In our previous post, we completed our discussion of data productization, focusing on the importance of robust delivery systems and packaging. Next, we will discuss the data compliance and privacy concerns most often expressed by data providers.
The media has made much of datasets used by Wall Street that are not “anonymized”, but the reality is that professional investors do not care one bit about an individual’s information. They only care about data that moves markets. That Lucy Morgan, 37, of Louisville, Kentucky just bought six family-sized bars of Hershey’s chocolate using her MasterCard at Costco does not interest them in the least.
What analysts do want to know is how many people are buying Hershey bars across the US this quarter compared to last quarter, how many new credit cards has MasterCard issued in the last month or how many daily transactions Costco has handled compared to Walmart.
Indeed, unlike advertisers, Wall Street clients are not only uninterested in personally identifiable information (PII), they actually insist that the data product they purchase be scrubbed clean of it. They have their own compliance policies and regulations to contend with and you can be certain some of these will be written into the contracts they sign with you. (See, for instance, this Financial Times article.)
After all, if a data publisher fails to hide sensitive information, then the quants will have to do it themselves and they don’t want to be in that precarious position. The data you deliver to your Wall Street customers, therefore, cannot contain any personally identifiable information at all. You must scrub this information out of your data product and furthermore make it impossible to reconstruct.
In this way, the data-anonymizing process is an integral component of the service you provide your clients. It is good customer service; however, it is also the law.
Some countries, such as those in Europe, have adopted strict data protection laws that provide clear directives on how companies can process and disseminate data. However, other countries, including China, have complex legal and regulatory systems that must be deciphered and navigated carefully, as they do not always come together to form a comprehensive (or coherent) guide for data publishers. All this is to say, personal information must be gathered, processed and stored in accordance with applicable geographical data privacy laws. With the international complexities of data privacy legislation and the constantly evolving landscape of big data, compliance must be a chief concern for any company considering data monetization.
Information privacy laws in the US have been legislated on a sectoral basis. For example, the Health Insurance Portability and Accountability Act (HIPAA) governs the national standards for electronic healthcare data transactions. More recently, in April 2017, the Trump administration signed a congressional resolution to overturn the internet privacy protections created by the FCC during the Obama administration, allowing broadband internet service providers (ISPs) to “track and sell a customer’s online information with greater ease”.
The European Union rolled out sweeping harmonized data protection controls in 2012 through the General Data Protection Regulation (GDPR). This regulation will become binding upon all member states by May 2018; however, given the UK’s departure from the EU, it is not yet known whether it will diverge from the GDPR.
These are just two examples that illustrate the importance of understanding the legislation, especially if you have a global product. Your approach to data collection should be to err on the side of caution and never collect or distribute sensitive or personal information. The feed you deliver should be properly stripped of any personally identifiable information at the consumer level. This is any data that can identify a specific individual, be it their name, phone number, address or even gender.
Finally, in addition to protecting the privacy of your dataset, you may also want to safeguard your firm’s privacy. There are precedents in place to sell data anonymously and, in our opinion, this is wholly acceptable and should be an easily negotiable aspect of your contract with an asset manager.
In the next installment of our Data Monetization Series, we will deep dive into marketing and sales best practices for newly created data assets.