This is a guest post from Kyle Schryver, Growth and Content Marketing Manager at DataGrail.
Over the past few years, we’ve observed a dramatic shift in data processing spending by investment firms, including hedge funds, investment banks, and venture capital firms. According to Greenwich Associates, the average institutional investment firm spends $900,000 on alternative data each year. In total for 2018, investors are projected to spend $300 million on data sets — up from $170 million last year.
Read on to learn how investment firms use alternative data to analyze trends in consumer decisions as well as company performance and receive insights on how the GDPR and other upcoming regulation impact current practices.
The Growing Breadth and Depth of Personal Data
The tremendous growth in big data and personal data available has revolutionized many industries. Further, as companies — including Google, Facebook, and many others — collect and utilize massive amounts of user information, it’s only expected for other industries to follow in step.
According to the IDC, the volume of personal data available has grown from 2 to 33 zettabytes over the past 8 years and is expected to grow to 175 zettabytes in 2025. As a result, this growth will allow for more analysis and extractable information while also making it increasingly difficult to clean and find niches in data.
Investors Turn to Data for Market Analysis / Predictions
The way investors utilize data sets can appear in stark contrast to other companies that use data for targeting, advertisements, or outreach. Converse to companies, investment firms are not looking at the individuals, but rather they identify trends in consumer decisions and how companies perform in the evolving marketplace.
Michael Recce, the chief data scientist at asset manager Neuberger Berman said,
“This data is lying all over the place… If we can analyze it and figure out who’s really gaining market share, then we can make better investment decisions. Knowing exactly who is winning in the marketplace in real time is going to be a huge advantage”.
Now, investors are presented with the opportunity to buy information from numerous companies. This information can lead to incredible advantages in investing because it can often be analyzed to locate trends and predict market changes. Furthermore, the data can also be used to analyze a company’s current and future position in a perpetually evolving market.
In years past, more traditional investment firms lacked the resources necessary to utilize personal data, but with a growing supply of data and tools to analyze it, firms have finally begun employing data scientists to work with investment professionals to maximize their profits.
Privacy Obligations Investment Firms Face
As investment firms dive deeper into data analysis and the collection of personal data, they’ll become liable under relevant regulation. As a processor of personal data, investment firms are required to comply with subject access and deletion requests. What’s more, consent must also be obtained for EU users.
For quite some time, businesses have bought, sold, and analyzed large quantities of user data, and investment firms have recently joined this practice. However, according to Jon Shammah of Computer Weekly, consumers are beginning to change their expectations and their willingness to give out personal data for use.
Shammah states, “People are finally waking up to the value of the information they have so willingly given in the past and their eyes have started to open”. Shammah specifically pointed to Facebook’s Cambridge Analytica data sharing scandal for upsetting users and increasing consumer awareness of modern business practices.
In January 2020, the CCPA will take effect, requiring new standards for data privacy in regards to California residents. Affected businesses will be required to provide a “Do Not Sell My Personal Information” link on their homepage and must obtain consent prior to selling new users data. This will both limit the amount of data available for sale and processing by investment firms.
Putting “Don’t sell my data” on a website can be viewed by customers as a red flag, raising suspicions and calling into doubt the trustworthiness of a company. In turn, this may not be the route a business wants to take. However, under the upcoming law, the other option will be to completely stop selling user data. If a user no longer wants their data processed or sold, the investment firm is required to comply as a processor and remain in contact with the source of their data.
Under both the GDPR and CCPA, investment firms have obligations as a processor of personal data. Additionally, buying and selling data under these regulations becomes more complicated. Users are required to opt-in to the sale of their data prior to the distribution of said data. Though, exceptions exist, including when a customer relationship is already established.
In regard to the processing of user data, investment firms are likely using anonymized or pseudo-anonymized data, meaning that the data has been disconnected from the person. However, the threshold for anonymization is extraordinarily high. In order to have a truly anonymized data set, the users must be unidentifiable — even when analyzed in comparison with another data set not in the original companies’ possession.
The US has the HIPAA regulation for re-identifying data, which includes the tedious Safe Harbor method. This method requires that firms eliminate 18 specific elements to anonymize data and is often arduous or near impossible while keeping the data useful.
Anonymity proves even more difficult to create under other regulations such as the French data protection authority that defines anonymization as having a less than one-percent re-identification risk; their anonymity and differential anonymity regulation requirements can often destroy data sets before processing even occurs.
According to Gennie Gebhart, associate director of research at the Electronic Frontier Foundation, “It’s incredibly hard to make a truly anonymized data set, anytime you’re combining disparate data sets, there is the risk of creating new privacy-invasive information or assumptions”.
In contrast, pseudonymization data has an entirely subjective privacy law. Pseudonymization is often used as a risk reducer as opposed to a compliance tool.
Cyber Liability Insurance
Cyber liability insurance is a crucial tool that investors must leverage to mitigate the risks of running afoul of these regulations, whether by their own actions or actions of 3rd party bad actors. Cyber insurance policies can help investors with data breach issues cover the costs to notify those affected by a data breach on their networks, forensic costs to figure out what went wrong, and defense/settlement of lawsuits from those whose data was stolen, to name a few.
As investment firms become increasingly more data-driven, they must make sure they’ve properly hedged the risk associated with collecting and maintaining data. Cyber insurance is becoming an absolute must-have to complete the risk-mitigation strategy.
As investors shift their practices towards utilizing the growing amount of data, risk and compliance will become more of an issue. Investors are set to spend $300 million on data sets that will be used to analyze trends and markets. With the GDPR in effect, and more regulation on its way, compliance will be the coming question for investors. New standards, practices, and insurance will lead the way in helping investors and businesses.
About the Author:
Kyle Schryver leads growth and content marketing at DataGrail, a San Francisco based company that provides integrated solutions for data privacy regulation. Kyle produces targeted content designed to provide actionable insights and solutions to readers.