3 Steps to Ensure Data Governance of Your People Data

Employers want data to focus on diversity gaps, pay disparities, and needed skill sets. They also need data for basic people analytics, such as employee counts and turnover rates. Human behavior data allows employers to further personalize the work experience. How can they gain this knowledge and pass it down to their managers and employees?

Take a topic like employee burnout. Organizations have no idea how many of their employees are experiencing burnout. Managers rely on their gut. Employees might base it on how they feel on any given day. Academic research is good, but the only way to create a common source of truth is to use a broad set of data.

The challenge is that the data needed to perform this type of analysis is personal in nature. Most people do not want random data analysts to have access to their private information. Conversely, most data analysts do not pay much attention to the specific person the data belongs to. Both parties need a way to know data is protected.

Safe Access to Data

Companies have a responsibility to protect the data they collect on individuals. Many marketers have started to create data “clean rooms”. A clean room is a safe location for de-identified or anonymous data for analytics. In a clean room, all identifiable contaminants are removed. It is much like how scientists must rid themselves of contaminants after exposure to chemicals.

With people’s data in a clean room, both consumers and data analysts can be assured their use of data is appropriate. But even clean rooms require cultural changes within the companies that introduce them.

First, every HR data analyst should not have access to every source. If they do have access to a source, they may not need access to every field. If they have access to a field, they may not need access to every row. A complete and comprehensive data governance framework is required, which includes these three key areas: Source Level Access, Field Level Access, and Row Level Access. What does that entail?

See More: Get Serious About Your Dark Data: Protect the Crown Jewels

Source Level Access

Most people are aware there have been thousands of data breaches over the last ten years. Experts state that someone becomes the victim of identity fraud every 14 seconds. Just recently, there was a major breach at the state government of Texas where over 2 million people’s identities were impacted. A few days later, a breach at a pharmacy retailer affected 3.6 million people. A recent breach in China impacted over 1 billion people. The fear is real and frequent.

The data breaches that receive attention from the press are rightfully those that contain personal data. But a data breach that accesses a deidentified source does not receive the same attention, even when it contains sensitive information.

Imagine that a deidentified set of HR data was exposed to all employees with burnout rates across the company. Even if the specific people are not identifiable, the knowledge could still point to the company having a reputation of burning out their employees. This could have a negative impact on their overall business. It may make sense for an HR leader to restrict the source to only those people in the HR department.

To achieve this, companies often track their HR data assets through metadata management tools. Then data governance and data security tools are additionally used to control who should be accessing each source. For example, people data can be supplied to managers and HR personnel, but not sales data. Likewise, salespeople may be given access to sales data, but not people data.

Creating sound data governance policies at the source level allows workers to know what they can and cannot access. This includes clean rooms.

Field Level Access

Clean rooms are designed to allow data sharing with maximum security. But in some cases, even though a specific data source is safe, all fields within the data may not be.

Assume that the HR leader decides that sharing the overall burnout rate for the company is acceptable since the rates are low. Revealing the data across different subgroups or cohorts may still expose issues, though. Sensitive data such as department, age, or race may only be for certain eyes to see.

Different ways to protect fields in a clean room from unwanted access exist.. Metadata managers can tag fields as sensitive. Data engineers can transform or bin data to remove or reduce the sensitivity.

Role-level security is an additional way to restrict field-level access to certain roles. It involves the assignment of a person to a group. The group is then assigned field-level access rights. For example, a person in role-level ‘A’ may see the actual field values, while a person in role-level ‘B’ is restricted.

Regardless of the approach, attention to field-level access is important – even in a clean room.

Row Level Access

In the same realm, row-level security is also a way to restrict access to specific data records. Assume that the HR leader provides access to burnout data to all employees and field-level access to age and race to managers only.

A department manager should only see the results for their department, while the HR analysts see the results for all employees. The rows of data they should see differ.

Like role-level security, individuals can be assigned to groups, and each group is provided access to different rows of data. Most reporting tools have a row-level security capability that helps to put in place whatever policies are needed.

The Impact of a Well Governed People Analytics Clean Room

By determining all three layers of access (source, field, and row), a company can control and monitor the usage of a people analytics clean room. This provides a level of transparency where both the company and the users can align.

Employees can have peace of mind knowing that their employers are being good stewards of the data and protecting their personal data from unwanted access. Employers can study and address problems like burnout and dig deeper than they have ever been able to dig.

Problems like The Great Resignation can be better understood and improved. Managers can better understand their direct and indirect reports. Employees can better understand themselves. It all starts with safe access to data. 

For those looking to get started, Part 2 coming next will go into detail on How to Create a People Analytics Clean Room.

What steps have you taken to ensure data governance of people data? Let us know on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

MORE ON DATA GOVERNANCE

• Data Governance: It Takes A Village (And Good Infrastructure)
• 4 Ways To Improve Prospect Data Quality in the Wake of the Great Resignation
• AWS GM of Data Services on How To Balance the Responsibilities of Data Protection
• Why Marketers Should Not Be Too Confident About Their Data Privacy