Privacy Protection In People Analytics

Sep 07, 2021

Privacy Protection in People Analytics


Vendors have responded to the people analytics challenge with robust new capabilities. 

As a result, what was once reserved only for organizations with resources to fund large-scale analytics and machine learning projects has become ubiquitous. 

Now, you can have the ability to: 

And now, new talent intelligence platforms tie together talent acquisition, talent management,

A Radial Diagram with Talent Intelligence in the center, surrounded by; Talent Acquisition; Talent Management; Diversity, Equity, Inclusion, and Employee Experience; and Employee Experience

diversity, equity and inclusion, and employee experience with analytics and AI. 


People analytics could adapt Google and online marketing’s aggregation techniques. 

Google recommends using analytics to infer information about you as a consumer even when no one data set has that information. 

Marketers can offer goods and services to qualified customers before they know they want them

What does this mean for you and your employees? 

For your business, this capability can help you make better people decisions that can benefit both the organization and the individuals in it. 

However, privacy is personal, and we must be sure our people are comfortable with what information we disclose. We can do that by only using data that is not personally identifiable.
Nevertheless, metadata that contains no personal information can be invasive even though it is not a privacy breach. Connected to another data set, it could reveal personally identifiable information.
We must be constantly aware of what data we have and how we use it.

Our ability to connect information, identify patterns and personalize interaction for maximum result has reached a level of sophistication once only dreamed about.

Do your employees trust you with all that information? 

Are your people afraid to take a bathroom break for fear of losing pay? Or do they wonder what you know about them that you are not disclosing? 

Do you have privacy safeguards in place? 

Seventy-five percent of employees trust their employers, but almost anyone can move data where it doesn’t belong. 

To be sure, most data breaches are accidents that happen inside an organization. 

To make that clear, Code 42 gives us an infographic that shows six data behaviors that can signal problems

  • Someone sends 30GB to a thumb drive after hours. 
  • In a company that uses Google for storage, someone uploads data to a personal Google Drive account. 
  • A disgruntled employee posts an innocuous picture with your source code embedded. 
  • Intentionally or not, someone changes a critical file permission to “anyone can edit.” 
  • An employee resigns and downloads enormous files over the next two weeks. 
  • A list of people is inadvertently sent to the wrong email. 

Most of the time, no harm is done. 

However, the one that does cause problems could be costly. 

Ethical People Analytics Through Governance 

As in governance in workforce management and all HR functions, a governance process can help you get your privacy measures in place. 

Your people analytics governance should work side by side with your organization’s data governance

Data security is not data privacy, but the two must work together. 

Such a framework can not only serve you well today but can adapt to changing technologies as they become available. 

Ethics Charter 

The first step in the framework is a charter that includes principles on what should and shouldn’t be done with an employee’s personal information

By itself, a charter won’t provide protection. Still, when you couple it with governance and action, you have a framework to balance the risks and benefits. 

Your People Data Governance Council 

The first step in forming your council is to make sure you have the right stakeholders in place. People data involves every person and every function in your organization. It will not be effective if HR tries to go it alone. 

Using a collaborative framework will strengthen HR’s role in data privacy and build trust throughout your organization. 

Your council should involve these functions: 

  • HR: of course, HR presence is required, but it doesn’t necessarily mean HR must lead. Another top executive who understands the value of human capital can serve as well. 
  • Line-of-Business Leaders: These are the people who get things done through people. Their perspective is representative of the business as a whole. 
  • Internal Communications (or Marketing): The quality of messaging throughout your organization will hugely impact your success. 
  • Employee Relations Representatives: Your HRBPs or other employee representatives are essential for employee buy-in.  
  • IT: People data is organization data and must be part of your data governance framework. IT can make data protection measures work for you. 
  • Legal: You will need to consider the legal environment in which you work. One of the most important considerations may be the EU’s GDPR.A diagram which displaces People Analytics Governance Council. Internal Communication, Employee Relations, Information Technology, Legal, Human Resources, Business Leaders.

Privacy by Design

PbD is the most widely accepted privacy standard worldwide. The EU bases its GDPR on it, and many other countries have adopted the framework. 

Ann Cavoukean, Ph.D., developed the Privacy by Design framework in the mid-90s. 

It gained international acceptance in 2010 and is the standard adopted by Deloitte and EY, which offer annual certification. 

The PbD framework comprises seven principles: 

       1. Proactive, not Reactive; Preventative not Remedial 

The aim is not to deal with privacy events but to prevent them.

     2. Privacy as the Default  Personal data is protected in any system or business practice by default

        3. Privacy Embedded into Design

         Privacy is in the design and architecture of systems and business practices. It is an essential component of the core. 
         4. Full Functionality—Positive-Sum, not Zero-Sum 

Privacy and security, accommodating all legitimate interests and objectives. No tradeoffs—win-win for all interests. 

         5. End-to-End Lifecycle Protection 

Extends for the entire lifecycle of the data, from creation to the time it is destroyed. 

          6. Visibility and Transparency 

Ensures that business practices and technology operate to the stated promises and objectives, subject to independent verification. 

         7. Respect for User Privacy 

Requires architects and operators to keep the interests of the individual uppermost in strong privacy defaults, appropriate notice, and user-friendly options. 

A governance framework and clear principles will help you become an organization that values and practices personal privacy. 

With effective communication and privacy embedded in every technology and practice, you can build a culture of trust. 

Pixentia endorses the principles of Privacy by Design and stands ready to help you implement strong privacy in your organization. 

Pixentia is a full-service technology company dedicated to helping clients solve business problems, improve the capability of their people, and achieve better results.

Previously:  Next up: 


News Letter Sign up

Get in touch with us
phone_footer.png  +1 903-306-2430,
              +1 855-978-6816