• Jillian Frank, Author |
4 min read

In my last post, I started addressing legal considerations involved in using metrics to track inclusion, diversity and equity (ID&E). In this post, I’ll look at questions relating to privacy laws, including how to respond when employees refuse to provide ID&E data.

Is there a limit to the information that can be collected and used?
As noted in the previous post, the only permissible purpose of gathering ID&E data under Canadian human rights law is to improve the hiring and employment experience of employees in equity-deserving groups.

Canadian privacy and data protection laws also limit the collection, use and disclosure of employee personal information. Companies operating in BC, Alberta and Quebec, federally regulated companies, and the public sector are required to comply with this legislation.

The key concepts are transparency, purpose and accountability.

Transparency means clearly identifying the purpose for collecting and using employee personal information. Is it to address pay gaps? To increase diversity of your Board and senior management? To track the effectiveness of HR programs?

Privacy laws require companies to collect only the data necessary to achieve their ID&E goals. It can be tempting to collect all available information—but do you need it? What is it used for? Also, access to the data must be limited. If the purpose is to aggregate the data and track progress on diversity initiatives, individual data cannot be disclosed to a performance manager. The information should be accessible only by a small team and aggregated before it is shared with the management team.

Accountability means taking responsibility for data retention, access, accuracy and security. Collecting sensitive personal information carries significant risk. Legal advice, internal audits and cybersecurity systems are essential to ensuring these requirements are met.

So, what information should we gather?
ID&E surveys commonly collect data about gender identity, sexual orientation, ethnicity, racialized identity, Indigenous identity and disability. But as noted above, the information collected has to be tailored to your workplace and your community, or to comply with applicable laws (such as the federal Employment Equity Act or proposed pay transparency reporting).

Before deciding what information to collect, you should consider: What are your goals? Why are you using the data? Where do you have hiring gaps? Pay gaps? In what ways does your workplace, Board or leadership team not reflect the diversity of your community?

There is no “one size fits all.” The key is ensuring that the ID&E data you collect from applicants and employees is necessary and will be used to improve the hiring and employment opportunities of equity-deserving groups.

What can be done if candidates and employees won’t disclose their information?
Employees or candidates may be reluctant to disclose their personal information for many reasons. Questions about “merit” (as noted in my previous post), past experiences with discrimination and the historical impact of research on marginalized communities are all issues to consider as you collect ID&E data. Any time you gather sensitive information, the potential for misuse and discrimination increases.

As noted in this recent Harvard Business Review article, data collection should be a partnership between employees and employers: both sides should benefit. To build trust, it should be very apparent to employees that the data is enhancing equity at the workplace. Unless they see this value, employees are unlikely to disclose their personal information.

To build trust, it’s important to take steps such as:

  • Reviewing surveys to ensure that the language is inclusive and respectful, and that it accurately reflects the terminology and identity of the group.
  • Seeking feedback from community organizations supporting equity-deserving groups.
  • Demonstrating a commitment to improving a sense of inclusion and belonging at work.
  • Ensuring data security, clarifying how you are limiting access and use, and providing opportunities for employees to review and change their personal information. In other words, follow the principles of privacy law, even if they don’t directly apply to your company.
  • Getting advice to ensure information is not extractive. For example, consider how certain communities have been negatively impacted by data or research and how you can proactively address their concerns and fears.

Making it count
Gathering data is a critical step in advancing ID&E initiatives, and human capital management tools make it easier for companies to collect this information. But, given the risks, there is no room for improvisation. As you get started—or as you think about changing or improving your existing ID&E program—take into consideration its legal obligations, the talent risks and the lived experiences of your employees when determining how to proceed. You, your employees and your hiring candidates will all thank each other for it.

Questions? We can help. Reach out to our team of legal, HR and ID&E specialists.

Multilingual post

This post is also available in the following languages

Stay up to date with what matters to you

Gain access to personalized content based on your interests by signing up today