ESG (Environmental, Social and Governance) criteria are non-financial factors used by socially-responsible investors to assess companies they are considering investing in. ESG is an increasingly popular metric. According to Bloomberg, Global ESG assets are expected to exceed $53 trillion by 2025, more than a third of the $140.5 trillion in projected total assets under management.

Privacy has become an important component of ESG. Tim Cook, CEO of Apple, has said that “privacy is a human right”. Ratings agencies are increasingly looking for evidence of companies’ performance in terms of cyber-security and privacy. Appointment of Chief Privacy Officers and Data Protection Officers, online privacy policies, rights to access and erase personal data, and privacy by design are of particular interest to ESG investors.

According to McKinsey, C-suite and investment leaders say they would be willing to pay a 10% premium for companies with a positive ESG record over companies with a negative one. Companies’ commentary on privacy has increased by over 900% in the past five years.

Companies can boost their ESG scores by having a mature privacy programme in place that includes appropriate and proportionate measures to manage personal data and promote data dignity, e.g. by enshrining privacy by design and default. Conversely, scandals involving large-scale data breaches tend to indicate problems with an organisation’s privacy regime and can negatively affect its ESG score and its overall financial performance.

Increasingly, organisations need to consider ESG initiatives holistically to include privacy and data protection. At HewardMills, we work with companies from a broad range of sectors to help identify areas of weakness, enhance internal processes and procedures, maintain regulatory compliance and stay up to date with the latest trends in data privacy. To learn more, please get in touch by visiting or emailing us at