Office rental company Regus announced today that job performance details of more than 900 employees were published online accidentally it seems.
The data leak originated when an external mystery shopper agency that was hired by Regus to review and document the sales performance and practices of it's staff published the results publicly on a popular task-management website Trello.
The names and addresses of hundreds of staff at Regus where made public and available online for anyone to Google after the mistake by external agency Applause.
The issue is common and in fact was a similar reason why there was a data leak of internal government and NHS files in 2018.
1) Make Sure Any Channel Checks are Legal and Ethical
Probably the most overlooked but from my perspective one of the most interesting angels to this story is the fact that Regus management teams had commissioned an external mystery shopper agency to secretly film and record their own employees (presumably, at least it appears) without their consent.
The idea itself is valid and a good one but the execution here was clearly poor and breached best practices and regulation around privacy.
Woozle Research conducts channel checks for institutional investors all the time. Usually a hedge fund or private equity firm will be looking to make a several hundred million dollar investment into a new business or start-up which is potentially lucrative but also highly risky.
Is there a market for this product or service? Is there new technology that might supplant it? Do customers care about this problem and do they need this solution? How much are they willing to pay for it? Are their any current or future alternatives that might make this start-up obsolete?
These are all valid questions that our investment clients typically have - whether they are a hedge fund or private equity firm. When they come to Woozle Research, we will design questions and prepare a tailored proposal of how we will interview and speak to knowledgeable company stakeholders to get grass-roots insights from the people that know the product or business best - stakeholders.
For example, we might interview clients or customers of a particular business, we might talk to people that are target customers, or future or current employees or competitors to get an idea of what's driving the industry and the commercial trends in that space. The main thing here is that this in of itself is totally fine - it's a competitive edge for investors but it's also prudent due diligence and in my opinion a fiduciary responsibility if you are managing money. What Woozle never does however is breach clear confidentiality or privacy laws and we always act responsibly and ethically.
The problem with this firm Applause and Regus management was that they recorded employees without their knowledge or consent. This is illegal and most definitely not ethical.
2) Channel Check is Important for Management & Investors!
The Regus data leak highlights a fairly fundamental and widespread problem that faces almost all businesses of size. Senior leadership tends to know only a fraction of what's actually going on at the companies they run and even less about the problems and challenges that front-line staff are facing every day.
This concept was initially popularized in the 1980's by a consultant named Sidney Yoshida which we termed "the iceberg of ignorance". Most of the problems, challenges, and successes of any large business are known and because of the efforts of front-line staff throughout the organisation who basically run those businesses.
These people will know who their biggest competitors are, what problems customers are facing, why sales people aren't able to close deals, which competitors clients are moving to, what's hot and not in the market, and which vendors or suppliers are adding value etc.
This really shows why businesses like Regus are going in the direction of hiring third-party mystery shopper type agencies to go undercover as potential customers to find out what's really going on in their business.
To me it's quite clear. If this approach of conducting channel checks is good enough for management to decide on what they need to do to run their business more effectively, it's good enough for investors who own or are considering buying those businesses themselves!
If you're thinking about investing several hundreds of millions of dollars into Regus answer me this - would you not want to know beforehand that their sales practices are ineffective? Or that WeWork is cleaning up because sales staff aren't being incentivised?
3) Beware of Data Security when Using SaaS or Cloud-Based Business Tools
The growing popularity of software-as-a-service platforms and online, cloud-based business tools is evident to anyone that has been in the workforce for more than a few years.
The growth of popular tools for social media, marketing, sales, design, email communications, business chat, skype, video, conference calls, food deliveries etc - the list is endless. I'm willing to bet that anyone reading this will be able to list off at least 5 different SaaS platforms that they currently use in their role that they wouldn't have done 10 or even 5 years ago.
Although the growth of these platforms is excellent for time efficiency and productivity in the workplace, what doesn't' get talked about nearly as much but is probably just as if not more important is the security of the data and content we are producing online. Online hackers continue to trawl the internet for easy targets, the security protocols for some new start-ups aren't up to par with what's needed, and of course we cannot underweight the impact of good old fat-finger mistakes that will inevitably follow as technological progress speeds up.
Regus isn't alone. Not for the first time have businesses collaborating on a third-party SaaS platform made the mistake of trying to share data between client and agent only to find that it's been published publicly and can be found with a simple Google search!
Woozle has helped dozens of private equity clients source on-the-ground insights from clients and customers of SaaS platforms and in many instances you'll be surprised at how many times you hear a similar story from customers about something that those companies dismiss out of hand or in fact have as one of their key selling points on their website! Data security is generally not up to scratch in the projects we have worked on!
Our advice - if you're thinking of investing in or becoming a customer of a SaaS business always ask to speak to a few current customers or users. Alternatively, drop Woozle Research a line and we'll be happy to do it for you.
About Woozle Research
In today’s fast-moving and competitive financial markets, investors can’t rely on traditional data or research alone to provide them with an informational edge. We use primary research to deliver exclusive, leading, and differentiated insights sourced directly from subject-matter experts to help clients gain a deeper understanding of their investments and realize greater returns.
Our solutions for Hedge Funds, Asset Managers, and Private Equity firms are relied on by many of the world's largest investors who trust us to provide winning first-hand intelligence to help them identify, predict, and monetize trends long before it's known to competitors.
Our alternative data reports are available to paying institutional clients including equity analysts and portfolio managers at hedge funds, long-only asset managers, and private equity funds. To learn more about how our interview and survey intelligence helps funds generate alpha, request a free trial and we'd be happy to showcase our work.