Balancing the Impact, Ethics, and Security of People Data

As access to data increases, so does its potential for impact and risk 

We live in a time of exponential technology growth: There is 900% more data being generated and flowing through businesses than there was two years ago.¹ Opportunities to harvest data (including your personal data) are everywhere. But with these opportunities comes risk, as many organizations struggle to balance data access and impact with security, privacy, and ethics.

Ideally, data is managed securely and ethically with organizations using data insights to help improve results and with workers using the insights to manage their productivity, well-being, performance, and career development. However, when data is not protected or is misused, this may negatively impact privacy, infringe on people’s personal identity, lead to misguided decisions, and damage the company’s brand.

The Potential for Impact

84% of organizations think that people analytics are a priority for their business² and 72% have acted on this priority by investing in analytics’ resources, technologies, trainings, or other related areas. ³

People analytics can be used for a wide array of positive impacts. Candidate selection analytics can be used to define initial job fit and development plans. Predictive analytics can spot retention risks and correlated factors to plan interventions. Matching analytics can be used to connect workers and their skills/interests to best fit internal opportunities. Organizational network analytics can visualize relationships and information flow to identify natural teaming and collaboration opportunities or show new hires who to connect with to get productive faster.⁴ Workforce planning analytics can determine future resource needs based on demand signals. Even future-of-work analytics can be applied to understand how automation and the open-talent economy will likely impact individual roles.⁵ The list of potential applications goes on.

High-performing organizations are taking advantage of the increasing availability of data by using more collection channels (on average seven different channels ranging from HR systems and surveys to e-mail metadata) and the use of this data in people analytics has shown significant impacts.³ Organizations with high-performing people analytics capabilities (in comparison to those with low-performing capabilities) are 6 times more likely to engage the workforce, 12 times more likely to improve team effectiveness, 5 times more likely to save costs, and 11 times more likely to increase productivity.³

The Potential for Risk

Due to its personal and sensitive nature, people data is prone to risk. That risk can take many forms, from lack of protection, unintentional or even intentional misuse, and public perception controversies.

• Data Protection: 7.9 billion records were breached in 2019, up 33% compared to 2018 as reported by Risk Based Security’s Q3 2019 Data Breach Report⁷. Employers’ data storage may include personal identification numbers, bank account details, ages, ethnicities, addresses, phone numbers, work e-mails, and potentially much more as data collection efforts grow.

• Misuse: Both humans and machines can misuse data. People may cherry-pick data points or collect data dishonestly under the guise of productivity while using it for reduction planning. Even worse, people can use data access to further hidden agendas breaking ethical expectations or even data privacy laws. Even machines are not without risk due to algorithmic bias (issues in the underlying data or the algorithm itself) or due to biases, conscious or unconscious, of their programmers. For example, the automation of high-volume applicant resume screening could be positive for organizations and candidates alike, potentially mitigating human biases. However, AI that is programmed based on historical workforce data alone may inadvertently further exacerbate biases by training AI to replicate human biases faster and more efficiently than people can.

• Perception: Nearly 60% of organizations are concerned about workforce perceptions of how their data is being used.² While individuals may choose to share their locations or list their professional skills on social media, they may react with resentment upon learning their employer monitors their movements via mobile or web-scraping tools. Furthermore, there is the risk of neglecting informed consent. For example, in the European Union, informed consent is one of the six legal bases for collection, handling, and/or storage of people’s personal data outlined in the General Data Protection Regulation (GDPR).⁸

Making a Secure and Ethical Impact

The potential for risk does not mean organizations should abandon people data efforts—it serves to stress the need for managing data in secure and ethical ways.

Deloitte’s 2020 Technology Trends positions data ethics as follows: “In what we recognize as an emerging trend, some companies are approaching trust not as a compliance or public relations issue but as a business-critical goal to be pursued”. Organizations need to move beyond data ethics as simply regulatory compliance and seek to create a culture that emphasizes trust in line with their greater organizational values. One approach is transparency: communicating to the workforce on what data is being collected, why, the value the insights will provide, and offer an opt-out where applicable.

Of organizations with high-performing people analytics capabilities, 95% are effective at keeping data secure and private.³ 7 out of 10 leverage a data council to oversee the data life cycle and help ensure regulatory compliance, establish role-based securities, and educate workers on data privacy and protection practices.³

Other important contributors are people analytics technology providers, offering a wide variety of capabilities to support organizations in security and privacy: 94% of these providers support the creation of a data audit trail; 63% utilize role-based security for setting access controls; and 88% enable different types of data privacy management.⁶ In addition, organizations utilizing AI tools can establish auditing procedures, monitor results for adverse impacts, and combine AI decisions with human decision-making.

As data options continue to grow, organizations can realize impacts while managing data ethically and securely. Organizations should think differently (viewing data ethics as not merely compliance), establish a data council, and further leverage available security features.

About Deloitte

As used in this document, “Deloitte” means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of our legal structure. Certain services may not be available to attest clients under the rules and regulations of public accounting.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

Copyright © 2020 Deloitte Development LLC. All rights reserved.

Sources

1. Harvard Business Review, Why Your Organization’s Future Demands a New Kind of HR. 2019.
2. Deloitte Global Human Capital Trends Deloitte Consulting LLP, 2018.
3. High-Impact People Analytics research. Bersin, Deloitte Consulting LLP, 2017.
4. Organizational Network Analysis: A Primer. Bersin, Deloitte Consulting LLP, 2019.
5. People Metrics for the Future of Work: Preparing for What’s Next. Bersin, Deloitte Consulting LLP, 2020.
6. People Analytics Solutions: Market Findings, Bersin, Deloitte Consulting LLP, 2019.
7. Data Breach QuickView Report, 2019 Q3 Trends, Risk Based Security, 2019.
8. Complete Guide to GDPR Compliance. GDPR.EU, 2020.
9. Tech Trends 2020. Deloitte Insights. Deloitte Consulting LLP, 2020.