New
Legal

What is data compliance – and how can Neudata help?

Discover more about the data risks and compliance challenges associated with alternative data, the importance of properly managing them

Apr 3, 2023

What is data compliance – and how can Neudata help?

Finding the right alternative data to use is no easy task.

Whether you are a corporation seeking to better understand your industry or a hedge fund looking for data to drive better investment ideas, there are hundreds of active data vendors out there.

Neudata lists datasets from almost 2,000 providers and offers data scouting services that can help identify the data best suited to your individual use case.

But finding the correct dataset for your purpose is only one part of the challenge. Once you have identified a useful dataset, how do you diligence vendors and monitor your data portfolio to reduce risk and ensure compliance with regulatory requirements?

In a time of increased scrutiny from regulators over corporate data practices, this question has never been more important — but help is at hand.

Read on to discover more about the data risks and compliance challenges associated with alternative data, the importance of properly managing them, how the Neudata Sentry system can assist and the current alternative data regulatory landscape.

Key takeaways

  • What risks and compliance measures are associated with alternative data?
  • How do funds ensure they are using data in a compliant manner?
  • How do funds diligence data providers?
  • What is the perspective of governments and financial services regulators (like the SEC) on data compliance?

What risks and compliance measures are associated with alternative data?

Using alternative data in your investment research or other internal processes can add huge amounts of value, as Neudata users have found.

But it also throws up questions around risk and compliance. Data buyers will want to ensure compliance with laws and regulations related to material nonpublic information (MNPI), data privacy and intellectual property, among others.

While risk and compliance factor into all data categories, it can be especially onerous for datasets containing sensitive data like health, location, or transaction data.

There are also special compliance considerations for developing areas of alternative data, like ESG. Environmental, social and governance datasets bring a different set of challenges because dataset quality often relies more on the quality of the underlying data (which is often self-reported) than the data vendor itself.

How do funds ensure they are using data in a compliant manner?

For starters, it is very important for data buyers’ compliance teams to be closely involved in the acquisition and implementation of alternative data at every stage of the process.

While vendors should expect and be prepared for this level of scrutiny from buyers, some are more comfortable with rigorous due diligence than others.

What are the underlying sources of the dataset? What is the company’s legal basis for distributing the dataset? Does the dataset contain personal data? Has your company been the subject of any lawsuits, investigations or other negative legal actions?  

These are all questions a vendor should be comfortable answering.

Neudata’s Sentry service provides insights that help data buyers comply with regulatory requirements and reduce risk in their alternative data portfolios.

Part of the Scout platform, Sentry is a system that helps users keep track of legal and compliance news affecting alternative data, evaluate risks related to specific vendors and datasets, and stay compliant on an ongoing basis.

How does it work?

  1. Risk profile: A robust risk check process provides a point-in-time assessment of a vendor’s risk profile, reducing time spent on diligence. By reviewing a vendor’s risk check assessment, users can quickly sort vendors into high-, medium- and low-risk categories.
  2. Due diligence: Neudata provides a catalogue of hundreds of due diligence questionnaires that align with industry best practice guidelines. DDQ answers are instantly assessed for ‘red flags’, which are highlighted for targeted follow up, and inform dataset onboarding and renewal decisions.
  3. Monitoring: The Alerts system monitors vendors daily for litigation, regulation, and key news items related to vendors and the alternative data space. It often breaks industry stories hours before leading news organisations.

These three pillars of the Sentry system align with the Securities and Exchange Commission’s previous statements indicating its requirement that data buyers keep written records of risk profiles, due diligence and monitoring for each vendor.

The SEC’s push for ongoing monitoring of data providers has been an important driver of the monitoring service within Sentry.

Neudata believes that a shift to events-based diligence, rather than diligence solely around contract signatures and renewals, is necessary to mitigate risk in the current environment.

Want further information? A member of Neudata’s team of analysts can explain in more detail.

How do funds diligence data providers?

It’s important that firms thoroughly diligence all data vendors on their practices and policies to understand how they evaluate the content and suppliers of underlying data.

We can dig into this practice using the practical example of privacy and cybersecurity risks relating to re-identification, explored by Neudata Sentry in a February 2023 article.

Most data buyers know that personal or consumer data can often create risks – particularly if individuals can be re-identified based on information pieced together through datasets.

Sentry highlights that the process of diligencing vendors and mitigating risk in this area is not always straightforward, raising a number of potential red flags.

“Vendors should have a clear process for de-identification and a meaningful way to test or understand their dataset’s re-identification risk,” said Brittany Thomas, Neudata regulatory analyst, in her analysis of the topic.

Redaction, blurring, masking and synthetic data use were proposed as de-identification methods. An analysis of Neudata’s DDQ repository found 41% of transactional and location data vendors that claim to de-identify data use two or more methods to do so.

It is this kind of context, data and background understanding that can help users navigate the complex areas within risk and compliance.

What is the perspective of financial services regulators on data compliance?

As mentioned above, the SEC pays close attention to data compliance — and Sentry has tools to help meet the regulatory standard.

But it is important to understand in more depth how financial services regulators are evaluating data compliance.

Given the size and geographical reach of the US market, the SEC is the most important regulator in this space. But it is not the only one to consider, even in the US.

For instance, Neudata has observed the Federal Trade Commission becoming a meaningful force in the regulation of alternative data in the US.

Sentry noted last year that the FTC has taken several actions in the space. Data vendors (particularly location data vendors) now appear to be a top enforcement priority for the FTC and may be subject to existential threats in court and the press.

Other examples

Sentry has provided important intelligence on many regulatory developments globally in recent years, including:

  • The Data Security Law in China in 2021: This law demanded coordination with and disclosures to local governments. Sentry provided insight via a white paper on data transfers from China and a related survey of Chinese vendors on permanency risk.
  • China: Asia’s largest economy has been a key topic from a compliance perspective given the potential size of the market, combined with the unique set of local and geopolitical risk factors. Sentry has provided guidance on how data buyers can assess overall risk in a China-based vendor, given recent regulatory and enforcement developments.
  • Data localisation: The topic of how data buyers deal with changing geopolitical pressures is not new, with regulations such as GDPR constraining alternative data products since 2018. Sentry recently highlighted whether buyers should build local data infrastructure outside of the US/UK/EU, as enforcement actions in India, China and Russia suggest that data localisation has become a high-profile weapon in global trade, rather than solely a privacy issue.

How can Neudata help?

As the alternative data space has evolved, so have the frameworks in place to help buyers navigate risk and compliance questions. Neudata helps firms build, manage and improve the success of their alternative data programs – specifically through helping them find new sources of data and managing their existing data portfolio.

Neudata’s Sentry system is specifically focused on helping firms manage their existing data portfolio. The product has three pillars: point-in-time risk assessment, in-depth due diligence services and real-time legal and compliance event monitoring. Developed with feedback from industry experts and organisations, Sentry is the leading provider of vendor management services to the institutional investor community.

Neudata serves as the global authoritative source for global data intelligence. We provide research and expert consultancy on data sources and use cases – we do not provide the data itself or act as a broker.

Neudata users are also able to leverage insights from our research experts based in London, New York and Shanghai, and benefit from our data scouting service.

Since 2016, we have helped our clients understand the landscape of available datasets, increasing the efficiency of their data spending budgets. Neudata’s data buyer clients represent 60-70% of industry-wide spending on alternative data.

If you provide data and want advice on monetising it, or if you're looking to buy alternative data, please reach out to info@neudata.co to learn more about how Neudata can help.

Photo by Scott Graham on Unsplash

Blog suggestion

Suggest a topic for the Neudata blog

Suggest a blog topic