Canadian HR Reporter is the national journal of human resource management. It features the latest workplace news, HR best practices, employment law commentary and tools and tips for employers to get the most out of their workforce.
Issue link: https://digital.hrreporter.com/i/1005725
individuals have the right to access data stored about them. GDPR goes beyond PIPEDA legislation by ensuring the right of portability — organizations are required to present this data to individuals upon request "in a structured, commonly used and machine-readable format".3 Although many of these pieces of legislation share similarities, these contrasts highlight the importance of fully understanding the nuances of all data-privacy legislation that applies to your organization. While adhering to legal guidelines is an important baseline, we believe companies must do more than adhere to legal requirements. As noted in a report by IBM, what companies can do with employee data and what companies should do with employee data are altogether different questions.4 Legality does not imply ethicality, and so employers must carefully consider the impact of collecting and analyzing employee data. Technology is advancing faster than legislators can keep up with, and there are areas that legislation may not be able to anticipate. For example, some employers are now outfi tting their workforce with fi tness tracking devices, to measure employee health and wellness. While these types of initiatives can be helpful, they may also have a negative impact on employee morale. As another example, there is increasing opportunity to track data on employees and candidates from the web, including social media profi les. Where should the line be drawn in terms of what information employers should collect? Companies will need to carefully consider how their people analytics strategy and implementation impacts employees. At the heart of this matter is the issue of trust. When introduced to new people analytics approaches, employees will likely be wrestling with the following questions, whether explicitly or implicitly: 1. Do I trust my employer's intentions when it comes to collecting and analyzing my data? Is it in my interest for me to share my data, or the interest of the company? 2. Do I trust the data itself? Is the data on me accurate? Does it appropriately represent me, or my contribution to the company? 3. Do I trust the decisions that are being made based on the data? Are the analyses based on my data likely to result in better and fairer decisions? We believe that responsibility falls on employers to earn employees' trust in their people analytics efforts. In order to build this trust, we recommend the following in collecting and handling employee data: 1. Disclose what types of data are being collected, for what reasons, and how the data will be used. 2. Clarify the rights of employees in terms of what data is collected and how it is used. 3. Encrypt and secure all databases. 4. Eliminate identifying information from data once data has been integrated. 5. Aggregate data and report on results at the aggregated level. Today, organizations have the ability to track, monitor, and analyze their workforce to unparalleled degree. While people analytics can provide huge strides in organizational effi ciency and effectiveness, it is important to not only abide by the legal requirements when collecting and utilising this data, but to also consider the ethical implications. Beyond considering this for the sake of ethical behaviour, using workforce data in a manner that employees are uncomfortable with may neutralize any gains by damaging morale and reducing employee engagement. This article has been adapted from "The People Analytics: Steps toward Data-Driven Decisions". A copy of the paper in full is available upon request from Percipient Solutions Ltd. 1 Hannah YeeFen Lim, June 2017. GDPR matchup: Signapore's Personal Data Protection Act. International Association of Privacy Professionals. https://iapp.org/news/a/ gdpr-matchup-singapores-personal-data-protection... 2 lbid. 3 Timothy M. Banks, May 2017. GDPR matchup: Canada's Personal Information Protection and Electronic Documents. Act. International Association of Privacy Professionals. https://iapp.org/news/a/matchup-canadas-pipeda-and-the-gdpr/ 4 Nigel Guenole, PhD, Sheri Feinzig, PhD, David Green. January 2018. The Grey Area: Ethical Dilemmas in HR Analytics. IBM Corporation. https://www.ibm.com/watson/talent/talent-management-institute/ ethical-dilemmas-hr-analytics/hr-ethical-dilemmas. pdf When is a Conversation a Privacy Breach? By Dan Boucher, CPHR Alberta Registrar Human Resources professionals are no strangers to the demands of privacy and confi dentiality. The evolving ability to tie so many aspects of an employee, candidate, or former employee in one fi le is a new complication on privacy and confi dentiality. Performance reviews, medical leaves, employee complaints, compensation – the volume of information is gigantic. Threats have increased as well. The sophisticated level of hacking that has stolen customer or employee information around the world is here to stay. Ensuring the proper levels of IT security are in place to protect your workforce is vital to your employees' privacy. But not all threats are malicious. Day-to-day interactions in our workplaces leave us exposed to the potential for an accidental breach of our own fault. For example, what happens when your leader asks for information you can't disclose? CPHR Alberta addresses this through our Code of Ethics & Standards of Professional Conduct. It outlines how a clearly defi ned relationship between practitioners and their clients is crucial for employees to understand how their data will be managed. It also articulates the proper instances where information must be shared, and with whom. A conversation about privacy doesn't need to sound defensive or scary. Help your leader to understand why confi dentiality is required – including the benefi ts to the employee and the organization. Perhaps most critically, by keeping confi dential the information that could bias others in the organization, you will be protecting your workplace from potentially harmful litigation. Confi dentiality is inherent to our profession, but how we communicate about it may not be. It seems ironic, but safeguarding our employees' privacy requires clear and open conversation.