Sustainability is all about the avoidance of the depletion of natural resources. Today we are witnessing the emergence of Environmental, Social and Governance (ESG). ESG sets out non- financial factors which are applied to the process of assessing economic growth opportunities. ESG is about managing operations to minimise negative impacts on climate change, waste and resource depletion to name but a few.
So how does privacy fit into sustainability? Firstly, let us consider your privacy as a resource. Is your privacy limited by nature or can you keep growing your privacy and personal information ‘collateral’? Remembering that personal information is that from which an individual can be identified. From infancy through to adulthood we generate, accumulate, rejuvenate and are assigned various pieces of identifiable personal information. Certain ‘pieces’ can be changed – we can move house, change banks, renew our passports and driving licences, these actions refresh our privacy information. Changes, however, are time consuming, costly and not always as easy as it sounds – perhaps we should work harder to limit how often we share this information and be very certain as to the authenticity of the organisation with whom we share our information. Most importantly we should always understand what our information will be used for, if it is further shared and how long it is kept for. Always check the ‘Privacy Statements’ of an organisation before you give any personal information.
Certain aspects of our personal information are extremely difficult, and in some cases impossible, to change. Many aspects of our physical and physiological identifiers are arguably a limited natural resource, for example fingerprints, eyes/irises, facial structure, ear shape and our voices. If you are subject to any specific technical processing relating to these special identifiers the organisation involved MUST follow very defined requirements under the Data Protection (Jersey) Law 2018 (DPJL). This includes having a defined lawful basis for its use, the individual must be made very aware of its use and the organisation must determine the condition of processing as per Schedule 2 of the DPJL. Other types of special category personal identifiers are; genetic information, racial or ethnic origin, sexual orientation, criminal record and health information. Organisations using such extremely sensitive information are required to have enhanced protection as it poses greater risks, in terms of prejudice and discrimination, to the fundamental rights and freedoms of the individual if used inappropriately. Our right to privacy should be sustained at all times.
Sustainability means meeting our own needs without compromising the ability of future generations to meet their own needs. ‘Sharenting’ is the habitual use of social media to share news and images of your children or grandchildren. Sharenting also includes what we do with our children’s information through smart devices in our homes. Extending the thought process that much of our personal information is limited, as parents are we exhausting our children’s natural resources before they have the ability to make their own decisions? Childhood becomes public compromising the child’s right to privacy. Ironically children are educated to be aware that information on the internet doesn’t disappear yet as doting parents in our proudest moments we define our children’s lives on many social media platforms. Overproviding information increases the risk of someone misusing that information or image.
Sustainability, as previously mentioned, is about resource management, which at its heart is risk management. At the very core of governance and risk management is the treatment of personal information. Personal information flows throughout every organisation – stop and consider for a moment whether the organisation you work in can function without it. Putting this into context, remember that we all expect our personal information to be protected and used fairly and respectfully whether we are a client or a member of staff. Do to others, as would be done unto you…
Data Protection legislation is in place to help ensure, when it comes to our personal data, that all of us are provided with appropriate legal protections and remedies in today’s highly digitised world. It seeks to hold organisations entrusted with our personal information accountable, to set standards for how that information is used.
Directors and Non-Executive Directors are responsible for the statutory compliance of the company. The JOIC are reaching out to offer support for directors for all matters relating to data protection[1]. This is an opportunity to work with the subject matter experts in a safe space to stress test the data protection practices in your organisation, and identify the risks before they are realised.
Privacy is a collective action – requiring everyone to do their bit, organisations, individuals, governments, businesses etc. In this context privacy resembles the challenge society faces with ecological sustainability; no matter how hard you try to reduce your carbon footprint, unless we all do our bit, we will all feel the impact of global issues.
Privacy and data protection require commitment from us all. Organisations are entrusted with our information; they should have a culture of genuine respect and data protection compliance. As individuals we must value our personal information and adopt an approach of privacy by instinct.
[1] https://jerseyoic.org/navigating-the-data-protection-risk-liability-at-board-level/
