28 September 2021
Download – October 2021 – 2 of 5 Insights
The 'S' in environmental, social and corporate governance (ESG) is increasingly key – but has traditionally been more difficult to measure than environmental or corporate data. Social elements of ESG range from community involvement and volunteering to charitable contributions to staff working conditions to diversity and inclusion (D&I) initiatives.
D&I initiatives have a straightforward ethical case, demonstrated in part by increasing shareholder and public expectations for organisations around ESG responsibilities. We know there is a correlation between more diverse teams, improved growth and financial performance, and better brand reputation. For example, McKinsey's May 2020 Diversity report found that companies with better gender and ethnic diversity were more likely to outperform less diverse companies.
Collecting the right data, and doing so consistently, is essential to tracking and reporting D&I statistics and progress. UK and EU data protection law allow for this, but it is vital to get the compliance side right.
Much of the data collected for D&I initiatives is sensitive, or what the UK GDPR terms "special category" data. D&I data may include:
|Gender (whether assigned at birth or gender identity)||No|
|Racial or ethnic origin||Yes|
|Sexual orientation (or data about a person's sex life)||Yes|
|Disability (as a form of health data)||Yes|
Special category data also includes:
Under the UK GDPR, special category data does not include information like veteran's status, which is commonly collected in the US.
When an organisation collects D&I data, whether directly or by appointing a third party, it will be the data controller who is responsible for overall compliance with applicable data protection law.
Data protection law requires:
Organisations should also factor in broader data protection considerations, including:
Organisations may also be asked to share D&I information, for example when marketing their services, or may be required to publicise this information under legal or regulatory reporting requirements.
Organisations should plan for each of these in advance, including explaining how data might be aggregated and anonymised. While truly anonymised data is no longer personal data, it is helpful to explain to individuals how anonymised data – like D&I statistics across the organisations, will be used.
D&I data forms part of the social pillar of ESG governance and can be an invaluable tool in monitoring and demonstrating progress in this area. However, if D&I monitoring is not conducted properly, it risks individuals' sensitive information being mishandled – with all the damage to individuals, and to the organisation, that entails. The HR or other team(s) managing D&I should work closely with D&I decision makers at the executive level, including to ensure D&I goals and business strategies are aligned.
We can advise on how to conduct D&I data collection or monitoring. Please get in touch if you would like to discuss this further.