Privacy management for wealthy families and ultra-high net worth individuals ought to be a hands-on affair in light of constantly evolving threats. It is why a timely audit and assessment of privacy needs is vital in the digital age.
In today’s digital world where people want effective results instantly, many share personal data to ease a process often without exercising due caution or fully realizing the consequences of their actions. Furthermore, people’s willingness to share their information – whether knowingly or unknowingly – is growing. Given that many people always carry their smartphones with them, there is also an expectation that we are ‘available and there’ at all times.
As a result, vast amounts of personal and business information can potentially be hacked and sold if caution is not exercised. Resulting cyber-breaches expose wealthy families and their family offices to identity theft, fraud, and safety risks. The digital world also has a long memory and even well-crafted attempts to delete information can fail to achieve the desired effect.
Once personal data is breached, there is also an increased risk of malicious actors attempting to log onto social media, banking, or corporate websites with these compromised credentials. Not all threats to the privacy of the wealthy are digital. For instance, long-lens and covert photography, and physical surveillance by rivals have become an increasing threat, especially as media interest in the private lives of the wealthy has intensified. Whatever the nature of the privacy breach might be, financial, emotional and reputational damage could be significant.
Comprehensive privacy planning is the only way to protect against such breaches. We believe families should not wait for privacy risks to materialize before acting. The best way to prevent privacy invasions is to anticipate where such breaches may come from. This is easier said than done, but a privacy audit enables family offices to map a family’s potential risk areas.
By mapping every person, asset, and activity that is connected to a family, family offices can identify private information that could be made public, and the means through which it could happen. Within reason, this audit should also be extended to cover a family principal’s children as they are more likely to post pictures and information on social media channels with little or no regard for the potential privacy and security implications.
Any such risk assessment is complicated by the difficulty of aggregating this information. We are constantly sharing our information across social media, geotags, app records, and behavioral trackers in cyberspace. This makes collecting and analyzing all this information challenging.
The process of aggregation should not be limited to what’s available online. Several missing pieces of a person’s private jigsaw can be filled in by crossreferencing public records and databases. The simple act of aggregating disparate pieces of a private jigsaw can produce a very detailed, invasive, and valuable picture for those wishing to attack or exploit a family member or family office executive.
Privacy audit via an aggregation exercise is crucial
As a consequence, the most valuable proactive step in personal privacy planning is auditing the available information from an aggregation exercise. Family offices should take action by investigating publicly available data on themselves and the families they serve before someone else – with malign intentions – does. An audit will allow family principals to identify where privacy ‘leaks’ exist and the inferences that can be drawn about a family’s private life. Only when this comprehensive overview has been completed is it possible to start anticipating the associated risks.
Families consistently underestimate how much information about them is publicly available and the level of intrusion that is possible from aggregating and cross-referencing that information. Moreover, there is a lot of public or government data that they may not be able to find themselves (e.g. restricted to in-person viewing or low demand and not digitized).
Therefore, audits require expertise and experience to ensure that an exhaustive records and open source search is conducted. Informed decisions based on facts rather than fear of the unknown would help in mitigating fears involving reassuringly simple solutions such as:
- Deactivating or updating old profiles on social media
- Unsubscribing from mailing lists
- Removing address details and other personal information from the public domain
- Tightening security on social media profiles
- Clearing browser information
The next step is an evaluation of the likelihood of a family’s privacy being breached. It is important to understand that likelihood is not static, but will ebb and flow according to a family’s profile, levels of activity, acquisitions of companies and assets, circle of friends and family, business relationships, and competitors. There are three principle considerations when evaluating a potential threat:
Proximity: How close is a family and its family office to the potential risk? For example, is it something that directly involves a particular family member – or is it something that relates to a third party?
Track record: What are the potential risks of a particular family member or family office employee involved in the threat given their track record/history? For example, previous nefarious or illegal activity.
Prevailing wind: How sensitive is the threat topic, what is the general societal mood and wider context? For example, potential accusations of discrimination based on leaked emails.
By establishing this assessment and updating it on a regular basis, family offices can make informed choices and identify where families may be vulnerable. This, in turn, will allow a more conscientious and less heavy-handed approach that may also be less intrusive and more cost-effective when it comes to ensuring privacy.
For more on the subject of protecting your privacy, please download our latest whitepaper – Protecting the privacy of the world’s wealthiest families.