Close this search box.

How ESG relates to the protection of sensitive data

ESG practices have emerged due to the devastating effects of climate change and the understanding of its importance, investors are investing their capital in companies that are vigilant about their environmental impact.

This school of thought has led many investors to evaluate a company’s ESG score. ESG, which stands for Environment, Social and Governance, generally refers to investments or corporate programs based on the three pillars that make up the acronym.

In practice, investors look for businesses that share their values and the tangible practices that companies implement to attract and retain ESG investments.

According to data from Morningstar, an American financial services company based in Chicago, showed that by 2020, one out of every four dollars invested in the United States was allocated to sustainable companies using an ESG assessment and that sustainable funds attracted a record $51.1 billion in investments.

A company’s investment in ESG demonstrates a positive impact on the environment, how much it values customer relations and its level of commitment to ethics and compliance.

ESG and data protection

Discussions about ESG investments usually focus on factors such as minimizing carbon emissions and increasing the diversity of employees and board members. As critical as they undoubtedly are, it is important not to neglect the role of data protection in the context of governance in ESG initiatives.

Facebook, for example, learned this the hard way: after the Cambridge Analytica scandal, in which a political data consulting firm was accused of collecting personal data from more than 80 million users, the tech giant’s shares lost a fifth of their value and several ESG funds reconsidered their ties to the company.

Regardless of whether a company operates a global social media network or not, it is inevitable that its data privacy practices will increasingly come under the ESG spotlight. Especially with data protection placed at the top of corporate governance and risk agendas following the post-pandemic shift to cloud computing and hybrid working.

Data protection obviously falls under the Governance (‘G’) arm of ESG concerns, given the accelerated global implementation of laws regarding the processing of personal information, led here in Brazil mainly by the
General Data Protection Law (LGPD)

Non-compliance by a company not only signals to ESG investors that executives are not concerned about current regulatory and governance trends, but can also result in heavy fines.

Any such sanction is likely to be accompanied by a requirement for immediate corrective action, which can entail considerable operational cost and jeopardize the company’s ability to trust and reduce the value of its existing data sets. Along with the likely damage to the company’s reputation, this in turn can result in a loss-making investment or reduced profit.

Social and environmental elements that are part of ESG are also related to data protection

The way in which a company uses information about individuals affects their privacy or the functioning of a democratic society, this should also be considered as part of the Social (‘S’) element in the ESG criteria.

Any new technology, such as Artificial Intelligence, the Internet of Things (IoT), Big Data, should only be implemented after a careful impact assessment, considering how personal data is handled, how the usage process works and how it might affect it. Given that human rights and freedoms issues often inform ESG investment decisions.

Although not immediately apparent, there are also environmental factors (‘E’) at play in a company’s data protection practices. A fundamental principle of the LGPD, for example, is data minimization.

In other words, a company must ensure that the personal data over which it has control is relevant and limited only to what it needs for its operations. It would be a violation of this principle, for example, for a company to obtain superfluous information about the health conditions of its employees that is not relevant to their jobs.

Storing and processing excess data in this way requires data centers with larger servers, increasing energy consumption. With recent research indicating that information technology of this kind can account for up to 3.9% of global greenhouse gas emissions, adhering to the principle of data minimization is not just a matter of regulatory compliance, but also of energy efficiency.



Data protection and governance are basic criteria for ESG investments

To remain compliant with the rapidly evolving legal landscape of data privacy and security, governance-focused companies will take active steps to actively and effectively monitor their compliance.

One strategy that many companies have used is to employ a privacy officer. A designated privacy office will help with the responsibility of maintaining compliance and responding to consumer requests.

In addition, adopting security and privacy standards, such as the NIST privacy framework or ISO 27701©, will help protect against data breaches and ransomware attacks. Companies that use up-to-date standards and technology will demonstrate a commitment to the evolution and importance of data privacy and security.

As the importance of ESG investment continues to grow, companies need to implement comprehensive data governance, privacy and security programs to be aligned with an ESG strategy, measuring up to their business objectives.

A robust data privacy and security program will not only help your ESG score, but will also demonstrate your commitment to sustainable practices, which will attract investors. In addition, privacy and security teams can use ESG to guide their programs.

A comprehensive data privacy and security program should include policies that are environmentally beneficial, socially responsible and help with compliance and governance.

In the ESG challenge, companies can rely on the CipherTrust Data Security Platform solution

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypt data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables companies to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Tool portfolio that guarantees data protection and ESG compliance

With data protection products from the CipherTrust Data Security Platform, your company can:

Strengthening safety and compliance with ESG practices

CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.

Optimizes team and resource efficiency

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, companies can prepare their investments for the future while reducing operating costs and capital expenditures.

About EVAL

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

About the author

Other posts