Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.

Error message details.

Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.

Viewpoint: Why Your Organization Needs a Bill of Rights for Employee Data

A person using a laptop in a data center.

Editor's Note: SHRM has partnered with Harvard Business Review to bring you relevant articles on key HR topics and strategies.

Today's organizations have more data about their employees than ever before, and the volume and variety of accessible information continues to grow. There are two key drivers behind this shift.

First, the availability of data has expanded dramatically over the course of the past few years. When organizations made the rapid shift to remote or hybrid working, they created new digital work channels that could be monitored and tracked. (Think Slack messages instead of hallway conversations.) A 2022 Gartner survey found that 51% of organizations are now gathering data they didn't collect before the pandemic: 26% have started logging email activity in the past three years, 21% now process data around who employees talk and work with most frequently, and 15% have begun to analyze data from virtual meetings.

Second, organizations in 2023 are facing higher levels of accountability for employee health and well-being. For example, individuals' health data may have been considered extremely private in 2019, but by 2021, employees routinely shared information about Covid exposures or vaccination status as a basic employment requirement.

More broadly, Gartner research shows that 82% of employees want their organizations to treat them as humans, not just workers. Effective personal support requires data—on everything from family and caregiving responsibilities to mental health needs—and that data can provoke some very real privacy concerns.

As organizations have more mechanisms for getting personal data and more motivation for leveraging it, they need better guidelines for doing so responsibly—especially since this trend is already attracting increased regulatory scrutiny.

But fair, transparent handling of employee data isn't just a compliance mandate—it's also the first step toward creating the trust-based partnership that both employees and their employers will need to thrive in this more complex data environment. A Gartner 2021 analysis revealed that employees who trust their organizations with their data perform 20% better and are substantially more likely to want to stay in their jobs than employees with low levels of trust. When employees are partners, not just targets, in data collection and usage, everyone simply works better.

What Data Rights Should Employees Have?

An employee data bill of rights gives organizations a set of foundational principles for how workers' data will be collected and used, even as technologies or business needs change. While workplaces may operate with different regulatory constraints or technological capabilities, four foundational principles should set the expectation for how employers leverage information about their workforces:

The right to purpose: The organization will have a legitimate and specific business purpose for all data it collects.

The right to purpose means that organizations have clearly defined the reason they're asking for employee data before it's actually collected. Employers should ask themselves why they're collecting any new data, how they'll process it, and how long they'll need to retain it in order to accomplish their core purpose.

The right to purpose both builds trust with employees and helps analytics teams avoid collecting and storing data that doesn't actually provide value. It also can prevent potentially unethical use cases from creeping in. For example, if an organization is monitoring foot traffic to ensure efficient use of office space, it would violate the right to purpose if that data was shared with managers to assess performance based on how much time employees spend away from their desks. This doesn't mean organizations can't reuse data they already have, but the new purpose should be explicitly defined and transparently communicated with employees as well. A company that originally began monitoring employees' calendar data to help determine when office spaces should be open, for instance, could find value in using that same data to help managers prevent their teams from becoming burned out by too many meetings.

The right to minimization: The organization will not collect more data than it needs to effectively fulfill its legitimate business purpose.

Once a specific business purpose is defined, the right to minimization requires organizations to limit the data they collect to what is truly necessary. That means critically assessing both how much organizations collect and how sensitive that data is. If an organization wants to track remote employees' productivity, for example, they could leverage usage data from core work applications rather than relying on more invasive methods like monitoring employee webcams.

Getting this right will sometimes require a judgment call on which data is "nice to have" and which is critical to success. This question is especially pertinent as AI tools, which rely on greater volumes of high-quality data, become more common and capable. The right to minimization means considering whether additional information will allow your organization to be more effective, and whether that outweighs the risk to employee trust.

The right to fairness: The organization will use data in ways that reinforce equity in the workforce.

The core of an effective data partnership between employers and employees is ensuring that both sides benefit from the data that's being collected. As organizations use increasingly sensitive data (including data related to health, family obligations, location, and race and gender identity) to better support employees or meet diversity and inclusion targets, the risk of either conscious or unconscious bias in decision making increases. The new wealth of data available to organizations should enhance—not limit—equality of access, opportunity, and treatment.

The most effective way to follow through on the right to fairness is to build it into decision-making processes from the outset. At one international retail corporation we work with, HR doesn't wait to assess the diversity of the workforce after employees have been hired. They use robust data analytics to ensure an inclusive applicant pool, then re-evaluate at the candidate, interview, and selection stages. This organization also trains leaders to spot where data could be indicating bias and provides managers with an analytics dashboard to monitor ongoing trends in hiring and retention.

The right to awareness: The organization will make it clear to employees what data is being used for what purposes.

The right to awareness is the key ingredient that makes the other rights work. It means employees understand what data is being collected about them, how it's being used, and where possible, how to access that information. Without awareness, employees' levels of trust and perceptions of fairness can't change.

That said, employees should not have to be data scientists to know that their rights are being respected. There must be a solid communication plan in place, including tailored communications to ensure messaging is relevant to employees' roles and experiences. For example, when collecting potentially sensitive self-identification data for DEI use cases, an organization might pair a company-wide message from an executive leader reinforcing the organization's commitment to DEI and explaining how the data will be used with more targeted communications in employee resource groups about how data-informed DEI decisions will benefit them. All communications about employee data should be simple, timely, and delivered through a communication channel that's accessible and easy to use.

Feedback is also a crucial component of awareness. Employees should have mechanisms available to ask questions and report concerns. Of course, in the context of the employer-employee relationship, some data simply shouldn't be shared (like performance-evaluation data or health records). Otherwise, clarity should be the default.

The Employee Data Bill of Rights in Practice

An employee data bill of rights is not meant to exist as abstract principles. Organizations should codify and share their own list of employee data usage rights, adding to the four core concepts above based on their specific context. The City of Utrecht, in the Netherlands, provides one model for how to do this. They've published their digital values publicly and have committed to upholding them through policy.

Leaders should also be held responsible for following through on employees' stated data rights. One financial services organization we work with established a dedicated internal task force to ensure an appropriate balance of business benefits and personal privacy in data employee usage. Other organizations have launched data ethics boards that include both HR and employee representatives and regularly consult with internal experts to audit their approach to employee data.

The boundaries between personal and employee data will continue to blur as technology advances and worker expectations shift. An employee data bill of rights—consistently enforced and transparently communicated—will help organizations unlock the full potential of their data resources to both support employees as humans and achieve their business goals.

Kaelyn Lowmaster is director, research in the Gartner HR Practice. She focuses on the Future of Work including all areas of future strategy development, with a core emphasis on the impact of emerging technology on work and the workforce.

Jonah Shepp is a senior principal, research in the Gartner HR practice. He edits the Gartner HR Leaders Monthly journal, covering HR best practices on topics ranging from talent acquisition and leadership to total rewards and the future of work. An accomplished writer and editor, his work has appeared in numerous publications, including New York Magazine, Politico Magazine, GQ, and Slate. 

This article is adapted from Harvard Business Review with permission. ©2023. All rights reserved.


​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.