It may not be immediately obvious how relevant privacy is to ESG, or environmental, social and governance. There is no “P” or even a “D” for data or data protection. In Your ESGuide in 5we examine how privacy is, in fact, increasingly central.
- Confidentiality is at the heart of governanceConfidentiality obviously falls under “G” – the governance element of ESG. In recent years, privacy regulation has evolved from principle-based requirements (follow the rules and you’ll be compliant) to heavy-handed governance and accountability legislation (you can’t just follow the rules, you must demonstrate how you are doing then). This has been particularly notable in the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, but governance is now at the heart of data protection laws around the world. In fact, some form of privacy law is now in place in over 80 countries around the world. Companies should: deploy appropriate data collection and processing practices; facilitate individuals’ rights claims regarding their data and ensure internal accountability; implement privacy by design and by default; and establish technical and organizational measures and security standards, among others. Failure to comply can result in hefty fines, increased legal liability, and is a major red flag for reputational damage. None of this can be achieved without good governance structures and policies.
- Privacy can also be found in SocialConfidentiality is also highly relevant to the social side of ESG concerns. Companies have a responsibility to protect the privacy and information of their employees and customers, and customers and investors are increasingly making decisions about companies’ privacy credentials. The most recent annual report from UK data protection regulator, the ICO, shows that 77% of respondents in 2021 agreed that the protection of their personal information is important to them. Data protection compliance falls firmly within the realm of ethical business practices and, as the Institute for Business Ethics has repeatedly emphasized, companies must demonstrate that they conduct their core business to consistently ethical standards. high. The societal impact of data usage and the privacy impact of new technologies, including the growing use of AI, facial recognition and the metaverse, combined with the focus on big data in digital transformation programs mean that it is imperative and the challenge for companies to prove who they are responsible for will only increase.
- Do not forget the environmental factorsAlthough not so immediately apparent, privacy is also environmentally relevant. Climate change is one of the highest priority factors on everyone’s ESG investing wish list, and a study by Jet Global suggests that data legislation actually saves 360 tonnes of CO2 from pollution of the atmosphere every day. This is due to key GDPR principles, such as data minimization (collecting only necessary data) and storage limitation (not keeping personal data longer than necessary), as well as opt-in requirements leading to a reduction in the number of marketing emails that are sent.
- Good privacy practices can frame broader successSince privacy is therefore already found in all three branches of ESG, it can be an incredibly useful foundation for broader success and improvement in ESG benchmarks. Without even having specifically considered ESG, companies that have invested time and resources in their privacy programs since the implementation of the GDPR in 2018 may find that they have already created governance structures, mechanisms reviews and forms of engagement with users that can also be adapted to other elements. of the ESG. Companies that have privacy reports and discussions, data ethics guidance, and have thought about how they want to be perceived in terms of privacy will be able to expand or duplicate this work. hard for broader social and environmental reflection and engagement.
- The P: Ignore it at your perilTaking responsibility for what you do with data and showing the steps you’ve taken to protect people’s rights not only results in better legal compliance, but also gives you a competitive advantage. Also, if something goes wrong and you can’t demonstrate good privacy practices, it can leave you open to fines and reputational damage. In 2021 alone, GDPR fines totaled over €1 billion. Besides the fines, there are the risks of loss of investment and departure of consumers.