Data privacy and security issues with workplace DEI

Many organizations have been focusing on diversity, equality and inclusion initiatives. Companies are making DEI a top priority in California and around the country. Employees and customers look at a company’s thoughtful and impactful corporate response. DEI tools have expanded into leadership, organizational and legal departments as well. Several new risks to customers and employees have hurt company reputations and brands.

Collected data under DEI umbrella

Diversity, equality and inclusion strategies rely on policies and practices in all aspects of the business. DEI affects all recruiting, training, development and promotion of employees. Comprehensive diversity, equality and inclusion strategies collect, store, transfer and use personal data of applicants and employees. DEI-related data include veteran status, sexual orientation, disability, race, ethnicity and gender identity.

The antidiscrimination laws and DEI-related data collection requirements

Employers with over 100 employees have to submit a DEI-related data report by March 31st. Collecting personal identifiers for applicants isn’t required by the law but is often a policy of businesses. Federal courts look at the collected data from the Uniform Guidelines on Employee Selection Procedures. The Federal Housing Finance Agency regulates entities such as home loan banks by collecting personal data.

Security and privacy implications of DEI-related data

Companies use, transfer, store and collect personal data from applicants and employees. Antidiscrimination laws consider privacy restrictions for select data. The California Consumer Privacy Act has been imposing a broad range of requirements for personal information collection since Jan. 1, 2020. The CPRA includes retention periods of personal information with the notice of collection. Businesses can’t retaliate against employees or independent contractors for exercising the consumer’s rights. The information needs to be voluntary, and the employee should explain the purpose of collection. The questions should be clear, and they should guarantee the confidentiality of the data.

Mass data breaches and phishing scams make implementing security safeguards important. Data security legislation is changing in the U.S. and abroad. U.S. laws protect specific information during a security breach, but not DEI data. Employees are likely to take part in DEI when a company takes the security of personal information seriously. Businesses need to know what DEI-related data they collect and where they store data.

  • Archives

  • Categories

  • Recent Posts