Privacy and Environmental, Social and Corporate Governance (ESG)

Environmental, Social and Corporate Governance is fast becoming a key focus for businesses looking to make a difference to people and the planet – and show that they are to discerning customers. Having got to grips with GDPR, people are appreciating that Privacy is a fundamental area of ESG – so let’s take a deeper dive to see why and how your Privacy compliance can be a key part of your ESG programme.

What is ESG?

ESG, or Environmental, Social and Corporate Governance, is the evaluation of a company’s commitment to improving environmental and social factors and the governance part, reporting on them effectively, both internally and to the wider world. 

The UN’s Sustainable Development Goals (SDGs), their self-proclaimed “blueprint to achieve a better and more sustainable future for all”, delivers world nations a series of environmental and social targets for to be hit by 2030 in order to help mitigate the effects of climate change and improve social conditions across the globe.

ESG is at the organisation level: it sets out how organisations take their own steps for a fairer, more equal and sustainable world.

 

Why it matters

It’s obvious why sustainability, the environment, human rights and good governance matter at the global or macro scale. And this flows down to impact at the organisation level:

  • a 2021 PWC study showed that 83% of consumers say that businesses should be actively shaping ESG best practices, reflecting a higher degree of awareness by consumers on environmental and social concerns. Good ESG = more customer trust.
  • BlackRock, the world’s largest asset management firm, also echo this, stating that there’s a ‘profound, long-term structural shift in global investor preferences toward sustainability that is not fully priced into the market.
  • a 2022 Accenture study reported that ‘companies with consistently high ESG performance tended to score 2.6x higher on total return to shareholders (TRS) than medium ESG performers’.

 

Privacy is a key part of ESG!

It might not be the first thing that pops into your head when you think about ESG, but Privacy and Data Protection are crucial to wellbeing and a fairer society.

It goes without saying – you can’t have a robust ESG programme if you ignore basic human rights. Privacy is one of those! A right to Privacy or a private life is enshrined in Article 12 of the Declaration of Human Rights, Article 8 of the European Convention of Human Rights and Article 7 of the European Charter of Fundamental Rights. 

And lawful use of accurate data is fundamental to achieving all 17 Goals in the UN SDGs: managing and analysing data is crucial in demonstrating progress. However, with so much data being stored, Privacy and Security concerns naturally arise. 

The UN’s Global Compact outlines 10 principles that should be followed in order to achieve corporate sustainability, based on the Declaration of Human Rights and the Rio Declaration on Environment and Development, among others. 

 

What about CSR?

CSR and ESG are closely related, but ESG looks to have overtaken CSR as the vocabulary and framework for organisations to look at their place as good citizens in the world.

Corporate Social Responsibility is more policy-based and focused on the business itself. ESG requires business to quantify the results of those activities, and has a bigger focus on the environmental impacts of business operations.

You could look at ESG as a great iteration of CSR, making good corporate citizenship more quantifiable and actionable. While still a relatively early movement, it’s being taken into account by boards and investors alike, and reflects growing and genuine concerns about people and the planet we all live on. It’s evidently wise for businesses to have an ESG strategy in place. 

With that context, let’s see how Privacy fits within and supports ESG, starting with the S!

 

Privacy and the “S”

As we’ve seen, Privacy is a Human Right, and by violating someone’s Privacy, you impact their wellbeing. By promoting great Privacy practices, companies therefore not only bolster their ESG credibility, but can also feel great by knowing that they’re contributing to a fairer society.

 

Privacy’s place within ‘Social’ is further validated by the fact that when corporations discuss ESG, the topic of Privacy has increased by 920%, with companies such as Mastercard directly addressing Privacy as a “sustainability issue”.

 

Start close to home

An organisation should embed good Data Protection practices and a Privacy culture to ensure it properly respects and lawfully processes the personal data of its own employees, customers and other stakeholders, and supports their use of the rights under laws such as GDPR.

 

Privacy for all

A good ESG strategy should boost wellbeing, not just for employees, but for all citizens. This can be local or global. A great example of this is Adidas’ Women Empowerment Programme in Pakistan, equipping women with the skills they need to thrive, contributing to an equitable society, promoting of all the civil, political, economic, social and cultural rights to all the vulnerable social segments including women.

Such social programmes are incredibly impactful, and are key for sustainable development, as demonstrated in the Gender Equality and Quality Education targets outlined by the UN in their Sustainable Development Goals.

 

Privacy and the “G”

Many ESG metrics aren’t commonly reported on, as often they’re not required as part of mandatory financial reporting. Privacy laws, however, have added robust governance requirements: companies have to be able to demonstrate levels of compliance in audits – and increasingly to the Board or potential investors.

The General Data Protection Regulation (GDPR) in both the UK and EU and the California Consumer Privacy Act (CCPA) are obvious examples, inspiring many other nations to follow suit and enact their own strong privacy laws, including countries such as Brazil, Thailand and South Korea.  

This won’t change with the proposed Brexit reforms in the UK: the Government response to the consultation makes clear that organisations will still need an appropriate ‘privacy management programme

 

ESG reporting is set to change across the board, too. EU ESG regulations such as the Corporate Sustainability Reporting Directive (CSRD) and the EU Taxonomy Regulation are set to impact large private companies by 2023, reaching SMEs by 2026. Be prepared!

 

Privacy and the “E”

Despite its Social and Governance benefits, and as much as we love it, we don’t claim that GDPR will save the planet from the climate crisis. However, interestingly in a 2018 Jet Global study, it was estimated that due to practices related to data minimisation – one of the key Principles of the GDPR – 360 tonnes of CO2 is saved each day. 

Processing all that data uses up a tonne of energy. On this point, we highly recommend reading Atlas of AI by Kate Crawford.

Every little helps!

 

How Keepabl’s software can help

We’ve established that Privacy falls squarely under the Social and Governance areas of ESG, even proving its worth from an Environmental standpoint. Yet, reporting on Privacy can be tricky, with most who deal with Privacy as part of their job still operating out of various, conflicting spreadsheets that just make things even more stressful. 

Privacy Management Software like Keepabl can give you peace of mind knowing that the Privacy element of your Corporate Governance is being managed effectively, so when auditors or any key stakeholders come knocking, you have the information at your fingertips to be exported in an instant. 

What’s more, with improved governance and insights into risk, you’re less likely to suffer personal data breaches, and will know exactly how to respond when they do happen.

Learn more about how Keepabl can help you tick the Privacy box of your ESG compliance reporting. Request a demo now.


Related Articles

UK ICO Accountability Framework
Blog
The UK ICO Accountability Framework - 15 FAQs with the UK ICO

We were delighted to be joined in Privacy Kitchen by Chris Taylor, the UK ICO’s Head of Assurance whose team set up the ICO Sandbox, manages the ICO’s guidance and…

Read More
newsletter
Blog
August Privacy Roundup

You may have noticed we skipped our July newsletter covering June, apologies, so here’s a summer bumper edition! As always, so much to talk about with the new Privacy triumvirate…

Read More