Public Sector and Infrastructure Insight 2023 | Part 1

A new frontier: Data protection and privacy in ESG

Blog
2 minute read
October 09, 2023

Data protection and privacy goes beyond compliance with laws, regulations and reducing risks. Businesses engaged in the infrastructure industry can also demonstrate their positive impact on society from a data protection and privacy perspective.

In recent years, we have seen a heightening of data protection and privacy risks as various sectors in the economy become digitised, data focused and reliant on personal data. Data protection and privacy is gaining recognition as part of Environmental, Social and Governance (ESG) compliance which informs the current global trend in piquing investor interest and ensuring business continuity. Data leaks, misuse and failure to protect personal data continue to expose companies to various risks including operational and remediation fees, financial penalties and sanctions, regulatory action, and reputational damage.

In this article, we highlight the various challenges and risks faced by businesses in the infrastructure industry which fail to effectively manage and adequately fund data protection and privacy. We summarise the key areas to be considered by entities intending to enhance their ESG compliance framework.

Data Privacy across the three ESG pillars

Data protection and privacy risks on vital infrastructure sectors such as energy, telecommunications, transportation, gas production and transmission, water and sanitation, can lead to unforeseen interferences and environmental damage on a large scale. Oversight on these risks - some of which include, data leakages, unauthorised access to data, cyber-attacks, data loss/theft or unintended destruction - can lead to fires, explosions, and the release of hazardous material. Subsequently, this can result in human injury, property damages, and hefty environmental reparation expenses and significant regulatory claims. Reduction of electronic waste and energy usage are also key considerations when examining compliance from an ESG perspective.

Linking data protection and privacy with ESG can enhance compliance with laws and regulations to ensure reduced incidents of breaches. Businesses can also promote greener ways to collect, process and store data, which in turn reduces their carbon footprint.

In 2021, PwC carried out a survey on what consumers and employees want businesses to do in relation to ESG. The survey revealed that consumers and employees want businesses to proactively shape ESG best practices, not just react and adjust. In fact, 83% of employees and 76% of consumers were seen as more likely to work for or buy from a company that stands up for social issues. Data privacy breaches negatively impact businesses by reducing trust and affecting their overall relationships with employees, community, and its regulators. Such breaches may also lead to the exposure, theft, and fraudulent activities towards consumers. For example, companies that have suffered cyber-attacks which result in serious data breaches have lost critical customer relationships, significant revenues, and in turn experienced the devaluation of their brand. We should also highlight the need for businesses to embed privacy and data ethics into their ESG strategies as well as design and use technologies that can achieve positive social outcomes.

Resilience against data privacy attacks is largely dependent on the willingness of the leadership in business to invest in data protection and privacy measures/mechanisms. Directors are likely to be held liable for data privacy attacks due to governance inconsistencies.

To reflect the current global trend of including data protection and privacy in ESG compliance frameworks, boards and other business governance bodies must establish structures and strategies for value creation, risk management, monitoring and evaluation and business continuity. Entities that fail to incorporate the appropriate framework will be less resilient and sustainable which impacts other stakeholders and ultimately the government and the economy.

Key sustainable development areas for businesses

Continual global advancement in technology anticipates an increased demand for comprehensive identification and mitigation of data protection and privacy risks as part of stakeholders ensuring compliance by businesses from an ESG perspective. This will also influence investor interest and potential funding as data protection and privacy risks present significant financial and reputational consequences for businesses.

To build robust data privacy programs, a review of a company’s privacy frameworks against existing laws and global trends is necessary. It is advisable for businesses to pursue available certifications to enhance consumer trust in their brands. They should also invest in educating and regularly training their employees on data protection and privacy matters. Businesses must also develop and implement robust governance frameworks which include data protection and privacy as a cross-cutting function.

The bottom line is that data protection and privacy risks are evolving at a fast pace, similar to consumer expectations and regulatory legislation. Therefore, treating privacy as a crucial force to drive measurable progress against ESG priorities shows stakeholders that you value their privacy as much, if not more, as they do. This kind of action coupled with strict regulatory governance sets your business apart in this post-pandemic era.