Human Resources

3 Reasons Your Business Needs an Employee Data Bill of Rights

Oct 7, 2021

Employee data is crucial to making sound decisions about your workforce and optimizing business operations. But how you collect and leverage that data is just as important.

Zach CapersSr Specialist Analyst
3 Reasons Your Business Needs an Employee Data Bill of Rights

NOTE: This article is intended to inform our readers about business-related concerns in the United States. It is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.

Over the last year, relationships between employers and employees have shifted as work and personal lives have become intertwined like never before. As a result, business leaders have not only gained perspective on their employees, they’ve also gained more of their personal information.

According to our recent employee data survey, 48% of business leaders say the total amount of employee data their company collects has increased over the last 12 months—and only 13% say it has decreased (see our survey methodology at the bottom of the page).

These dynamics require that business leaders, people managers, and HR professionals strike a new balance between personal privacy and the company’s legitimate need for employee data.

For many companies, that means developing an employee data bill of rights to ensure employee data collection is performed with minimization, purpose, fairness, and awareness. In this report, we’ll go over three reasons why your business should consider adopting an employee data bill of rights, as well as delve into more of our survey findings and provide tips on how you can get started.

What is an employee data bill of rights?

An employee data bill of rights is a set of guidelines that establish a minimum standard of privacy protections embedded into policies and procedures related to employee data collection.

1. Employers are collecting more employee data

Whether collecting new types of HR data to support a diversity, equity, and inclusion (DEI) program, medical data to ensure a safe workplace, or monitoring activity to optimize operations, employers are collecting more data than ever before.

By and large, employees across the country will be working remotely more often than before the pandemic began. And many companies will continue the monitoring practices they began during COVID-19. Just before the pandemic, we found that 58% of employees worked remotely at least some of the time. Now, according to our recent survey, 81% work remotely at least some of the time—an increase of 23%.

Additionally, an overwhelming 87% of business leaders in our survey say their company has collected medical information related to COVID-19— on vaccine status (70%), COVID test results (59%), and temperature checks (57%).


Finally, a growing focus on DEI initiatives requires additional and often sensitive information on existing and prospective employees including sexual orientation, disability status, and racial or ethnic identification. Two in three (67%) business leaders say they’ve asked for personal information to support a DEI program in the last 12 months.

Employee DEI program

Trust is essential for these programs to find success and while there is some trepidation, most employees are at least somewhat willing to supply this type of information. A full 79% of employees in our survey either strongly agree (28%) or somewhat agree (51%) that they are comfortable providing DEI information to their company.

Fewer, however, are comfortable providing personal medical information. Only 25% strongly agree that they are comfortable providing personal medical information to their company—another 49% are somewhat comfortable.

By adopting an employee data bill of rights, companies can help staff feel more comfortable sharing data with the knowledge that safeguards are in place.

2. Responsible employee data collection isn’t only the right thing—it’s increasingly the required thing

The California Consumer Privacy Act (CCPA), the most comprehensive privacy law in the U.S., went into effect in 2019 and established new privacy rights not only for California consumers, but also employees. One of those rights is knowing what personal information (including professional or employment-related information) is collected and the purpose for which it’s used.

A year later, the California Privacy Rights Act (CPRA) amended and strengthened the CCPA. Under CPRA, the definition of personal information has been expanded to include personal information that “identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee.” The CPRA goes into effect January 1, 2023, but CCPA compliance is already required.

Already, Colorado and Virginia have enacted similar privacy laws that cover both consumers and employees. And even when based in other states, employers seeking remote workers must also comply with these laws when processing relevant applications and hiring covered job seekers. It’s only a matter of time until more states follow suit and, eventually, the federal government steps in to clarify a complicated patchwork of state laws with federal regulations.

Your company must get ahead of inevitable employee privacy regulations, not only to ensure compliance, but also to engender trust with your workforce. You can bolster these goals with an employee data bill of rights.

Want to read more about the CCPA?

3. Transparency is key to successful employee data initiatives

Disconnects between employers and employees breed distrust and a lack of commitment to the company’s mission. GetApp’s research finds that disconnects often occur between management and staff when it comes to employee data.

For example, 72% of business leaders believe employee data should be used for whatever purpose the company sees fit—only 47% of employees feel the same way.

Similarly, our recent employee monitoring survey found that 69% of business leaders say they monitor employees while only 24% of employees say they are monitored by their employer.

Employee vs Employer monitoring

(See our survey methodology at the bottom of the page.)

By adopting an employee data bill of rights, you build transparency into all aspects of how data is collected and used.

How to establish employee rights to data minimization, purpose, fairness, and awareness

An employee data bill of rights includes the following:

The right to minimization

Do you really need the employee information you’re about to collect? Organizations must gather no more data than absolutely necessary to accomplish their objective.

Before deciding to collect new forms of employee data, examine the following:

  • Can we accomplish our goals with data we’ve already collected?

  • What is the minimum data necessary to achieve our goals?

  • Have we considered any incidental data collection that may occur?

The right to purpose

To justify collecting employee data, businesses should have a legitimate purpose for its use.

Before launching any initiative that will require employee information, consider these questions:

  • Have we defined a clear purpose for the use of this data?

  • How will this data help us to achieve our business goals?

  • For how long do we need to store this data?

The right to fairness

The elimination of bias, both conscious and unconscious, must be a focus of any data collection initiative.

As companies endeavor to implement wellness and DEI initiatives, they should carefully analyze these issues:

  • Have the consequences of compiling this data been thoroughly considered?

  • Could one group of employees be adversely impacted relative to another?

  • Should this information be required or voluntary?

The right to awareness

Only 22% of the employees we surveyed strongly agree that their company clearly explains how their personal data is used. Your organization must be transparent about the data it is collecting from employees and why it is being collected. And while most companies require an employee privacy agreement upon hiring, these function more as legal documents than an agreement per se.

To boost transparency and awareness, ask:

  • Are we telling employees how their information will (and perhaps more importantly will not) be used?

  • Are we explaining how this information will benefit the company and its employees?

  • Do employees have a clear method for asking questions about the use of their personal information?

Employee DBOR

Treat employees like data partners, rather than data targets

According to Gartner, an employee data bill of rights helps make employees feel like partners rather than targets.

This matters because a full 80% of employees who are treated as data partners (defined as those who know how their data is collected, used, and protected) are inclined to work harder than those who are not treated as data partners (full research available to Gartner clients).

To help employees feel more like data partners and less like data targets, companies should:

  • Provide people managers with the tools needed to respond to employee inquiries about data collection.

  • Proactively explain how sensitive data will improve employee experience, health, or safety.

  • Survey staff to better understand preferences around the collection of sensitive data.

Want to better understand your employees?

Check out our Survey Software Category Leaders report for unbiased, data-driven rankings.


GetApp’s Employee Data Survey was conducted in September 2021 among 601 respondents to learn more about employee data collection at U.S. businesses. Respondents were screened for full-time employment at companies with two or more employees. 301 respondents identified as management level or above and 300 identified as staff or senior staff.

GetApp’s Employee Monitoring Survey was conducted  in March 2021 among 969 respondents (435 of which indicated leadership positions within their company) to learn more about employee monitoring practices. Respondents were screened for employment at small businesses with two to 250 employees. The 2015 comparison data was collected through an online survey of 500 business owners.

About the author

Zach Capers

Sr Specialist Analyst
Zach Capers is a senior analyst at GetApp, covering IT security, data privacy, and emerging technology trends. A former internal investigator for a Fortune 50 company and researcher for the Association of Certified Fraud Examiners (ACFE), his work has been featured in publications such as Forbes, Business Insider, and Journal of Accountancy.
Visit author's page