Workplace Diversity, Equity, Inclusion: Data Privacy and Security Issues – JD Supra – DC Initiative on Racial Equity
Skip to content Skip to footer

In the last decade, organizations of varied industries and sizes have heightened their focus on diversity, equity, and inclusion (DEI) initiatives and, since 2020, DEI has become a top priority. COVID-19 pandemic realities, racial and social justice movements, changes in federal, state, or local laws, and generational shifts have increasingly brought DEI to the forefront.

Now, more than ever, employees and customers are looking for thoughtful and impactful corporate response. Strong DEI performance is not only a business imperative. DEI is an organizational, leadership, and, increasingly, a legal and compliance imperative.

Many factors have created new risks that could devastate corporate reputations and severely damage brands. Examples include U.S. demographic changes resulting in significantly more diverse workforces, government agencies intensifying antidiscrimination enforcement efforts, and 24-hour global communications. While organizations are investing significant time and resources in enhancing their DEI initiatives, and some are developing comprehensive DEI strategic plans, often overlooked are the data privacy and security considerations involved.

What Personal Data is Collected under the “DEI” Umbrella?

An effective organizational DEI strategy relies on policies and practices that support DEI in all facets of employment, from recruiting and hiring, to onboarding and training, to development and promotion, and, ultimately, to the c-suite and the boardroom. During all phases, a comprehensive DEI strategy contemplates significant collection, use, transfer, and storage of personal information of employees and applicants. This includes data on ethnicity, race, and gender identity, as well as data about sexual orientation, disability, and veteran status, among other key identifiers.

For example, an organization might undergo a diversity assessment. Such an assessment might include, among other things, a legal vulnerability assessments or “diagnostic” assessment that examine internal complaint processes, employment discrimination/retaliation/harassment/hostile work environment claims, human resource policies and practices and workforce demographic trends.

While a complete discussion of such assessments is beyond the scope of this article, it is important to consider what types of DEI personal data will be collected and from where. Examples of this information may include information related to an employee or applicant’s race, gender, sexual orientation, national origin, and disability, among other personal information.

Antidiscrimination Law – DEI Data Collection Requirements

In addition to DEI data that an organization collects for business objectives, U.S. legislation and guidance requires or recommends the collection of certain types of DEI data. Here are just a few examples.

  • Employers with 100 or more employees are required to submit an EEO-1 data report to the Equal Employment Opportunity Commission (EEOC) by March 31st of each year, collecting data on race and gender, to help the EEOC identify potential discriminatory employment practices. (The EEOC did not collect employer EEO-1 data in 2020 due to the COVID-19 pandemic.)
  • While not required by law, the Uniform Guidelines on Employee Selection Procedures (UGESP) recommend gender and race data collection of applicants to ensure non-discriminatory hiring practices. The UGESP are considered by federal courts when assessing a discriminatory hiring claim under Title VII of the Civil Rights Act.
  • The Federal Housing Finance Agency issued AB 2021-01 in March 2021, announcing standards for regulated entities (including federal home loan banks) on data collection relating to the diversity of boards of directors.
  • Beginning March 2021, California’s SB 973 required covered employers (generally, those with more than 100 employees) to report data relating to employees during a single pay period from the previous calendar year. In addition to annual earnings and hours worked for these employees, reporting must include race, ethnicity, and sex across specified job categories.

Similar obligations and recommendations exist in other parts of the globe. In the European Union (EU), while there is no direct legal duty for diversity reporting, the uniformly worde

Read Full Article at

Leave a comment

DC Initiative on Racial Equity

© 2022. All Rights Reserved.