Goodwin Insights April 21, 2021

Setting A New Standard: Data Privacy And Corporate Social Responsibility

Corporate Social Responsibility (“CSR”) and Environmental, Social, and Governance (“ESG”) practices have increasingly become priorities for many organizations as they assess their obligations to their employees, customers, and the broader community.

As companies work towards meeting these CSR and ESG objectives, one focus area is data rights and data privacy. Data privacy is increasingly becoming a hot-button issue for lawmakers, as more and more states are considering bills and passing laws in this area.[1] This makes sense given the exponential increase in cyber threats and data breaches. But consumers are looking beyond the current laws and threat of bad actors and increasingly demanding protection for and rights in their data. Approaching data protection as a core business strategy, rather than just a compliance or security issue, can set a company apart from competitors. As a result, rather than playing catch-up with the laws and consumer demands, companies should choose to make data privacy rights a priority and a part of their CSR and ESG plans.

At a high level, organizations looking to take a more thoughtful approach to data rights should embody privacy by design, and make data rights a part of the organizational culture. More specifically, organizations should employ best practices such as restricting third-party access to user data, implementing security and encryption features, and offering users insight and visibility into who has access to their data and what they’re using it for. Data privacy can be incorporated into CSR and ESG plans at all phases of an organization’s life cycle. For young start-ups, establishing policies and procedures around data governance can help build good habits for the future. For established companies, a commitment to data privacy can enhance consumer confidence and improve perceptions of the company’s integrity.

As data continues to become a more critical element of our everyday lives, consumers will no doubt continue to push for expanded rights and access to their data. Businesses should embrace this push and consider fair practices, privacy, and data protection as tools that can help them responsibly further their CSR goals.


[1] See e.g., Next State Up: Top Contenders for 3rd US Data Privacy Law. Law360. https://www.law360.com/articles/1361965/next-state-up-top-contenders-for-3rd-us-data-privacy-law