Data Taxonomy: The Key to Ethical & Legal Data Navigation

Editor’s note: Samuel Logan, author of this article, is CEO and founder of Evidencity, a company that conducts investigative due diligence.

Anybody who’s ever taken an intro to biology class is no doubt aware of the species classification system used to categorize and distinguish animals based on their similarities and differences. Similarly, for more than a decade, a similar method has been applied to the realm of data exploration. 

As investigations into new markets intensify, there’s an increasing dependence on a categorization framework to comprehend the ways in which individuals might engage with publicly gathered data each day, and this data taxonomy framework has been standard since at least 2016.

Understanding the intricacies of data access across different jurisdictions is crucial in the complex world of corporate compliance. Similar to the taxonomy of species, the taxonomy of data provides a framework for exploring the global information landscape; it is essential for those who must ensure their organizations navigate these waters ethically and legally.

When examining the worldwide availability of data necessary for executing legal, financial and business deals, distinct classification boundaries emerge. Imagine a range: At the extreme left are digital records that are accessible online, centralized and public. At the extreme right are the antitheses, physical documents stored in metal filing cabinets. Spanning from the extreme left to the extreme right, a continuum divided into five distinct sections.

5 distinct data classifications

T1: Open centralized online data

Starting with the T1 on the left, this includes records and data accessible online, centralized and open to the public. For example, corporate records for the majority of companies registered in the UK can be accessed by anyone, from any location. 

Individuals are able to obtain details on the ultimate beneficial owner (UBO), examine the basic components of these legal entities and scrutinize a restricted set of yearly financial reports. This position in the spectrum symbolizes an extensive expanse of data that is the simplest and most straightforward to access. T1 data is invaluable for initial screenings and checks, laying the groundwork for deeper investigations. 

And it is the backbone of the open data movement, championed by the European Union and United Kingdom. Yet, sole reliance on T1 data is insufficient for today’s compliance realities, emphasizing the need to explore deeper into the taxonomy.

T2: Commercialized centralized online data

T2 data is online, centralized and commercialized. Often pivotal for enhanced due diligence, particularly in verifying the legitimacy of business partners and suppliers, T2 data is prevalent across many jurisdictions in Western Europe and Anglophone countries like Canada and Australia. Jurisdictions in Southeast Asia, such as Singapore, are also on this list. 

Despite some wrinkles, the data may be accessed with a generic user account and a credit card. However, the commercial nature of T2 data demands a critical eye to evaluate the accuracy and timeliness of the information. Numerous data aggregator firms have mirrored the T2 category within their own systems. By providing a username and credit card, individuals have the ability to reach any information contained in the collective database. 

Entities like Dow Jones and LexisNexis are examples of services in this segment. The opacity of aggregators regarding the origins of their data sources has become an increasing issue for those who need transparency regarding the initial source or provenance of their data.

Compliance

DOJ’s New Safe Harbor Policy Raises Stakes on M&A Due Diligence

by Lauren E. Briggerman and Sarah N. Flanagan

January 8, 2024

Once again, federal authorities are reinforcing the importance of taking compliance seriously

Read moreDetails

T3: Restricted centralized online data

T3 data is online, centralized and restricted. This category poses significant challenges, as access to information is often tightly controlled. Access to T3 category databases can be limited by factors that include language barriers in countries like China or Russia, or requirements for a locally linked credit card. Additionally, access may depend on having a username and password tied to a local phone number or be restricted to local IP addresses. 

The T3 category underscores the importance of local access for legally obtaining vital information, necessitating thorough investigation into data origins and server maintenance. Countries managing T3 data often struggle with limited budgets or corruption, resulting in data issues like link rot, incomplete datasets or frequent downtime. This makes the T3 category particularly challenging, as these nations are typically emerging markets where crucial data for international transactions is not readily available, often requiring the engagement of a local specialist.

T4: Decentralized mostly offline restricted data

Next is T4, where data is categorized as decentralized, mostly offline and mostly restricted. In many jurisdictions that offer federal-level data at the T1 or T2 level, we find that state and local data remains in the T4 category, such as civil litigation records in the United States. Federated countries like Mexico, India and Brazil present considerable hurdles due to their decentralized data management. 

The process and funding behind managing public data in these jurisdictions is not nearly as well-organized or transparent; it’s not clear how budgets are funded because they’re often allocated at the state level. The decentralized nature of data in these jurisdictions poses unique challenges for verifying compliance and conducting due diligence, primarily where the price for retrieval exceeds the budget available for firms to complete their due diligence project. 

Local assistance is nearly always required but is often cost-prohibitive. Countries organized around a T4 model are often considered “edge” marketplaces, with Mexico as the one glaring exception, a jurisdiction that is clearly an investment target yet exceedingly challenging to obtain corporate records in a cost- and time-effective manner. 

T5: Offline decentralized restricted data

Lastly, T5 encompasses primarily peripheral-market nations. In these areas, data might be partially or entirely offline, not centralized and with limited access. Countries within the T5 bracket, like Rwanda, provide online platforms; however, issues such as link decay and source degradation are common, and there can be significant gaps in publicly available data, with whole years missing. 

Similar to other nations in this segment, like Indonesia or the Philippines, the sole method to obtain required information often involves physically queuing to complete a form, or patiently waiting for these jurisdictions to advance to the T3 or T2 levels. Many data vendors in the marketplace offer access to data in T5 jurisdictions, masking the challenges with obtaining this information with low prices and slick user interfaces. Be careful. Many of these vendors are modern-day snake oil salesmen, selling you aged or incorrect data with questionable provenance. 

Local access is required. These challenges and more highlight the need for organizations to develop specialized strategies for dealing with data retrieval in edge markets, including establishing strong local partnerships with law firms or other specialized consultants who maintain a team of runners. Of course, the other option is to avoid conducting business in these jurisdictions.

Understanding data taxonomy and its role in assessing business risk

The availability of public information frequently distinguishes an emerging market from an edge market. This accessibility to public records can be linked with metrics such as the Transparency International Corruption Perceptions Index or the Freedom House Index to assess the risk level involved in conducting financial transactions. Typically, the greater the restrictions on data, the higher the risk that must be addressed before engaging in business within emerging and edge markets. Grasping data taxonomy within a target nation is a critical initial move to circumvent issues like bribery, falsehoods and postponements that accompany investments in these challenging but potentially lucrative areas.

This understanding is particularly pertinent for compliance professionals, who must evaluate and mitigate the risks associated with data accessibility in different jurisdictions. By leveraging data taxonomy, it is possible to more effectively plan due diligence processes, ensuring organizations remain compliant with international and local regulations.

Data taxonomy is a practical tool, not just a theoretical framework. It aids in navigating the complex landscape of global compliance, offering a structured approach to understanding and overcoming the challenges of data access across jurisdictions. By applying this taxonomy, organizations can ensure that their due diligence and risk assessment efforts are both thorough and effective, safeguarding themselves against compliance risks and contributing to the ethical conduct of business worldwide.