Tracking diversity and inclusion efforts on a global basis is often a challenging task for in-house legal, human resources, and diversity and inclusion teams. While employers may be interested in collecting applicants’ and/or employees’ diversity information for worthy reasons, such an effort is a fertile ground for potential litigation involving data privacy violations and discrimination claims.
Risks of Violating Data Privacy Requirements
Globally, diversity information typically constitutes personal data (and, in many jurisdictions, sensitive personal information) and therefore will be subject to the general privacy law requirements in each jurisdiction related to the collection, processing, use and transfer of personal and/or sensitive personal information. Sensitive personal information includes racial or ethnic origin and sexual orientation, among other personal data. Generally, to ensure that employers’ processing of sensitive personal information is lawful, employers must require data subjects (i.e., applicants and/or employees) to provide explicit consent. It also is necessary to consider: (a) the fact that responses are voluntary is sufficient to comply with any requirements to obtain consent, particularly because consent is viewed skeptically in the employment context in many jurisdictions; and (b) disclosures likely will be required regarding how the information will be processed or used and where, to whom and for what purposes it may be transferred.
Potential Discrimination Claims
When collecting diversity information of an international workforce, many questions that employers seek to ask can raise issues of discrimination. This is the case even when such diversity questions are legally permitted. It is essential, therefore, that employers always: (a) have a legitimate justification to ask such questions; (b) communicate to individuals that none of the answers will be used for decisional purposes; and (c) inform individuals that they have the right not to answer (and/or provide individuals with the option to select “other”). Employers should be careful to avoid using any collected information in a manner that could be perceived as discriminatory. The primary concern is that as soon as employers collect any diversity information from applicants or employees, and potential employees or employees experience a negative consequence (e.g., applicants are not hired or an offer is retracted, or employees are not promoted or are terminated), the likelihood greatly increases that potential employees or employees will claim that such a decision was due to a protected category and therefore is discriminatory. As such, to reduce the risk of discrimination claims, the recommended approach is for employers to collect this diversity information from employees (for those employees who volunteer to provide it) on a completely anonymous basis, ideally through a third party (or, in the alternative, a company department wholly unrelated to and disconnected from any hiring and employment decision-making). The identity of all individuals should not be revealed or determined through the collection of the information. Even on this anonymized basis, however, it is a best practice that this information not be collected until after an employee is hired.
Around the world, whether employers may ask individuals diversity-related questions often is not a simple “Yes” or “No” determination. The analysis is nuanced because countries have different cultures, histories and sensitivities that affect workplaces and the employment relationship. As such, when jurisdictions do not provide specifically by law whether certain diversity information may be collected, multinational employers may consider developing a risk-based analysis that assesses the need for the information, as well as the underlying purpose for and reasoning behind collecting this diversity information. Such a risk-based analysis considers factors in addition to the simple legal bases for collecting diversity information. Several questions and issues may affect this analysis including, but not limited to, the following:
- Will the collected information be aggregated and not used by any managers during the hiring process or otherwise in making any employment-related decisions?
- Will the collected information be gathered in a location where it only can be accessed by the diversity and inclusion team?
- Will the information only be used to track employers’ progress in its diversity and inclusion efforts? In addition, will this be communicated to applicants and/or employees who are being asked to provide such information?
- Will the data be obtained exclusively to enable employers to track their success in attracting and retaining diverse job candidates, from which this can then presumably measure their success in due course by contrasting that data with its actual workforce?
- Would employers like to take a progressive approach regarding diversity and inclusion and “push the envelope” in the area of diversity and inclusion? In such case, employers have a bit more of an appetite for risk in the effort to be more progressive.
In the end, employers must consider (i) whether they are equipped from a data privacy perspective to collect individuals’ personal information and (ii) the underlying purpose of the diversity collection effort. The answers to these questions will help employers assess whether they are in a position to commit effectively to collecting applicants’ and/or employees’ diversity information.