Data Privacy in ESG

  • November 22, 2022
  • Quantivate

ESG—or environmental, social, and corporate governance—has become a top priority for organizations as regulators, investors, and consumers take an increased interest in these areas.

Outside of external pressures to demonstrate corporate responsibility, business leaders are recognizing ESG’s role in value creation. According to research from McKinsey & Company, a majority of executives and investment professionals agree that ESG programs create both short- and long-term shareholder value.

Moreover, organizations with a strong ESG proposition have observed increased value in five key areas:

  1. Top-line growth
  2. Cost reductions
  3. Reduced regulatory and legal interventions
  4. Talent attraction/retention and employee motivation
  5. Investment and asset optimization

Data Privacy: The Next Frontier of ESG

As regulatory scrutiny intensifies on other governance issues like data privacy, organizations have the opportunity to integrate ESG issues with their risk and compliance management programs.

Consumer privacy and data security issues overlap with both the social and governance pillars of ESG, and positioning data privacy as an ESG issue is a perspective that’s gaining traction.

CPO Magazine suggests that safeguarding consumer data is the “next ESG frontier”:

“Companies now have a social responsibility to be respectful of personal and behavioral data. They must weigh their reputation and investor benefits from prioritizing ESG against profits derived from third-party data collection and use. By positioning privacy as a social value, companies build a level of trust from society’s expectation of privacy that had been lost. By being more scrupulous with data collection, consumers will feel comfortable sharing personal and sensitive information that will eventually build brand reputation and convert into investor-friendly profits.”

It’s an issue that also matters to investors. A survey on responsible investment found that cybersecurity ranks number two among the top five ESG issues investors are most concerned about.

As institutions look for ways to make their data privacy practices more ethical and transparent, evaluating current processes is a good place to start. Identifying opportunities to mature your governance, risk, and compliance (GRC) management sets a strong foundation for developing or enhancing ESG initiatives.

Let’s take a closer look at some steps that simultaneously support effective privacy measures and ESG management:

Go Beyond Compliance

In today’s regulatory and risk environment, ensuring your data security and privacy practices meet compliance requirements is the bare minimum. Developing data management and reporting processes that offer transparency to stakeholders supports informed decision-making and growth.

Evaluate and Enhance Your Policies

Reviewing your policies and controls relating to data privacy and security with an eye for aligning them with your ESG framework may reveal opportunities such as:

  • Creating and establishing a corporate policy position
  • Factoring existing data privacy practices into ESG processes
  • Discussing and coordinating with experts in privacy and digital ethics
  • Establishing risk and data ownership throughout the organization
  • Developing employee training programs
  • Improving data breach response protocols

Related Reading | Foundations for Effective ESG Policies


Data privacy and security have become a leading concern for both investors and consumers, while businesses recognize that meeting minimum compliance standards is no longer conducive to success and growth.

Just as maturing compliance processes beyond the basics enables better decisions and business performance, McKinsey points out that:

True ESG [in contrast with ‘performative’ ESG] is consistent with a judicious, well-considered strategy that advances a company’s purpose and business model.”

This occurs when organizations consider all three pillars of the discipline to:

  • Address impact on the physical environment and the risk of a company and its suppliers/partners from climate events
  • Address social impact and associated risk from societal actions, employees, customers, and the communities where it operates
  • Assess the timing and quality of decision making, governance structure, and the distribution of rights and responsibilities across different stakeholder groups, in service of positive societal impact and risk mitigation

Incorporating privacy into a well-designed ESG framework helps organizations create value by improving investor and consumer sentiment, enhancing governance and compliance, and taking a proactive stance on ESG data and reporting.

Read Next | Delivering Comprehensive ESG Initiatives

Stay up to date with the latest news, compliance alerts, and thought leadership for the financial services industry: