Data privacy is going to be an increasingly important topic of debate within companies. As predictive analytics for HR advances, we are witnessing employee reaction against possible invasions of their privacy and a demand for greater transparency about the areas that are recorded and analyzed.
Although it's normal and common for companies to monitor and analyze data from their customers, there's a significant difference in HR. The difference is, of course, that there's a different power relationship between the employer and the employee, which may not exist between service providers and their customers.
How about an example as to when it's legitimate to collect and analyze employee data?
The Truman Show
You'll see below how the rule I propose to ethically validate data collection and analysis is closely related to the argument of The Truman Show (Peter Weir, 1998), starring Jim Carrey. In the movie, Truman Burbank is the star of a TV show where he's in front of the cameras twenty-four hours a day, but he doesn't know it. Truman's life is filmed by thousands of hidden cameras 24/7 and is broadcast live to everyone.
The executive producer, Christof, in a scene from the film says:
"I know you better than you know yourself"
Privacy
A significant number of employees may feel that their privacy is being invaded when many details of their activities are recorded and analyzed, both at work, as well as at home when they use the company computer or corporate email, for example.
On the other hand, as analytical tools become more sophisticated and acquire a knowledge capacity that resembles that of humans, employees may feel uncomfortable discovering that the organization can learn their performance, their likelihood of leaving the company, and even give them recommendations about their work in a way that they didn't even know was possible.
From the legal to the ethical
Very often, legal limits outweigh the ethical ones. For example, although the law allows it (at least in some countries), analyzing corporate email of employees could cause an outright rejection.
Paul Schwartz, professor at Berkeley, is a well-known expert in information privacy law. He mentions five requirements in the article Privacy, Ethics and Analytics:
1. Comply with the law: Organizations must comply with the legal requirements when conducting an analysis.
2. Cultural and socially acceptable standards. Beyond legal requirements, organizations should consider whether analytical activities reflect cultural and social norms about acceptable activities.
3. Do not damage trust: Organizations should assess the impact of using analytical activities to ensure that the confidence of the various stakeholders is not damaged.
4. Measure the impact on people: Analytical activity can have positive and negative effects on people. Anticipate before you act.
5. Information security: Appropriate safeguards must be introduced to protect the safety of the information used in the analytical process. Organizations should consider whether analytical activities involve sensitive areas and supply the process with safeguards that are proportionate to the risk.
A rule of thumb for ethical principles regarding data
Like the "one ring to rule them all" of The Lord of the Rings, I believe that there is one rule that can help us discern the ethical from the reprehensible in the territory of privacy: Analysis software can be applied to data only when employees have no expectation of privacy. Tweets are an example of public information where we don't expect (or shouldn't expect) privacy. Mail, even though we call it corporate, is a whole other animal.
In a market that needs talent more and more, many companies are trying to figure out how to make employees loyal. And for them, the first step is figuring out how they feel about the company.
Intel, for example, asks its 106,000 employees to complete an annual survey that measures the company's work environment. Some of the questions are designed to reveal how the employees feel. Workers are asked if they are proud to work at Intel and if they expect to continue working there for the next five years.
Intel uses the feeling analysis to measure how its employees feel. HR managers analyze the text of internal comments on blogs or answers to open-ended questions in surveys.
According to Richard Taylor, Senior Vice President and HR Manager for Intel, referencing the approximately 50,000 comments generated, says, "We've reached a point where we have a lot of data but not necessarily much knowledge."
By the way—I have to say it or I'll burst—semantic analysis platforms like MeaningCloud are able to automatically process thousands upon millions of comments to identify areas where it's possible to make improvements in employee motivation levels, ultimately improving retention levels and even productivity.
Transparency and trust are the key
"We only analyze what employees know for certain is public information that can be recorded and analyzed," says Richard Taylor of Intel.
On Intel's company blogs, for example, employees must attach their real names to the comments. In the eyes of the company, those posts are acceptable for analysis.
If your employees don't trust what you'll do with their data, they won't give out information or provide relevant and truthful data.
"Employee emails, on the other hand, are private," says Taylor. "The company won't analyze them."
"We would lose their trust if we did," he says. "That would be the worst."
An example of unethical analysis
This example that contradicts my "what is expected" rule is taken from Predictive HR Analytics: Mastering the HR Metric, probably the most practical book that exists about People Analytics.
It's about a financial organization that uses ID cards to allow employees to access several non-work-related facilities such as the cafeteria and gym. The information stored for each employee was so detailed that an HR analyst had access to what the employees ate in the staff dining room during the day and what gym equipment they used and for how long.
The organization's HR analysis team, without employees being aware of it, linked individual employee performance data with information about the ideal meal profile, exercise period, training pattern, and gym equipment. It seems that their model was just as precise as it was unethical.
Takeaways:
A single principle, analyzing only when an employee has no expectation of privacy, allows us to see the ethical violations of privacy that we find in the cases in the post: Organizations will win if they improve the transparency policy on the data they collect and analyze about their employees.
In the fictional story narrated in The Truman Show, the protagonist didn't know he was being filmed. We also don't expect to be analyzed when we write an email or when we use an ID card to go to the company cafeteria or gym.