NOTE: This article is intended to inform our readers about business-related concerns in the United States. It is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.
Over the last year, relationships between employers and employees have shifted as work and personal lives have become intertwined like never before. As a result, business leaders have not only gained perspective on their employees, they’ve also gained more of their personal information.
According to our recent employee data survey, 48% of business leaders say the total amount of employee data their company collects has increased over the last 12 months—and only 13% say it has decreased (see our survey methodology at the bottom of the page).
These dynamics require that business leaders, people managers, and HR professionals strike a new balance between personal privacy and the company’s legitimate need for employee data.
For many companies, that means developing an employee data bill of rights to ensure employee data collection is performed with minimization, purpose, fairness, and awareness. In this report, we’ll go over three reasons why your business should consider adopting an employee data bill of rights, as well as delve into more of our survey findings and provide tips on how you can get started.
An employee data bill of rights is a set of guidelines that establish a minimum standard of privacy protections embedded into policies and procedures related to employee data collection.
Whether collecting new types of HR data to support a diversity, equity, and inclusion (DEI) program, medical data to ensure a safe workplace, or monitoring activity to optimize operations, employers are collecting more data than ever before.
By and large, employees across the country will be working remotely more often than before the pandemic began. And many companies will continue the monitoring practices they began during COVID-19. Just before the pandemic, we found that 58% of employees worked remotely at least some of the time. Now, according to our recent survey, 81% work remotely at least some of the time—an increase of 23%.
Additionally, an overwhelming 87% of business leaders in our survey say their company has collected medical information related to COVID-19— on vaccine status (70%), COVID test results (59%), and temperature checks (57%).
Finally, a growing focus on DEI initiatives requires additional and often sensitive information on existing and prospective employees including sexual orientation, disability status, and racial or ethnic identification. Two in three (67%) business leaders say they’ve asked for personal information to support a DEI program in the last 12 months.
Trust is essential for these programs to find success and while there is some trepidation, most employees are at least somewhat willing to supply this type of information. A full 79% of employees in our survey either strongly agree (28%) or somewhat agree (51%) that they are comfortable providing DEI information to their company.
Fewer, however, are comfortable providing personal medical information. Only 25% strongly agree that they are comfortable providing personal medical information to their company—another 49% are somewhat comfortable.
By adopting an employee data bill of rights, companies can help staff feel more comfortable sharing data with the knowledge that safeguards are in place.
The California Consumer Privacy Act (CCPA), the most comprehensive privacy law in the U.S., went into effect in 2019 and established new privacy rights not only for California consumers, but also employees. One of those rights is knowing what personal information (including professional or employment-related information) is collected and the purpose for which it’s used.
A year later, the California Privacy Rights Act (CPRA) amended and strengthened the CCPA. Under CPRA, the definition of personal information has been expanded to include personal information that “identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee.” The CPRA goes into effect January 1, 2023, but CCPA compliance is already required.
Already, Colorado and Virginia have enacted similar privacy laws that cover both consumers and employees. And even when based in other states, employers seeking remote workers must also comply with these laws when processing relevant applications and hiring covered job seekers. It’s only a matter of time until more states follow suit and, eventually, the federal government steps in to clarify a complicated patchwork of state laws with federal regulations.
Your company must get ahead of inevitable employee privacy regulations, not only to ensure compliance, but also to engender trust with your workforce. You can bolster these goals with an employee data bill of rights.
Read our guide: "CCPA Requirements You Should Know About"
Disconnects between employers and employees breed distrust and a lack of commitment to the company’s mission. GetApp’s research finds that disconnects often occur between management and staff when it comes to employee data.
For example, 72% of business leaders believe employee data should be used for whatever purpose the company sees fit—only 47% of employees feel the same way.
Similarly, our recent employee monitoring survey found that 69% of business leaders say they monitor employees while only 24% of employees say they are monitored by their employer.
By adopting an employee data bill of rights, you build transparency into all aspects of how data is collected and used.
An employee data bill of rights includes the following:
Do you really need the employee information you’re about to collect? Organizations must gather no more data than absolutely necessary to accomplish their objective.
Before deciding to collect new forms of employee data, examine the following:
Can we accomplish our goals with data we’ve already collected?
What is the minimum data necessary to achieve our goals?
Have we considered any incidental data collection that may occur?
To justify collecting employee data, businesses should have a legitimate purpose for its use.
Before launching any initiative that will require employee information, consider these questions:
Have we defined a clear purpose for the use of this data?
How will this data help us to achieve our business goals?
For how long do we need to store this data?
The elimination of bias, both conscious and unconscious, must be a focus of any data collection initiative.
As companies endeavor to implement wellness and DEI initiatives, they should carefully analyze these issues:
Have the consequences of compiling this data been thoroughly considered?
Could one group of employees be adversely impacted relative to another?
Should this information be required or voluntary?
Only 22% of the employees we surveyed strongly agree that their company clearly explains how their personal data is used. Your organization must be transparent about the data it is collecting from employees and why it is being collected. And while most companies require an employee privacy agreement upon hiring, these function more as legal documents than an agreement per se.
To boost transparency and awareness, ask:
Are we telling employees how their information will (and perhaps more importantly will not) be used?
Are we explaining how this information will benefit the company and its employees?
Do employees have a clear method for asking questions about the use of their personal information?
According to Gartner, an employee data bill of rights helps make employees feel like partners rather than targets.
This matters because a full 80% of employees who are treated as data partners (defined as those who know how their data is collected, used, and protected) are inclined to work harder than those who are not treated as data partners (full research available to Gartner clients).
To help employees feel more like data partners and less like data targets, companies should:
Provide people managers with the tools needed to respond to employee inquiries about data collection.
Proactively explain how sensitive data will improve employee experience, health, or safety.
Survey staff to better understand preferences around the collection of sensitive data.
Check out our Survey Software Category Leaders report for unbiased, data-driven rankings.
GetApp’s Employee Data Survey was conducted in September 2021 among 601 respondents to learn more about employee data collection at U.S. businesses. Respondents were screened for full-time employment at companies with two or more employees. 301 respondents identified as management level or above and 300 identified as staff or senior staff.
GetApp’s Employee Monitoring Survey was conducted in March 2021 among 969 respondents (435 of which indicated leadership positions within their company) to learn more about employee monitoring practices. Respondents were screened for employment at small businesses with two to 250 employees. The 2015 comparison data was collected through an online survey of 500 business owners.
Explore by topic