By now, you’ve likely heard talk about how important good data privacy practices are in today’s business environment. But it can be a lot of work to keep up with all the legislative changes guiding data security and management when you are also trying to grow your business, launch new products or services, or overhaul your customer service program.

But don’t worry—it is possible. The easiest way to start with a data privacy program is to stop treating data privacy as a separate cost and instead include privacy in everything you are already doing. 

Changing your CRM? Hire a consultant to help find the vulnerabilities in the program and train your employees on privacy-friendly practices. Launching a new product? Get an expert to perform a privacy impact assessment.

In fact, if you set up your data management properly, it should easily fit into your Environmental, Social, Governance (ESG) efforts, and there are many reasons to embrace ESG efforts. In fact, research shows that both consumers and investors are increasingly gravitating towards socially responsible businesses. This means that ethical trade and labor practices, sustainability, and the ethical handling of consumer data can play an important role in attracting new customers to your business.

Let us take privacy planning off your plate. Contact the privacy experts at Red Clover Advisors today, and we’ll show you how easy and affordable privacy can be.

What is ESG, and why do you need it?

One of the buzziest of new buzzwords, ESG is defined by Investopedia as the operational standards socially conscious investors use to screen potential investment into a company.

Basically, ESG performance helps people find investment opportunities in companies with shared values.

ESG investing vs. ESG programs vs. CSR programs

ESG can refer to either an investment practice or a corporate program.

ESG investing is a more focused form of sustainable investing, while ESG programs are the practices companies implement to attract and retain ESG investors.

ESG programs can be thought of as the next step in the evolution of corporate social responsibility (CSR). CSR programs tend to focus on qualitative issues and policies, while ESG programs quantify a company’s impact on the environment, the value of relationships it builds in its community, and the controls it has in place to ensure ethical operation.

How does ESG relate to data privacy?

Even though privacy has not historically been considered an ESG issue, an increased focus on responsible data management has started a trend of including privacy-related disclosures in sustainability reports. This is especially true since the Global Reporting Initiative added a privacy standard. In fact, over the past five years, there has been a 920% increase in corporate commentary on data privacy issues.

The Facebook-Cambridge Analytica scandal, in which Facebook sold the personal data of nearly 87 million users to political operatives without user knowledge, dramatically changed the data privacy landscape. For the first time, the general public became aware of how fast and loose some companies were playing it with customer information.

The United States doesn’t have a federal law to mitigate data privacy risks, but after the GDPR was passed, the State of California set the US standard for data privacy by passing the California Consumer Privacy Act (CCPA).  Soon after, Nevada and Virginia passed similar laws, and many more states have privacy legislation under consideration right now.

Historically, if data privacy has been included in ESG reporting, it has been under the S, or social category. With new, more aggressive privacy laws being passed every year, however, data privacy will likely be part of the G, or governance, and even the E, or environmental, reporting as well. 


It seems obvious that corporations have a social obligation to protect the personal data of their employees and customers. Data breaches, which are increasingly frequent occurrences, have a significant impact on both corporate reputation and consumer confidence. 

The United Nations added the right to privacy to its Universal Declaration of Human Rights. The EU passed the aggressive General Data Privacy Regulation (GDPR) in 2018, and other governments quickly followed suit. Consumers around the world are demanding increased control over how their sensitive personal information is collected and used.

All of these factors combined make it clear that data security and privacy will be key to the social piece of ESG programming long term.


After the COVID-19 pandemic made remote work more common, it’s more important than ever for companies to take a proactive approach to building secure data management systems.

A failure to comply with strict regulations governing how consumer data is collected, used, processed, stored, and shared shows investors that company executives are dangerously unfocused on regulatory, political, and cultural trends. 

Aside from reputational damage, outdated data management practices expose companies to robust enforcement actions that range from steep fines, devaluations, and sanctions to criminal or civil liabilities for non-compliance or exposure of sensitive personal data.

ESG rankings have proven that companies with below-average performance on governance standards are more likely to take on unnecessary risk through mismanagement. Data breaches resulting from poor or nonexistent privacy programs are textbook examples of this kind of risk. 

Problematic data privacy practices may also lead investors to question a company’s accounting, labor, and environmental protocols.


While data privacy’s inclusion in environmental ESG concerns is a new development, companies are starting to look for energy-saving ways to build and operate their data centers and server farms. It’s also becoming more common for employers to allow full or partial work-from-home positions to reduce pollution from employees commuting every day.

As data management technology continues to improve, it’s probable that companies will have more environmentally friendly options for their privacy practices.

Red Clover Advisors excels at helping clients build robust data management programs that go beyond compliance. Contact us today for a consultation.

Why ESG matters

Sustainable investing used to be a Dudley Do-Right approach to business based on avoiding backing corporations engaged in environmentally and ethically questionable practices. 

By contrast, ESG investment actively seeks to build up organizations that make responsible and transparent environmental, social, and governance practices part of their business models. Investors reason that if a company’s leadership team is involved enough with all their operational practices to make sure they meet ESG criteria, that company is likely to be a well-managed organization.

According to BlackRock, the world’s largest asset manager, there is currently a “profound, long-term structural shift in global investor preferences toward sustainability that is not fully priced into the market.” 

In 2017, The Economist published an article called, “The world’s most valuable resource is no longer oil, but data.” Because data is so valuable in today’s economy, it makes sense that governments and industries are trying to figure out how to regulate its use. 

It also makes sense that most businesses find this shift overwhelming. After all, you didn’t go to school to be a privacy compliance expert. 

Think of it this way—if the HVAC system in your office completely died in the middle of a heatwave, you probably wouldn’t try to fix the whole thing by yourself. You’d call a certified technician who could fix it at a reasonable price in a reasonable timeframe. 

If your feelings of dread are stopping you from starting or updating your privacy practices, consider hiring a privacy compliance expert to help you. 

Risks and opportunities within the privacy-ESG framework

According to OneTrust, a widely used technology platform that operationalizes privacy, security, data governance, and compliance programs, even tracking ESG initiatives can present a privacy risk if not done properly. In fact, OneTrust feels so strongly about this that they’ve acquired OneTrust ESG to help companies manage their ESG programs, bringing over 750 companies (including Airbnb, Time Warner, and Under Armour) on board. 

Because ESG initiatives are implemented across an organization and involve many stakeholders, it is critical to establish aggressive permission structures, clear role responsibilities, and transparent data collection and processing practices.

But including privacy initiatives in your ESG programs can be a great way to differentiate your company, earn free publicity for doing something you have to do anyway, and build trust with your consumers.

For example, Mastercard has embraced an ESG framework that treats data privacy as a sustainability issue. Their Audit Committee, which is tasked with identifying and reporting on business risks and opportunities, handles matters of ethics and compliance, including data use practices.

The sooner you start, the sooner you’ll be done

At Red Clover Advisors we believe passionately in the power of data privacy to build trust, give more value than you take, and create great experiences for your customers. We’ve helped hundreds of companies create privacy programs, achieve GDPR, CCPA, and US privacy law compliance, and establish a privacy and data strategy their customers can count on.

Get in touch today to learn how a great privacy program can make your ESG program more effective.