![GBB_Horizontal_Eco_Light.png]](https://support.greenbusinessbenchmark.com/hs-fs/hubfs/GBB_Horizontal_Eco_Light.png?height=40&name=GBB_Horizontal_Eco_Light.png){kind=small}
Data Protection & Privacy
Overview
Data privacy and protection is a social sustainability issue. Beyond liability for damages, failures can have far-reaching impacts on reputation and social license to operate.
Personally identifiable information
Many companies collect and store personally identifiable information (PII). Because PII can be used in ways that cause substantial harm to the individual, privacy laws impose a duty of care to protect it from unpermitted release or access. Legal obligations regarding PII vary by jurisdiction, and must be monitored to keep current. Reliable systems must be established and kept up-to-date so that responsibilities for safeguarding PII are adhered to. Companies experiencing data breaches involving PII have incurred significant fines and faced lawsuits and criminal charges. Other effects of such breaches, such as brand damage and loss of business, can impact a company for years and can far exceed the ability to insure the risk.
Data security
Data breaches can be devastating, putting critical business information and assets at risk. Breach investigations and notifications to affected stakeholders can result in significant costs, damage to reputation, and potential legal liability. Data security best practices are relatively fast-changing, making it challenging to keep pace. Many companies now invest in robust security systems and use third party security services to control and track data and stay current. They continuously train and update their workforce in security best practices and provide ongoing support to ensure that those practices are being followed.