CEB Blogs


Data Privacy

The Seven Commandments of Employee Data Use

It pays to be open, honest, fair, and clear about the data you hold

With T-Mobile and now TalkTalk at the center of recent data theft scandals, every week seems to bring new horror stories of companies betraying customers’ trust that their data is safe.

But the risks – and benefits – of big data aren’t limited to customers’ details. Businesses use employee information to understand who to hire and promote, the technology and other tools employees need to do their job, their pay and benefits entitlement and – increasingly – to understand how and where they can most benefit the company.

Big Data = Big Value + Big Risk

However great the rewards, companies need to make sure they are not outweighed by the risks. Only last month Sony agreed to pay up to $10,000 per person to employees who claimed that their personal data was stolen in a 2014 hacking attack. Never mind the potential damage to Sony’s employer – and consumer – brand.

For managers to get the most value from the information they hold on employees, while minimizing the risks to the employees and the company, there are seven commandments that every organization needs to chisel deep into its data use policies.

  1. Be open about the data you collect and how you use it: Be clear on what you have and why you need it. Wherever possible, ask for employees’ explicit permission to hold that data and be prepared to give them access to it if required.

  2. Respect your employees’ privacy concerns: Follow your data use principles, and only share employee data with a third party when required for business or legal reasons.

  3. Show that your policy is fair, wherever you operate: You’ll need to make sure that your data policy complies with local laws and regulations and does not discriminate by gender, age and sexuality, or unfairly affect any group.

    Disadvantaged groups will of course vary by geographical region, so again it’s important to consider the local context.

  4. Only ask for, and keep, personal information you need: Be judicious about the personal data you collect. If the data won’t help the business, or your employees, then don’t ask for it.

    Once the need has been met, think hard about whether you still need to keep it. And, where data is only required for analysis, not for administration, make sure it’s made anonymous.

  5. If you use the data to inform decisions, make sure it’s accurate: Make sure you update information regularly and give people a chance to correct it.

    And ensure that any decisions that are in part based on that data, such as who to hire or promote, are defensible, and comply with local laws and regulations.

  6. Remember you’re the steward of your employees’ information, not its owner: Your employees entrust you with their valuable personal data, so make sure you handle it responsibly.

    You need appropriate administrative, technical, and physical controls to make sure it isn’t lost, misused, or falls into the wrong hands.

  7. Be clear about how you use data and who is accountable: It’s important that every company – and its employees – knows the function and individuals responsible for its data use policy, and who is accountable to the board of directors.

    The principles and controls on data use should be clear, regularly monitored, and be accessible by employees.

Building a data use policy with these commandments at its foundation will help businesses get more value from employee data, while ensuring they respect employees’ rights. It’s an important first step to introducing a much more rigorous analysis of an organization’s talent and finding ways to help employees, and ultimately the company, be more successful.

More On…

Leave a Reply



Recommended For You

Data Privacy: 4 Steps to Start a Privacy Liaison Program

Make a compelling case for a liaison program, look for people that have the right...