Privacy Protection In People Analytics

Vendors have responded to the people analytics challenge with robust new capabilities. 

As a result, what was once reserved only for organizations with resources to fund large-scale analytics and machine learning projects has become ubiquitous. 

Now, you can have the ability to: 

• Measure performance both actively and passively as work has become more digitized and behavior more discoverable. 
• Identify and fill skill gaps by looking beyond individual functions to related skills to enable cross-functional talent mobility. 
• Identify flight risks with predictive analytics that examine behavior patterns of employees who are planning to leave the organization. 

• Reduce bias in hiring and promotion decisions. 
• Use machine learning to predict candidate success. 
• Visualize how communications, information, and decisions flow through an organization using organizational network analysis. 

And now, new talent intelligence platforms tie together talent acquisition, talent management,

diversity, equity and inclusion, and employee experience with analytics and AI. 

People analytics could adapt Google and online marketing’s aggregation techniques. 

Google recommends using analytics to infer information about you as a consumer even when no one data set has that information. 

Marketers can offer goods and services to qualified customers before they know they want them. 

What does this mean for you and your employees? 

For your business, this capability can help you make better people decisions that can benefit both the organization and the individuals in it. 

Do your employees trust you with all that information? 

Are your people afraid to take a bathroom break for fear of losing pay? Or do they wonder what you know about them that you are not disclosing? 

Do you have privacy safeguards in place? 

Seventy-five percent of employees trust their employers, but almost anyone can move data where it doesn’t belong. 

To be sure, most data breaches are accidents that happen inside an organization. 

To make that clear, Code 42 gives us an infographic that shows six data behaviors that can signal problems: 

• Someone sends 30GB to a thumb drive after hours. 
• In a company that uses Google for storage, someone uploads data to a personal Google Drive account. 
• A disgruntled employee posts an innocuous picture with your source code embedded. 
• Intentionally or not, someone changes a critical file permission to “anyone can edit.” 
• An employee resigns and downloads enormous files over the next two weeks. 

• A list of people is inadvertently sent to the wrong email. 

Most of the time, no harm is done. 

However, the one that does cause problems could be costly. 

Ethical People Analytics Through Governance 

As in governance in workforce management and all HR functions, a governance process can help you get your privacy measures in place. 

Your people analytics governance should work side by side with your organization’s data governance. 

Data security is not data privacy, but the two must work together. 

Such a framework can not only serve you well today but can adapt to changing technologies as they become available. 

Ethics Charter 

The first step in the framework is a charter that includes principles on what should and shouldn’t be done with an employee’s personal information. 

By itself, a charter won’t provide protection. Still, when you couple it with governance and action, you have a framework to balance the risks and benefits. 

Your People Data Governance Council 

The first step in forming your council is to make sure you have the right stakeholders in place. People data involves every person and every function in your organization. It will not be effective if HR tries to go it alone. 

Using a collaborative framework will strengthen HR’s role in data privacy and build trust throughout your organization. 

Your council should involve these functions: 

• HR: of course, HR presence is required, but it doesn’t necessarily mean HR must lead. Another top executive who understands the value of human capital can serve as well. 
• Line-of-Business Leaders: These are the people who get things done through people. Their perspective is representative of the business as a whole. 
• Internal Communications (or Marketing): The quality of messaging throughout your organization will hugely impact your success. 
• Employee Relations Representatives: Your HRBPs or other employee representatives are essential for employee buy-in.  
• IT: People data is organization data and must be part of your data governance framework. IT can make data protection measures work for you. 

• Legal: You will need to consider the legal environment in which you work. One of the most important considerations may be the EU’s GDPR.

Privacy by Design

PbD is the most widely accepted privacy standard worldwide. The EU bases its GDPR on it, and many other countries have adopted the framework. 

Ann Cavoukean, Ph.D., developed the Privacy by Design framework in the mid-90s. 

It gained international acceptance in 2010 and is the standard adopted by Deloitte and EY, which offer annual certification. 

The PbD framework comprises seven principles: 

1.         Proactive, not Reactive; Preventative not Remedial. The aim is not to deal with privacy events but to prevent them.
2.      Privacy as the Default  Personal data is protected in any system or business practice by default. 
3.         3. Privacy Embedded into Design
4.          Privacy is in the design and architecture of systems and business practices. It is an essential component of the core. 
            4. Full Functionality—Positive-Sum, not Zero-Sum 
5. Privacy and security, accommodating all legitimate interests and objectives. No tradeoffs—win-win for all interests. 
6.          5. End-to-End Lifecycle Protection 
7. Extends for the entire lifecycle of the data, from creation to the time it is destroyed. 
8.           6. Visibility and Transparency 
9. Ensures that business practices and technology operate to the stated promises and objectives, subject to independent verification. 
10.          7. Respect for User Privacy 
11. Requires architects and operators to keep the interests of the individual uppermost in strong privacy defaults, appropriate notice, and user-friendly options. 

A governance framework and clear principles will help you become an organization that values and practices personal privacy. 

With effective communication and privacy embedded in every technology and practice, you can build a culture of trust. 

Pixentia endorses the principles of Privacy by Design and stands ready to help you implement strong privacy in your organization. 

Phenomecloud is a full-service technology company dedicated to helping clients solve business problems, improve the capability of their people, and achieve better results.