Weekly, consumers are beginning to change their expectations and their willingness to give out personal data for use.

Shammah states, “People are finally waking up to the value of the information they have so willingly given in the past and their eyes have started to open”. Shammah specifically pointed to Facebook’s Cambridge Analytica data sharing scandal for upsetting users and increasing consumer awareness of modern business practices.

In January 2020, the CCPA will take effect, requiring new standards for data privacy in regards to California residents. Affected businesses will be required to provide a “Do Not Sell My Personal Information” link on their homepage and must obtain consent prior to selling new users data. This will both limit the amount of data available for sale and processing by investment firms.

Putting “Don’t sell my data” on a website can be viewed by customers as a red flag, raising suspicions and calling into doubt the trustworthiness of a company. In turn, this may not be the route a business wants to take. However, under the upcoming law, the other option will be to completely stop selling user data. If a user no longer wants their data processed or sold, the investment firm is required to comply as a processor and remain in contact with the source of their data.

Under both the GDPR and CCPA, investment firms have obligations as a processor of personal data. Additionally, buying and selling data under these regulations becomes more complicated. Users are required to opt-in to the sale of their data prior to the distribution of said data. Though, exceptions exist, including when a customer relationship is already established.

In regard to the processing of user data, investment firms are likely using anonymized or pseudo-anonymized data, meaning that the data has been disconnected from the person. However, the threshold for anonymization is extraordinarily high. In order to have a truly anonymized data set, the users must be unidentifiable — even when analyzed in comparison with another data set not in the original companies’ possession.

The US has the HIPAA regulation for re-identifying data, which includes the tedious Safe Harbor method. This method requires that firms eliminate 18 specific elements to anonymize data and is often arduous or near impossible while keeping the data useful.

Anonymity proves even more difficult to create under other regulations such as the French data protection authority that defines anonymization as having a less than one-percent re-identification risk; their anonymity and differential anonymity regulation requirements can often destroy data sets before processing even occurs.

According to Gennie Gebhart, associate director of research at the Electronic Frontier Foundation, “It’s incredibly hard to make a truly anonymized data set, anytime you’re combining disparate data sets, there is the risk of creating new privacy-invasive information or assumptions”.

In contrast, pseudonymization data has an entirely subjective privacy law. Pseudonymization is often used as a risk reducer as opposed to a compliance tool.

Cyber Liability Insurance

Cyber liability insurance is a crucial tool that investors must leverage to mitigate the risks of running afoul of these regulations, whether by their own actions or actions of 3rd party bad actors.  Cyber insurance policies can help investors with data breach issues cover the costs to notify those affected by a data breach on their networks, forensic costs to figure out what went wrong, and defense/settlement of lawsuits from those whose data was stolen, to name a few.

As investment firms become increasingly more data-driven, they must make sure they’ve properly hedged the risk associated with collecting and maintaining data.  Cyber insurance is becoming an absolute must-have to complete the risk-mitigation strategy.

As investors shift their practices towards utilizing the growing amount of data, risk and compliance will become more of an issue. Investors are set to spend $300 million on data sets that will be used to analyze trends and markets. With the GDPR in effect, and more regulation on its way, compliance will be the coming question for investors. New standards, practices, and insurance will lead the way in helping investors and businesses.


About the Author:

KyleSchryver Headshot Kyle Schryver leads growth and content marketing at DataGrail, a San Francisco based company that provides integrated solutions for data privacy regulation. Kyle produces targeted content designed to provide actionable insights and solutions to readers.

Related Articles

data breach 2024
October 1 • Cyber Liability

Top 10 Cyber Security Data Breaches of 2024

Cybersecurity under attack in 2024! Discover the top 10 data breaches that rocked the world. Learn how major companies fell victim to cybercriminals. Understand the risks and take action to protect your business from cyber threats.

supply chain disruptions
August 27 • Cyber Liability

Cyber Attacks & Supply Chain Disruptions: Startup’s Worst Enemy?

Explore the evolving threat landscape for supply chain disruptions, mitigation strategies, and the importance of risk management in today’s volatile business environment.

cyber insurance pricing trends 2024
March 13 • Cyber Liability

Cyber Insurance Pricing Trends 2024

Uncertain about cyber insurance costs in 2024? Our article explores pricing trends, expert predictions on rate increases, and strategies to potentially reduce your cyber insurance premium.

cyber liability insurance premiums
March 4 • Cyber Liability

7 “Must Haves” For Cyber Liability Insurance in 2024

With cyber liability insurance premiums rising, business leaders must have the inside scoop to keep costs low. Our partners at Blacksmith InfoSec delve into those tips and tricks.

non-dilutive debt financing
January 30 • Guest Post

Elevating Your Company’s Valuation: The Power of Non-Dilutive Debt Financing

Unlock exponential growth without sacrificing equity in this guest post from Founders First Capital Partners. Explore the power of non-dilutive debt financing to elevate your company’s valuation and achieve financial freedom.

Cybersecurity Data Breaches
November 9 • Cyber Liability

Top 10 Cybersecurity Data Breaches of 2023

Today’s digital landscape is frightening for business leaders. Here’s a glimpse into some of the most cringe-worthy data breaches in 2023 — plus, how to avoid them.