TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | VCs: Data Privacy Affects Your Valuation, Ability To Raise Capital Related reading: His Task? Start Up a Privacy Program at a Start-Up




It is not in Silicon Valley’s culture, the conventional wisdom runs, to hold up the next great billion-dollar app because of a few questions about privacy concerns.

Who owns that data? Do you have consent to use it that way? Won’t users wonder why you need access to their microphone?

Pishposh, McIntosh. We’ll figure that out after we get the first funding round.

Perhaps, however, that era has passed.

Last week, Andreessen Horowitz, Entrepreneur’s top funder of early-stage start-ups for 2014, announced a notable hire: Ted Ullyot, former general counsel at Facebook, where he helped negotiate the Internet giant’s settlement with the Federal Trade Commission. He’s been tasked with launching a new policy division at the venture capital firm to help its portfolio companies navigate state and federal regulations when developing new data-fueled services.

“As I look around the landscape today,” Ullyot told Re/code, “you have many companies today in a similar position to where Facebook was in the early days.”

Yes, it’s becoming clear: While the Digital Age continues to boom, if you want funding to get your firm booming, you’d better make sure your privacy house is in order.

“It’s definitely part of our due diligence,” said Steve Herrod, a partner at General Catalyst, which has funded the likes of Snapchat and Kayak, “when we have companies that are storing customer data, like public cloud services. What are they doing with data retention and protection?”

Ursheet Parikh agrees. He’s a partner at Mayfield, an early-stage venture capital (VC) firm with $2.6 billion under management and investments in firms like Couchbase (big data management platform), Elastica (cloud security) and Gigya (customer identity management). “We end up investing very early in most of our companies,” he said. “We’re usually the first institutional capital in. And on the board, we do ask a lot of these privacy questions. Privacy is entering the conversation much earlier, and data privacy is very strongly tied to the overall information security. These are discussions at a very high level.”


“I’ve been working in the tech space for a while,” Herrod said, “and it’s really become a board-level issue for the first time—obviously, in light of well-publicized breaches. In many cases, IT has never been a board-level discussion. That’s changed.”

Nor is it simply the potential investors who are asking the questions, Herrod said. When he’s out working with potential customers for his start-ups, it’s imperative that privacy isn’t an afterthought.

“I’ve been working in the tech space for a while,” he said, “and it’s really become a board-level issue for the first time—obviously, in light of well-publicized breaches. In many cases, IT has never been a board-level discussion. That’s changed.”

The result is a pair of trends in the venture capital space: First, funders are making data privacy a priority in due diligence with potential start-ups, but, second, investors are also looking for privacy-enhancing technology start-ups to invest in, as they look to solve the privacy issues of corporate America and beyond. This latter trend heated up about a year after Snowden and continues unabated.

Jon Brod is a cofounder of Confide, an ephemeral messaging service he describes as being LinkedIn to Snapchat’s Twitter. As he built his privacy-focused firm, “We didn’t even have a pitch deck,” he said of looking for money to grow. “We got absolutely inundated with VC interest.”

An off-the-record messaging app that uses encryption and screen-shot protection (it basically only shows you a word at a time as you swipe) to keep messages from being copied or falling into the wrong hands, all Confide really had to do was launch a beta service in late 2013 for about 300 people, many of them VCs, then sit back and sift through the feedback.

Once it launched properly in January of 2014, Squawkbox was eager to help spread the word, and later that year, it took on $2 million in funding from the likes of Google Ventures, SV Angel, the CEO of Yelp, the guy who created Entourage, First Round Capital and WGI Group.

“And we were offered exponentially more than that,” said Brod.

Snowden had already happened. Governor Christie’s Bridgegate happened. The iCloud hack happened.

“It was the perfect storm,” Brod said. “These events were taking over A1 of every newspaper; the app was actually quite good, and the team that we had was world class. And that really created an interest in investing with us.”

He noted, “Privacy is just much more mainstream. Every couple of months, there’s a new poster child.”

Investors have an eye toward international expansion, too. No one wants privacy to get in the way of a market opportunity.

“Certainly, with early stage investing in the U.S., you’re mostly trying to figure out how to tackle North America,” said General Catalyst’s Herrod, “but there’s no question we look at how they could perform on the international stage, and especially if they’re dealing with sensitive data, we look at what their expansion could look like … It’s gone into all of our minds that expansion internationally is a lot more tricky than it has been in the past.”

It’s easier, though, if you’ve actively considered data protection. Mayfield’s Parikh noted that the cloud infrastructure offered by the Microsofts and Amazons of the world make jumping into international markets easier for data-driven services, “and the silver lining is that if you have good policies and practices in place, then you’re able to go ahead and follow these opportunities worldwide.”

Venture capitalists want growth and a clean exit strategy. They don’t want a data privacy mishap to impede either of those things with a public relations disaster or 20-year consent decree.

“In the past,” said Parikh, “privacy was something that people discussed and didn’t want to work with, but now, while it’s clearly compliance, it’s also the right thing to do … I think that combination has made it a much more high-visibility item. When due diligence is happening, I think one of the things that people like me are looking for is how the management is in synch with all the business issues they need to address for success. If there’s a business plan that’s going to be talking a lot about data management, then privacy comes up.”

The future for data-driven start-ups “is going to be different,” said Herrod. “Start-ups that are far more explicit about what they’re doing with data will be able to distinguish themselves … It will be up front and center as you’re acquiring customers. Thinking about it early makes a ton of sense from our perspective, and how well you do that will be a determining factor in your value going forward.”

photo credit: VC Parking via photopin (license)

1 Comment

If you want to comment on this post, you need to login.

  • comment Todd • May 11, 2015
    Great article, Sam.