We live in an information-driven society. Data fuels our decision-making, direction, and development, and new technologies offer different ways to observe consumer and market behaviours. These data sources and methods are often referred to as “alternative data,” and a robust ecosystem has evolved to facilitate the identification and dissemination of this data. Understanding potential risks and parameters around the acquisition and use of alternative data is important to ensure responsible practices, and diligence is key to this process.

One of the challenges in the diligence process can be a communication disconnect. Parties may simply misunderstand the reason for a particular diligence question or have difficulty parsing the answer. It is said that travel helps one see the same world from a different perspective. In that spirit, we have provided a brief travel guide to help you navigate these hurdles and assist with your diligence journey.

MASTER THE FUNDAMENTALS – BRING AN ITINERARY AND LEARN THE LANGUAGE

Like any trip, you must prepare for it by understanding where you are going, what you plan to do when you arrive, and what items you will need when you get there. Diligence is similar. To make diligence efficient and meaningful, both parties should understand (a) what data is at issue; (b) how it was sourced; and (c) what limits or considerations may apply to it. Having each party approach the diligence conversation with this knowledge should help reduce one of the common criticisms of the process, which is that it takes too long. For instance, data purchasers will want to know from their team – to the extent possible – what data and data fields they are receiving so they can ask the right questions. Correspondingly, data vendors should understand that diligence considerations may include not only traditional securities issues (e.g., material non-public information) but also data-sourcing questions relating to privacy, surveillance, and other laws. Given the complexity of some data sets and the emerging legal and private regulatory landscape, neither party should be shy about bringing an interpreter or asking for a translation in response to a question or answer. It is in everyone’s interests to communicate effectively and openly.

APPRECIATE THE CULTURAL LANDSCAPE – EMBRACE THE DILIGENCE PROCESS 

Diligence has become an integral part of the alternative data landscape. The Securities & Exchange Commission has identified alternative data as an examination priority and is looking closely at the diligence process for entities it regulates. So, all participants should recognise that data purchasers, especially those regulated by the SEC, have to satisfy their own diligence obligations – they are not simply being ornery by asking probing questions.

Of course, data vendors want to protect their secret sauce as much as possible. Like a restaurant with a culinary specialty, vendors don’t want anyone else to make the exact same dish. Requiring them to disclose the entire recipe can threaten their livelihood, as you could source the same ingredients yourself. But asking whether the inputs are locally sourced, free from contaminants, and fresh are reasonable questions in either context.

BE TOURISM-FOCUSED

For data vendors, diligence can be an opportunity rather than a distraction, if viewed that way. Vendors can be tour guides, highlighting the thoughtfulness and sophistication of their data intake and review process. They also can compete on their accessibility to data tourists. For instance, if a vendor knows what information their clients are regularly requesting, why not provide a simple, accessible “guidebook”? Offering an easy and robust diligence process can facilitate the onboarding of clients, reduce a vendor’s risk in the marketplace, and make their data and their business more attractive to partners. Additionally, purchaser diligence questions can help a vendor identify ways to tighten their internal procedures and ensure documentation of data flows – something that can be helpful internally for their own data-mapping and security considerations.

KEEP AN ORGANISED TRAVEL JOURNAL

As is good practice for all trips, travellers should remember and memorialise their diligence journey. Data purchasers, especially those regulated by SEC, have obligations to maintain and document policies and practices around their diligence. In doing so, they may request certain materials from data vendors to support what they learn during the diligence discussions. Data vendors can reduce friction by recognising the reason for these requests and complying to the extent that they can. Data purchasers can ease their own burden through a streamlined and routine diligence checklist and memo format, so that they can compare their providers on similar metrics.

PARTING THOUGHTS

Alternative data and the law and best practices around it are continually evolving. Diligence has an important role to play in helping data vendors and data purchasers better communicate and to reduce risk for all parties. So, engage in it in good faith, recognise the travel boundaries, and if you get lost, don’t be afraid to ask us for directions.

Stacey Brandenburg advises clients on privacy, data security, and a range of emerging technology and data-related issues. A veteran of the Federal Trade Commission’s Division of Privacy and Identity Protection, Stacey regularly represents companies in FTC investigations involving Section 5 of the FTC Act, endorsement and testimonial guidelines, and the Children’s Online Privacy Protection Act. She also helps clients navigate State Attorneys General inquiries regarding consumer protection laws, and has favourably negotiated resolutions of these matters.

Marc Zwillinger is the founder and managing member of ZwillGen PLLC. Marc counsels on issues related to the laws governing Internet practices, including issues related to the Electronic Communications Privacy Act, the Foreign Intelligence Surveillance Act, data privacy, use of alternative data for investment evaluation and fantasy sports and Internet gambling. He also helps Internet Service Providers and other clients with their compliance obligations pertaining to the use and disclosure of customer and subscriber information.

Photo by Brandi Redd on Unsplash