Buzzword 8: Data protection

Well it is not really a buzzword, or is it? Do we truly understand what protecting people's data means in impact assessments?

When I started building my company last year, one of the first things I needed was a UK data protection officer. That’s when I met Laura Palmariello - well I actually met her before during training, but this was the first time I met her in a data protection capacity. Laura didn’t just help me tick boxes or draft policies - she helped me build a foundation for how we manage data responsibly, setting us on the path toward ISO 27001 certification.

From the beginning, our work together has been more than just compliance. Through our shared passion for martial arts and protecting vulnerable people, we’ve had some truly insightful conversations about the nuances of data protection. I quickly realized that working with Laura was opening up a window into the broader ethical questions around how environmental and social practitioners, consultants, and project teams handle sensitive information.

As we dove into the process of data protection and privacy policies, I was struck by how detailed and structured it is: where data is stored, how it is disposed of, what is personally identifiable, and the full suite of considerations around access and confidentiality. Going through that process made me curious about our industry’s standard practices. How do we, as E&S practitioners, manage sensitive personal data in surveys and reports? Are we doing enough to balance transparency with the rights and privacy of the people we work with?

These questions led directly to our recent IAIA webinar and the podcast episode, Data Protection: Practical Aspects for Environmental and Social on the podcast. I invited Laura to the show because she is not only an expert in compliance, but she also brings a practical, human perspective. We wanted to go beyond the theory and provide a conversation that is both informative and relatable for practitioners.

In the episode, we explore how consultants and E&S teams can approach data protection in a pragmatic way, highlighting why it matters now more than ever. With technology changing the way we collect, store, and analyze information, understanding these principles is critical. Data protection isn’t just a regulatory hurdle - it’s a way to respect the people whose lives are affected by the projects we work on. The right to privacy is a fundamental human right, and we owe it to the communities we engage with to handle their information responsibly.

We also discuss how our approach at E&S Solutions is shaping our training programs. The E&S Solutions Training Center now offers a hands-on course in data protection for practitioners, designed in-house, to help teams develop skills that align with best practices. It’s all part of a larger mission: to encourage reflection, learning, and improvement across the industry.

Going through this journey with Laura has changed my own perspective on E&S work. Compliance frameworks like ISO 27001 are important, but they also provide a structure for asking deeper, ethical questions: how do we manage sensitive information, how do we protect the people who trust us with it, and how do we ensure our work is both transparent and responsible?

This podcast episode captures that conversation. It’s honest, pragmatic, and designed to give practitioners a lens to think critically about data protection in their daily work. And while there isn’t a simple answer, starting the conversation is essential - because every step we take toward better practices ultimately benefits both the people we serve and the integrity of our profession.