5.20 Promote Responsible Data Practices

The organization has devised and implemented a responsible data strategy that prioritizes data privacy and promotes more ethical uses of data, including disposal and data sustainability practices.

Criteria

Privacy Policy: The organization has a public-facing privacy policy in place and supports existing privacy laws such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and so on. This policy must be accessible for all visitors, including those with accessibility and reading comprehension needs, and abide by plain English best practices to avoid jargon, technical language, and legalese.
Data Ownership: The organization can show measurable progress over time on how it respects data privacy and ownership, including a visitor’s “right to be forgotten” and provides the ability to export data.
Data Protection: The organization supports new and emerging legislation related to data privacy, data sustainability, and responsible data practices.

Impact

High

Effort

Medium

Benefits

Economic:
Organizations that prioritize data privacy and other responsible data practices benefit from reduced risk and costs, increased resilience, and, often, better relationships with customers and other stakeholders.

GRI

materials: High
energy: High
water: High
emissions: High

Example

The Airbnb Privacy Policy includes compliance with emerging legislation, data ownership, and measurable progress through previous versions. The Telegram Privacy Policy includes detailed data practices, references to local legislation, and shows change over time. The Slack Trust section is inclusive of privacy, security, compliance, ownership, and more; including a description of how data informs search, Machine Language, and Artificial Intelligence. Finally, CodePen has a beautifully structured terms of service agreement, written in plain English, and is easy to understand.

Resources

View the Guideline