In House - The FindLaw Corporate Counsel Blog

Mining Employee Data, With Ethics in Mind

Big data is making it increasingly easy to gain insight from unstructured information, to use satellite imagery of big box parking lots to predict stock performance, say, or to identify potential human traffickers based on bank deposits. And companies can also turn those analytic abilities inward, looking for insights into the data their own employees create.

But what ethical restraints should be placed on such data? When is using employee data a valid management strategy and when is it a step toward an Orwellian corporate dystopia?

Our Orwellian Corporate Dystopia Is Now

Companies are already using employee data in a myriad of ways, and have been for decades. Sales data, for example, can help identify employees who may be successful with a particular prospect. Performance data can be mined to spot potentially dissatisfied workers, or those who merit advancement.

Some companies are even employing big data analytics to aid their compliance efforts. Pharmaceutical companies are using big data to identify off-label marketing, for example, while others are analyzing corporate data patterns to spot potential security breaches. In 2015, JPMorgan Chase even instituted software that would identify "rouge employees" before they could actually break the law.

In this way, inward-facing data analytics can be a powerful tool for a company. But mining employee data also raises many concerns. Employees worry about their privacy, and the possibility that their click patterns or lack of email emojis might be read as nefarious. Depending on the types of data used and where the data is collected, such efforts could raise their own compliance concerns. The EU, for example, has much stronger data privacy protections than the United States.

Lawyers, too, might question the wisdom of retaining too much data, which might then have to be revealed in future litigation.

Questions to Ask

When examining the ethics of employee data use, Ken Leong, co-founder and CEO of the information governance and analytics company ZL Technologies, suggests identifying your company's "privacy comfort zone." This includes any legal protections for employee privacy, as well as the company's own "privacy culture and definition," Leong explains in a recent piece for the Harvard Business Review.

If your company does not have an information governance committee, it's also wise to set one up. Such committees are usually made up of the company GC, chief risk officer, chief compliance officer, chief information officer, chief information security officer, and chief data officer. Once established, an IG committee can "offer guidance on available solutions for protecting employee privacy while staying in line with corporate objectives," Leong explains.

After all, employee data can be a valuable resource. But its use needs to be approached with caution and consideration.

Related Resources: