Privacy is a shared responsibility

World Economic Forum

It is in the interests of investors to take an active role in defining new norms

The rise and accelerated adoption of technology has brought with it much opportunity. In ways perhaps not seen since the Industrial Revolution, new technologies have upended the status quo in industries as diverse as banking, telecommunications, transport, and entertainment. Alongside all the benefits of a new industrial revolution, we have new challenges, particularly in the realm of consumer safety and user protection.

Perhaps the most complex of these challenges has been the issue of privacy. By privacy, I am referring to the protection of personal information and the rights of the individual to determine what about them can be shared with third parties. This is a particularly important subject, given that sharing personal information is often the ticket to more user-friendly technology, an improved user experience, and the possibility for future innovation and development.

Initiatives such as the EU's General Data Protection Regulation (GDPR) establish principles and rights between companies and individuals, creating a new compact for the protection of user privacy. But the pace of innovation and accelerated complexity of modern technology is proving that privacy is, in fact, a shared responsibility. There is a role for government, users, and businesses to ensure collectively the stable development of novel technologies, as well as the commitment to privacy.

The best entrepreneurs want to fix problems for people and save people time. This is a mindset which can distinguish the most successful entrepreneurs from the rest of the pack. Founders who are focused on improving how their customers live their lives will view issues like privacy from their customers' point of view, and are more likely to have their best interests in mind. As more and more entrepreneurs see how protecting user privacy is an essential part of helping people through technology, an overall shift in industry norms will occur which sees privacy not as a compliance exercise, but as a key part of a winning idea.

This comes alongside the diverse risks that exist should technology businesses seek to work with large corporate clients. A lack of robust data privacy at the earliest stages of their venture may cause knock-on effects, as the larger the organization becomes organically or through partnership, the more problematic data breaches can be in terms of reputational and financial risk.

But it is the role played by investors that is perhaps the most interesting. Investors are involved at the very early stages of innovation. It is they who decide where to allocate capital, and on what basis investments are likely to be successful. They can, and do, provide a useful voice at the table in shaping company strategy and should be more involved in supporting founders, through mentoring, guiding, and creating opportunities to enable them to make good choices with regard to privacy. This is particularly important, as the most successful start-ups of today could well become the Facebooks and Googles of the future, and as a result bring an enormous impact on norms around privacy in technology.

Investors can help companies to incorporate robust security practices in the early stages of product generation so that businesses are actively incentivised to adopt best practice from the very beginning, rather than proactively punished when things go wrong. As the World Economic Forum noted, this is actually much more economical in the long-run as companies can avoid the costs of enormous data breaches, the likes of which we have seen recently in the cases of Mastercard and Visa.

An active commitment to privacy from investors is both in their interests and the interests of technology entrepreneurs themselves. If investors actively hold "skin in the game", to quote Nassim Taleb, they are more likely to offer a valuable and constructive approach to entrepreneurs in directing what security policy to follow, as opposed to detached and aloof investors who simply care about the bottom line. As the World Economic Forum stated, "during the investment process, investors look at quality of earnings and revenue. Why aren't investors looking at the quality of security of the company and its product?"

The answer is because this is still a work in progress. Yet investors do have tools at their disposal to look at cybersecurity practices more critically and evaluate investment decisions accordingly. In time, global standards will emerge, but this is catalyzed by companies noticing the benefits accrued to their rivals from following best practice and electing to do the same.

To take the example of the ESG revolution, it has been the shift from a compliance-based mindset to an opportunity-based mindset which has spurred best in-class sustainability practices in the finance industry, as businesses have seen how adopting better sustainability practices has improved access to capital. Once investors wake up to the opportunity of actively pushing companies to adopt better privacy standards, I believe that we will witness the same phenomenon, and this will set the scene for what standards of security and data protection become normalized in the future.