ESG, or Environmental, Social and Corporate Governance, is the evaluation of a company’s commitment to improving environmental and social factors and the governance part, reporting on them effectively, both internally and to the wider world.
The UN’s Sustainable Development Goals (SDGs), their self-proclaimed “blueprint to achieve a better and more sustainable future for all”, delivers world nations a series of environmental and social targets for to be hit by 2030 in order to help mitigate the effects of climate change and improve social conditions across the globe.
ESG is at the organisation level: it sets out how organisations take their own steps for a fairer, more equal and sustainable world.
It’s obvious why sustainability, the environment, human rights and good governance matter at the global or macro scale. And this flows down to impact at the organisation level:
It might not be the first thing that pops into your head when you think about ESG, but Privacy and Data Protection are crucial to wellbeing and a fairer society.
It goes without saying – you can’t have a robust ESG programme if you ignore basic human rights. Privacy is one of those! A right to Privacy or a private life is enshrined in Article 12 of the Declaration of Human Rights, Article 8 of the European Convention of Human Rights and Article 7 of the European Charter of Fundamental Rights.
And lawful use of accurate data is fundamental to achieving all 17 Goals in the UN SDGs: managing and analysing data is crucial in demonstrating progress. However, with so much data being stored, Privacy and Security concerns naturally arise.
The UN’s Global Compact outlines 10 principles that should be followed in order to achieve corporate sustainability, based on the Declaration of Human Rights and the Rio Declaration on Environment and Development, among others.
CSR and ESG are closely related, but ESG looks to have overtaken CSR as the vocabulary and framework for organisations to look at their place as good citizens in the world.
Corporate Social Responsibility is more policy-based and focused on the business itself. ESG requires business to quantify the results of those activities, and has a bigger focus on the environmental impacts of business operations.
You could look at ESG as a great iteration of CSR, making good corporate citizenship more quantifiable and actionable. While still a relatively early movement, it’s being taken into account by boards and investors alike, and reflects growing and genuine concerns about people and the planet we all live on. It’s evidently wise for businesses to have an ESG strategy in place.
With that context, let’s see how Privacy fits within and supports ESG, starting with the S!
As we’ve seen, Privacy is a Human Right, and by violating someone’s Privacy, you impact their wellbeing. By promoting great Privacy practices, companies therefore not only bolster their ESG credibility, but can also feel great by knowing that they’re contributing to a fairer society.
Privacy’s place within ‘Social’ is further validated by the fact that when corporations discuss ESG, the topic of Privacy has increased by 920%, with companies such as Mastercard directly addressing Privacy as a “sustainability issue”.
An organisation should embed good Data Protection practices and a Privacy culture to ensure it properly respects and lawfully processes the personal data of its own employees, customers and other stakeholders, and supports their use of the rights under laws such as GDPR.
A good ESG strategy should boost wellbeing, not just for employees, but for all citizens. This can be local or global. A great example of this is Adidas’ Women Empowerment Programme in Pakistan, equipping women with the skills they need to thrive, contributing to an equitable society, promoting of all the civil, political, economic, social and cultural rights to all the vulnerable social segments including women.
Such social programmes are incredibly impactful, and are key for sustainable development, as demonstrated in the Gender Equality and Quality Education targets outlined by the UN in their Sustainable Development Goals.
Many ESG metrics aren’t commonly reported on, as often they’re not required as part of mandatory financial reporting. Privacy laws, however, have added robust governance requirements: companies have to be able to demonstrate levels of compliance in audits – and increasingly to the Board or potential investors.
The General Data Protection Regulation (GDPR) in both the UK and EU and the California Consumer Privacy Act (CCPA) are obvious examples, inspiring many other nations to follow suit and enact their own strong privacy laws, including countries such as Brazil, Thailand and South Korea.
This won’t change with the proposed Brexit reforms in the UK: the Government response to the consultation makes clear that organisations will still need an appropriate ‘privacy management programme’
ESG reporting is set to change across the board, too. EU ESG regulations such as the Corporate Sustainability Reporting Directive (CSRD) and the EU Taxonomy Regulation are set to impact large private companies by 2023, reaching SMEs by 2026. Be prepared!
Despite its Social and Governance benefits, and as much as we love it, we don’t claim that GDPR will save the planet from the climate crisis. However, interestingly in a 2018 Jet Global study, it was estimated that due to practices related to data minimisation – one of the key Principles of the GDPR – 360 tonnes of CO2 is saved each day.
Processing all that data uses up a tonne of energy. On this point, we highly recommend reading Atlas of AI by Kate Crawford.
Every little helps!
We’ve established that Privacy falls squarely under the Social and Governance areas of ESG, even proving its worth from an Environmental standpoint. Yet, reporting on Privacy can be tricky, with most who deal with Privacy as part of their job still operating out of various, conflicting spreadsheets that just make things even more stressful.
Privacy Management Software like Keepabl can give you peace of mind knowing that the Privacy element of your Corporate Governance is being managed effectively, so when auditors or any key stakeholders come knocking, you have the information at your fingertips to be exported in an instant.
What’s more, with improved governance and insights into risk, you’re less likely to suffer personal data breaches, and will know exactly how to respond when they do happen.
Learn more about how Keepabl can help you tick the Privacy box of your ESG compliance reporting. Request a demo now.
We were delighted to be joined in Privacy Kitchen by Chris Taylor, the UK ICO’s Head of Assurance whose team set up the ICO Sandbox, manages the ICO’s guidance and…
You may have noticed we skipped our July newsletter covering June, apologies, so here’s a summer bumper edition! As always, so much to talk about with the new Privacy triumvirate…