Gathering DEI data in organisations is often a first step in implementing a comprehensive DEI strategy. However, DEI surveys and data-gathering exercises may expose organisations to legal pitfalls. In particular, these surveys must comply with changing privacy and data protection legislation which has been expanding rapidly across the globe in recent years.
This legislation impacts DEI, the methodology of execution of survey, the manner of processing, how results may be presented, and how data must be stored and protected. Where an organisation operates in more than one country, or data crosses borders, those in control must take into account more than one legislative system, whether the DEI survey is conducted by the employer itself or by an outside agency.
Personal data under the laws of most countries may only be collected by businesses and organisations under strictly defined circumstances, such as where the data is needed to carry out normal business operations, the person has given clear and well-informed consent, where the data must be collected in order to fulfil legal obligations on the part of the collecting entity, or in situations of clear urgent necessity.
Personal data might be an individual’s name, signature, address, phone number, date of birth and credit information. ‘Sensitive data’, which includes information about an individual’s racial or ethnic origin, political opinions, trade union membership, professional or political or religious affiliations or memberships, sexual orientation or practices, criminal record, health, genetics, and/or biometrics, requires even greater protection.
Insufficient appreciation of the legal constraints applied may lead organisations to assume that personal data may either not be collected or that employers have a broad and unhindered discretion to collect any such data. Both of these are wrong.
The key is to communicate to those providing personal data that the data will be used to benefit the organisation and its employees while observing the need to protect the privacy of such employees to the maximum.
Symmetra over recent years has collected DEI data for global clients through its online Inclusion Leadership Index and enterprise-wide Inclusivity Survey.
At all times we recognise the need to assure clients and their employees that their rights to privacy are paramount and will be protected.
In an increasingly globalised environment, in organisations that themselves or through other agencies, collect personal data and allow it to be transferred across borders, understanding the privacy and security of personal data will be basic elements of almost all DEI programmes.