Data Protection - Lessons From Facebook


Friday, May 25, 2018 | Tim Andrews, The ID Register

Facebook was still three years away from launch when I graduated. The screech of my dial-up modem was followed by some simple websites that functioned just like the posters or billboards that had preceded them. Less than 20 years later, we all witnessed a congressional circus around Mark Zuckerberg where democratic leaders struggled to understand the complex problem of data privacy for which neither government, financial markets nor firms themselves have a ready answer.

The ID Register recently passed the 20,000 investor profile threshold and, while miniscule in comparison with the terabytes of data held by Facebook, it is incumbent on all of us who run web-based businesses to hardwire data protection into the DNA of our culture and processes. In doing so, we offer the security and protection of digitisation over the privacy and accuracy risks of paper-based processes.  This paper sets out our current thinking and is intended as the basis of an ongoing discussion in which you are warmly invited to participate.

 

The Challenge

We all, both businesses and consumers, leave a digital trail. Births, deaths, voter registers, companies’ registers, beneficial ownership registers, regulatory and tax filings, media articles and especially our ‘likes’, shopping habits, comments and shares in our personal lives all combine into our digital portrait. Controlling this phenomenon is difficult because:

  • The data is held on servers in a variety of countries by firms who are established internationally so enforcing legal jurisdiction is difficult.
  • Each individual piece of data has likely been provided freely by us as individuals or as a regulatory requirement by businesses, generally under terms & conditions which we have accepted and which web firms, The ID Register included, scrupulously keep updated.
  • In many cases, the default internet business model has provided a ‘free’ service to consumers and businesses in return for data which then supports targeted advertising. Having eaten our free lunch, it is in many ways now churlish and counter-productive to complain about it.

Absent the international data equivalent of the Common Reporting Standard, all digital data processors must  demonstrate effective data protection in order to succeed.

 

Our Approach

Most web firms talk a good game on data protection – but talk is cheap. At The ID Register, we have based our every day approach to data protection around three themes:

  1. Culture: We challenge and change our service continually as we connect our clients to each other.

  2. Governance: We aim for the highest standards of corporate governance and to engage proactively with governments and regulators.

  3. Service: You’ll never see an advert on our site. Our clients control their own information and to whom it is connected.


Here’s how these themes help us protect your information in practice:

A pervasive sense of mission, rapid growth and enthusiasm has made many tech firms very energising places to work. It may also have perpetuated confirmation bias where management are surrounded by true believers who echo their own thoughts. It’s been my privilege to meet investors, fund managers and service providers from many parts of the international private funds market over the last two years. Some have bought into our mission, some have challenged it. We have therefore hired staff from diverse backgrounds, at different stages of life and with distinctive skills. We are challenged every day to get better across all aspects of our business – to become more efficient, more secure, more simple and we actively encourage feedback from staff, clients and partners without reserve. Nobody has all the answers or indeed  builds a service that cannot be improved and our active embrace of improvement is fostered within every person and process in our firm.

As we have learned more about how services like us are viewed by governments and regulators, we have realised that we need to go beyond what is legally required and to have an open ongoing discussion that may even help shape policy and how we fit within it. It is harder to regulate the FANGs (Facebook, Amazon, Netflix & Google) of today than it was to break up Standard Oil a century ago and it is arguably a significant social failure that we have let a small collection of firms grow so large without more constructive government involvement.  Regulators may encourage innovation and have an open door policy to new ideas but if businesses like ours don’t walk through them then an open door is just swinging in the wind. Mark Quigley, our Legal Manager, and I will continue to help governments and regulators understand our business and our place in the financial sector.

Some industry organisations have struggled to work with us because, yes, we unashamedly are a business run for profit. Investor profiles are maintained without charge while funds and banks to which investors share their profiles pay a subscription for our services. We do not obtain revenue from  advertising or from selling data. Our business-to-business model highlights the evolution of the internet from the anarchic beginnings through consumer-lead ‘free’ services supported by advertising, into the economy of the future where firms’ physical premises no longer constrain their markets or services. We help move the many PDF copies of your passport for example that sit in emails, paper boxes and files in firms around the world into a single encrypted profile that you control and you share with others. Our commercial imperative is to keep that information safe.

 

The Solution

The ID Register replaces the many pdfs and paper documents behind fund subscription, KYC and FATCA/CRS processes with a single encrypted digital profile. Our business model, culture and governance are committed to keep improving the way we store and process that information, above and beyond what is required by law.

Taking this approach, we are continually learning from the experience of today’s largely consumer focused tech giants.  By doing so we seek to inform and shape the thinking of the governments and regulators with whom both we and our clients interact.  We support continual improvement within a culture of challenge and diverse thinking.

Whether you are a client already or have been watching our progress, we welcome your feedback and suggestions. https://theidregister.com/contact-us/

Back to Resources