Use Privacy Safeguards When Measuring Workplace Diversity: French Data-Protection Authority
As more organizations measure workforce diversity, they're collecting increasing amounts of personal and sensitive data from employees, French data-protection authority CNIL said in a recommendation document aimed at helping organizations conduct diversity surveys that comply with the law, particularly the EU General Data Protection Regulation.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Measuring diversity is a "delicate exercise" and must be done using safeguards to protect participants' privacy, such as being optional and properly informing staff of their rights, CNIL said. The 15-page document suggested using anonymous surveys and closed questions to limit data collected.
Sensitive data can be collected only with respondents' free and informed consent, the document noted. In addition, in view of the subordinate relationship workers have with employers, using a trusted third party to conduct a survey may be a valid privacy guarantee as long as the employer doesn't have access to the data.
The document, however, covers only self-administered survey schemes that employers use in the workplace, although some provisions might apply to other arrangements on a case-by-case basis, CNIL said. The document is intended to promote compliance with applicable data-protection rules, not to give companies a methodology for conducting social policies.