About the data
The WBA Digital Inclusion Benchmark measures and ranks the world's most influential companies on their efforts to advance digital inclusion, tracking how companies are expanding access to digital technologies, improving digital skills and literacy, and ensuring safe and inclusive digital environments for all. The 2026 edition assessed 200 companies across key sectors of the digital economy including telecommunications, software, hardware, and digital platforms. The benchmark is developed in close collaboration with an Expert Review Committee and partners including GRI, ITU, and the Alliance for Affordable Internet, with a methodology designed to incentivise companies to understand where digital exclusion risks are highest and act to bridge the digital divide, while keeping human rights and social impacts at its core.
More information can be found here.
More information can be found here.
Methodology
Companies routinely collect personal information on their clients and users. This data is used for various purposes, such as analytical insights, client contact and targeting paid advertisements. As custodians of personal data, companies play a critical role in ensuring the data is kept safe and not used for nefarious purposes.
Protection of personal data is a fundamental right linking to SDG target 16.10: ‘Protect fundamental freedoms.’ SDG target 16.10 calls for ‘public access to information’. In this regard, it is important for stakeholders to know about data breach incidents to better understand risk and how companies are dealing with it. Both the GRI and SASB global reporting frameworks recommend that companies should disclose the number of data breaches they experience.
Research Guidance:
The companydiscloseswhether it has experienced breaches of customer privacy, including relevant details where applicable. To meet this element, the company must either report on breach incidents or clearlystatethat no breaches occurred during the reporting period.
The company mustdisclosethe following three items: number of data breaches that occurred, number or percentage of those breaches that involved personal data, number of accounts or users affected by breach(es). Best practice alsoincludea process for responding to data breaches when discovered, including steps taken to notify users,containthe incident, and prevent recurrence.
Protection of personal data is a fundamental right linking to SDG target 16.10: ‘Protect fundamental freedoms.’ SDG target 16.10 calls for ‘public access to information’. In this regard, it is important for stakeholders to know about data breach incidents to better understand risk and how companies are dealing with it. Both the GRI and SASB global reporting frameworks recommend that companies should disclose the number of data breaches they experience.
Research Guidance:
The companydiscloseswhether it has experienced breaches of customer privacy, including relevant details where applicable. To meet this element, the company must either report on breach incidents or clearlystatethat no breaches occurred during the reporting period.
The company mustdisclosethe following three items: number of data breaches that occurred, number or percentage of those breaches that involved personal data, number of accounts or users affected by breach(es). Best practice alsoincludea process for responding to data breaches when discovered, including steps taken to notify users,containthe incident, and prevent recurrence.
License
Topics
Framework Mappings
Value Type
Category
Options
Yes
No
Not Applicable
Assessment
Steward Assessed
Report Type
Aggregate Data Report