Are Privacy and Cybersecurity the Next Frontier for ESG?

Corporate clients’ and consumers’ growing data privacy awareness is encouraging more companies to include data privacy and digital ethics in their environmental, social, and governance (ESG) strategies. But observers note that practice is far from being widely adopted across any industry, despite growing concerns around organizations’ data practices. 

While data might be the lifeblood of a company, data privacy is often viewed by companies as a regulatory requirement, not a necessary component for strategizing.

“I think data is the core of a modern company, and I think if you talk about ESG, data may not be in the first rank of topics,” said Dr. Martin Eckert, a co-partner, attorney, and ESG consultant at MME, a legal, tax, and compliance consultancy. “If you talk about ESG, it’s more about the future and strategy. I think data is somehow underestimated. I think it’s much more important than other topics if you consider government and social issues; it’s all about data,” he added.

“Even the law firms don’t see it as a strategic pillar and [view it] more as a compliance exercise currently,” said Adrian Peyer, co-founder and CEO of ESG analytics company Impactvise. “You see some of them are putting out commitments that go farther than the law, but it’s not mainstream.”

While most companies don’t include data privacy in their ESG plans, the ones that do are likely found operating in certain markets.

“I would say there’s many companies where data privacy and safeguarding customer information is important, but it might not rise to the level of being high-priority ESG themes for certain types of companies,” noted Jason Winmill, managing partner of legal department consultancy Argopoint. “But for other companies—for example, the technology companies that are doing business on the internet, where trust is important—they would be more inclined to include, or consider, data privacy in their ESG programs.”

Even outside the tech industry, companies are increasingly feeling the pressure to address data privacy and security as an ESG matter, noted Alvarez & Marsal disputes and investigations practice managing partner Robert Grosvenor. Dow Jones and S&P Global, for example, score the performance and impact of a company’s ESG for potential investors, Grosvenor said. Such scores include companies’ use of data, he added.

“Data governance is becoming one of the elements of these ESG audits and ratings,” Grosvenor said. “There’s a benefit for companies who want to score highly in their ESG and sustainable investment rating, to make sure they can comply with the data governance requirements that covers different [segments] of data privacy and data security.”

In response to increased client and investor interest in digital data-related ESG, KPMG’s U.S. regulatory insights practice principal and national lead Amy Matsuo advised that companies must implement privacy controls.

“In the context of investor demand for a broader ESG strategy, data privacy, data protection, and digital ethics are now critical components of a strong ESG proposition,” Matsuo wrote in an email to Legaltech News. “Organizations are increasingly embedding privacy into the design, operation, and management of new applications, including IT systems, AI [artificial intelligence] platforms, and digital business practices to more robustly prevent privacy vulnerabilities.”

See also:

• How Sustainable Financing Is Driving Corporate Treasuries to Evolve
• ESG and Employee Mental Health
• Covid-19 Presents New Data Privacy Threats

From: Corporate Counsel