This article is an extract from GTDT Practice Guide: Diversity and Inclusion 2021. Click here for the full guide.
Employee data are a valuable commodity. This is not least because such data are needed in order to comply with an ever-increasing raft of legal obligations. Data can also be needed for employers to be able to track progress against metrics introduced in employee remuneration arrangements, including metrics linked to diversity at senior management levels.
Employee diversity data also serve a broader purpose for employers’ diversity and inclusion initiatives. The data enable employers to understand their baseline diversity, develop appropriate initiatives to improve diversity and inclusion, monitor progress against such initiatives, identify potential barriers to progress and select the most effective interventions.
However, in order to make use of employee diversity data, employers need to first be able to collect, store and analyse such data. Employees must also be willing to provide such data in the first place, which relies on there being a trusting and cooperative workplace culture.
This chapter considers current employee diversity reporting initiatives in the UK and likely future developments. It also explores some of the potential conflicts that could arise between different regimes, highlights some of the risks to employers when collating and reporting employee diversity data, and provides some practical tips to manage those risks.
Why does diversity reporting matter?
While diversity within the workforce is in itself a worthwhile goal from a moral and ethical perspective, it also yields rewards from a commercial perspective.2 There is a statistically significant, and consistent, correlation (on a global scale) between a more diverse leadership team and financial outperformance.3 There is also an apparent penalty for businesses that are poor performers from a diversity perspective, which are also less likely to have strong financial performance.4
In addition, investors, clients and suppliers are increasingly expecting businesses to demonstrate a commitment to diversity5 and reflect their own diverse profiles. The weight of expectations has been growing for some time, but has recently been accelerated as a result of the inequalities exposed by, and the changes to working practices caused as a result of, the covid-19 pandemic. Diversity reporting can serve as a comparative metric across companies, industries and jurisdictions, enabling companies to differentiate themselves from their competitors (or highlighting companies that are underperforming when it comes to diversity). This can both encourage a sense of healthy competition and inspire underperformers to take steps to improve.
Given the importance of organisational diversity, it is equally important that employers have effective mechanisms in place to measure their existing diversity, evaluate the effectiveness of their current diversity and inclusion practices and plan for targeted improvements.
Diversity reporting initiatives
In recent years the UK has introduced several mandatory reporting requirements for certain employers. There are also reporting initiatives that, although voluntary at present, are expected to become mandatory in the coming years. These initiatives principally relate to remuneration, although it is likely that broader reporting requirements will be introduced in the future.
Even where employers are not strictly caught by mandatory requirements, many have decided to opt in, as a result of either wishing to emulate good practices or pressure from industry.
Mandatory remuneration reporting
Gender pay gap reporting
Under the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017, UK private sector employers with 250 or more employees must publish an annual gender pay gap report covering:
- the overall gender pay gap figures for relevant employees, calculated using both the mean and median average hourly pay;
- the proportion of women and men in each of four pay quartiles;
- the gender bonus gap; and
- the proportion of male and female employees who received a bonus in the same 12-month period.
Compared with other countries that have introduced similar reporting requirements, the UK takes a relatively light-touch approach to gender pay gap reporting. There is no requirement for private sector employers to provide any information about policies that are put in place to improve gender equality, or to produce a corrective action plan. While employers have the option of including a narrative explaining their pay gaps and setting out what action, if any, they plan to take to address them, this is not mandatory for private sector employers, and the Government Equalities Office estimated that in 2018/19 only around half of such employers published a plan. Duties on public sector employers vary by nation within the UK, with Wales having a requirement for an action plan where gender pay differences are identified, but England and Scotland having no such requirement.
Other countries have more onerous reporting in place. By way of example, in Australia relevant private sector employers are required to provide details on the availability and use of a range of different policies, including those relating to recruitment, retention, flexible working and employer-funded parental leave. Under French legislation, failure by relevant private sector employers to gain an adequate score across a set of gender pay gap indicators means an action plan must be agreed either through negotiations with trade unions or consultation with employee representatives within an organisation.
CEO pay gap reporting
The reporting obligation (imposed by the Companies (Miscellaneous Reporting) Regulations 2018) requires all publicly listed firms with more than 250 UK employees to publish the ratio between the total remuneration of their chief executive officer (CEO) and the full-time equivalent remuneration of their UK employees on the 25th, 50th (median) and 75th percentile ratios in their annual directors’ remuneration report. There are three different methods that companies can use to identify the 25th, 50th and 75 percentile (one of which relies on the company’s existing gender pay gap data) used to calculate the pay ratios.
Unlike the gender pay gap reporting requirements, the CEO pay gap reporting requirements stipulate that companies must provide a supporting narrative that explains:
- the reasons for any year-to-year reductions or increases in the ratios;
- whether the company believes the median ratio is consistent with the organisation’s wider policies on employee pay, reward and progression; and
- which of the three options the company has used to calculate the ratio, and why it chose that option.
While not overtly related to diversity in the same way as gender pay gap reporting, the purpose of CEO pay gap reporting is to indicate the relationship between the pay of the CEO and the pay of other, more junior employees in the same company, which goes to the broader concepts of increasing fairness and equality within the company and supporting social diversity.
Voluntary remuneration reporting
Ethnicity pay gap reporting
Six months after the first gender pay gap reporting deadline, the UK government launched a consultation on the proposed introduction of mandatory ethnicity pay gap reporting. This consultation, which ended on 11 January 2019, was very much focused on how, not whether, ethnicity pay reporting should be introduced. Despite this, a combination of Brexit and covid-19 effectively stalled progress on ethnicity pay gap reporting.
However, following the international resurgence of the Black Lives Matter movement and the increased focus on racial inequality in connection with the covid-19 pandemic,6 there were fresh calls on the UK government to introduce mandatory ethnicity pay gap reporting as one way of addressing social inequalities for ethnic minorities.7
The government subsequently stated8 that it is considering the difficulties in designing a methodology that will produce accurate figures that facilitate analysis, interpretation and meaningful action, and will respond to the 2018/19 consultation in due course.
Ethnicity pay gap reporting involves a more complex set of data, and achieving transparency in this area represents a greater challenge than gender pay gap reporting. It is therefore perhaps reassuring that the government appears to be taking the time to work through these challenges. Where possible, it appears that ethnicity pay reporting will mirror gender pay reporting obligations, although different approaches are under consideration:
- One approach is to present a single pay gap figure, showing the pay of ethnic groups as a percentage of white employees. This has the advantage of simplicity but is potentially a damagingly homogeneous approach and, as such, could reduce the quality of information produced.
- An alternative approach is to produce several pay gap figures, using a classification system based on a greater number of ethnic groups.9 This would be more instructive but much more complex, expensive and time-consuming to produce. There are also several classification systems available and some employers will have developed their own system to reflect the demographics of their own workforce. There is potential for inconsistency, making it difficult to draw useful comparisons between organisations and across industries.
One of the biggest problems will be the base demographic data. A prerequisite to meaningful reporting is having an accurate set of data to work with. Many employers do not collect data relating to ethnic origin; those that do often suffer from a low declaration rate, with employees unwilling to state their ethnic origin, potentially due to fear of suffering discrimination as a result. Employers may simply not have enough reliable information from which to draw meaningful conclusions.
Disability pay gap reporting
In November 2018 the UK government published a voluntary reporting framework10 to support employers to report and publish on disability, wellbeing and mental health in the workplace. While primarily aimed at employers with over 250 employees, it is also intended to be used by smaller employers who want to increase transparency within their organisation.
The framework recommends that employers report the following:
- a narrative explaining the activities in the organisation in relation to the recruitment and retention of disabled people, including organisational policies, support offered to employees with specific disabilities, the role of network and support groups, progression and pay of disabled employees, workplace adjustments and employee engagement scores; and
- the percentage of individuals within the organisation who consider themselves to be disabled or have a long-term physical or mental health condition.
This voluntary disability reporting framework was cited by the government (along with logistical difficulties) as a reason for its rejection on 14 May 2021 of calls to introduce disability pay gap reporting. This was despite Trades Union Congress research that showed that disabled workers earn 15 per cent less than other staff and are significantly less likely to be employed at all (the employment rate for disabled people was 52.6 per cent in June 2019, compared with 81.5 per cent for those who were not classed as disabled).
However, that rejection was short-lived; on 28 July 2021, as part of a National Disability Strategy11 published by the Department for Work and Pensions, the government committed to consulting on voluntary and mandatory workforce disability reporting for large employers, which is expected to include disability pay gap reporting.
Other reporting initiatives
More broadly, there is likely to be a growing trend (and potentially a legal obligation) for employers to report on the diversity of their workforce outside the arena of remuneration:
- In July 2019 the government consulted on a proposal to require large employers to publish their parental leave and pay policies (the response to this consultation has not yet been published, but the government has committed to responding in due course).12
- In July 2021 the Financial Conduct Authority (FCA) published a discussion paper considering the introduction of mandatory diversity reporting across various metrics. While the paper itself is focused on the financial services sector, it states that the FCA is also considering its approach to diversity in listed firms, indicating that broader diversity reporting may be introduced outside the financial services sector in due course.
- Even without government intervention, a number of voluntary initiatives have encouraged employers to report on diversity statistics, with a knock-on impact on wider business culture. By way of example, the UK Race at Work Charter13 asks signatories to capture ethnicity data to establish a baseline and publicise progress, while the Women in Finance Charter14 requires signatories to publicly report on progress to deliver against internal targets for the progression of women into the executive pipeline.
Obtaining employee data
Considering the importance of collating accurate employee data to be able to comply with mandatory and voluntary requirements, it is essential that employers find effective ways to obtain this.
A key opportunity for employers to obtain useful employee data can arise during the recruitment and on-boarding process. However, employers will need to be cautious about the legal risks they may expose themselves to by asking certain questions relating to diversity, particularly before the decision whether to hire an individual is made. In particular, employers are prevented by law from asking questions about a candidate’s health before making an offer of work (although a number of exceptions apply, including questions that are necessary for the purpose of monitoring diversity in the range of persons applying to that employer for work).15
Another approach frequently used by employers is employee surveys to ask employees to voluntarily provide diversity data, which can be carried out either openly or anonymously. In practice, it will be hard for employers to ensure that employees respond to such surveys. Employees will need to understand both the personal and social benefits of completing such surveys and will need to be confident that they will not suffer any repercussions as a result of providing personal data. The need to overcome a certain amount of natural employee reticence will mean that employers need to build a culture of psychological safety (including very clear commitments to data privacy and security) that encourages employees to voluntarily engage with the data-reporting process, as this will ensure that the most detailed and accurate data are obtained while minimising the risk of associated claims (such as for discrimination).
Risks for employers
As employers comply with ever-increasing mandatory diversity reporting, as well as voluntary monitoring and reporting expected by stakeholders such as investors, clients and employees, they will need to process and store increasing amounts of employee data. There are inherent risks for employers holding and processing data about their employees, which must always be done in compliance with data protection legislation16 and guidance.17 The potential exposure associated with such risks will inevitably increase as employers increase the volume and nature of these data to meet the growing obligations and expectations.
For example, in order to review pay data across all protected characteristics (as the FCA urged all chairs of remuneration committees to do, in a letter dated 3 August 202118), employers will need to obtain data covering all protected characteristics and then store and process the data in a way that enables the data to be assessed alongside pay.19 However, by collecting data relating to protected characteristics, employers will be collecting data that fall within the ‘special categories of personal data’ under the UK GDPR.20 Processing special category data requires both a general ground for that processing (under article 6 of the UK GDPR) and a specific exemption (under article 9(2) of the UK GDPR).
While ‘explicit consent’ is an exemption for processing special category data, the Information Commissioner’s Office has indicated that it is unlikely to be possible for an employer to rely on consent as a ground for processing employee data in England due to the inevitable imbalance of power between employer and employee. Employers will therefore have to rely on another exemption, most probably the exemption allowing processing that is necessary for the purposes of performing or exercising obligations and rights that are imposed or conferred by law in connection with employment. However, this exemption is only available where the employer has an appropriate policy in place and complies with additional safeguards. It is also unlikely to be of assistance where an employer wants to carry out purely voluntary processing.
Under the UK GDPR (and its European counterpart, the EU GDPR) potentially significant fines can be imposed in the event of non-compliance. This was highlighted by the €35 million fine21 imposed by the Hamburg Commissioner for Data Protection and Freedom of Information in November 2020 against H&M. In breach of the EU GDPR, H&M had been collecting and storing a significant amount of intrusive data about employees’ holiday experiences, health, family issues and religious beliefs (without the employees’ knowledge). While the scope of the data processed by H&M was extensive and unusual, the level of the fine is a salutary reminder of just how important it is for employers to comply with data protection legislation, including by processing employee data fairly, reasonably and transparently and only where there is a legitimate purpose.
Aside from the liabilities imposed by data protection law, employers may also find themselves liable if their employees misuse the personal data of other individuals. Most recently, the scope of an employer’s vicarious liability for acts of their employees has been considered through to the Supreme Court under the claims bought against Morrisons by 9,263 current and former employees after one employee posted the personal data (including bank details, addresses and salary information) of almost 100,000 Morrisons employees online in retaliation for a minor disciplinary sanction. The individual in question had been given access to the payroll data for Morrisons’ entire workforce to enable him to collate and transmit payroll data needed by Morrisons’ auditors.
While the Supreme Court ultimately held22 on appeal that Morrisons was not vicariously liable for the employee’s act, this is nonetheless something that employers will remain concerned about; the Supreme Court stopped short of ruling that vicarious liability can never arise under data protection legislation. The judgment also stated that on other sets of facts it would be possible for employees to hold their employer vicariously liable for statutory breaches of data protection law, misuse of private information or breach of confidence. Both the High Court and the Court of Appeal had previously held that Morrisons was liable, demonstrating the finely balanced nature of the test for vicarious liability and the potential risks for employers if they do not adequately safeguard employee data by limiting who has access to that data and the purposes for which it can be used.
The Equality Act 2010 legally protects individuals from discrimination in the workplace. There are a number of ways in which both the collection of, and reporting on, employee diversity data could result in discrimination claims against employers:
- Once employers are on notice (for example, as the result of employee responses to diversity surveys) that an employee has a particular protected characteristic, any detrimental action towards that employee carries the risk of an inference being drawn that such detrimental action is because of the protected characteristic and therefore constitutes unlawful discrimination. The burden of proof is often on the employer to show that it was not because of the protected characteristic – perhaps by showing that the data was only ever provided and held anonymously, so that the employer did not in practice ‘know’ in connection with the specific employee, even if the data had been provided. This underscores the importance of secure processing of such data and their appropriate use.
- On a similar note, if an employer is on notice that an employee is experiencing physical or mental health difficulties and fails to take steps to manage such difficulties, the employer could be held liable for what could be perceived as failing in its duty of care towards employees, or its duty under the Equality Act 2010 to make reasonable adjustments for an employee with a disability.23
- Increased reporting that indicates that employees are remunerated differently or had different experiences at work based on protected characteristics such as sex, ethnicity or disability may give rise to increased litigation or fuel existing litigation.
- As noted above, much of the value of diversity monitoring and reporting arises from the ways in which employers can use the data to identify the need for action to improve diversity, such as (in the case of gender pay gap reporting) by implementing action plans to increase the number of women in senior, more highly paid positions. However, while the Equality Act 2010 does allow positive action24 in certain circumstances, positive discrimination is not permitted and employers must be careful that steps taken to improve diversity do not stray into positive discrimination.
The recent Employment Tribunal claim Bayfield and Jenner v Wunderman Thompson (UK) Limited and others,25 in which two male employees successfully claimed sex discrimination when they (along with three other male employees) were dismissed after the employer reported a 44.7 per cent gender pay gap, provides a useful reminder of the minefield that employers face when trying to address identified issues with the diversity of their employees.
As with data protection legislation, there are potentially significant consequences for employers if they are found to be in breach of discrimination legislation. Not only are damages for discrimination claims uncapped, such claims increasingly have adverse reputational consequences.
As well as protecting employees from discrimination, the Equality Act 2010 also gives female employees an express right to receive equal pay and terms of employment26 to male employees for carrying out equal work,27 unless there is a material reason for any difference that is not related to sex.28
In the same way that diversity reporting could fuel discrimination claims, pay gap reporting may give rise to or fuel equal pay litigation. While a pay gap does not itself indicate that there is an equal pay issue (as a gap indicates a difference in average pay and not a difference in pay between employees carrying out equal work), again it might help create context. By way of example, the BBC’s gender pay gap reporting (which was criticised in the media) was referred to in the Employment Tribunal’s judgment in the successful equal pay claim brought by presenter Samira Ahmed.29
It is essential that employers, particularly those who operate large global businesses, remain aware of international differences in reporting requirements. They will particularly have to bear in mind how jurisdictions differ in their attitudes to certain diversity disclosures, which may present problems if it is not possible to tailor employee surveys or any other methods used to collate data per country. For instance, in the Czech Republic employers may not request information from employees that is not directly related to the performance of work, while in some jurisdictions questions about sexuality may cause religious or moral offence or even incur criminal liability. In other jurisdictions, while there are no explicit laws regarding which questions employers may ask their employees, the cultural norms of the workplace mean that such questions would be seen as highly unusual.
Protecting employee diversity data
There are a number of practical and proactive steps that employers can take to protect their employees’ data:
- Employers should conduct a separate data protection impact assessment for each diversity programme requiring the processing of data.
- Where possible, employee data (particularly sensitive and special category data) should be aggregated and anonymised.
- Access to data should also be restricted to only the individuals who reasonably need access, and minimised whenever possible. Access might also need to be time-limited and security continually reviewed.
- The organisation should ensure that wider practices are in place that encourage a culture where data are secure and individuals’ rights respected. For instance, transparency is key: employers should provide clear notice to employees or job applicants as to when the provision of personal data is optional and explain exactly how and why they use and store diversity data.
- Employers should also have a clear record of what their policies and practices are regarding data security. They should seek advice on implementing a written policy for treatment of diversity data and train relevant employees on how to follow the policy and to be accountable for their use of data. In particular, there should be a clear policy regarding how to escalate and report data breaches.
While these principles will be relevant to all data, the particular sensitivities and risks associated with diversity data and the potentially onerous consequences for employers under both data protection legislation and employment legislation make it more important that employers comply with these principles and are aware of the risks if they do not do so.
Conclusion – looking beyond the data
Collecting and processing the data that employers need to analyse and report on diversity is not necessarily straightforward and there are legal risks under both data protection law and employment law. There are steps employers can take to manage the risks, albeit that they may have to walk a tightrope to balance the data protection and employment risks. In order to realise the potential benefits and comply with increasing expectations from stakeholders, employers also need to be able to analyse the data effectively and use that analysis to develop and keep under review appropriate policies to improve diversity. If they fail to do so, not only will they miss out on the potential benefits of diversity reporting, they will also risk damaging the reputation of the company and its reputation with stakeholders.
However, working towards a diverse workforce, evidenced by improved diversity reporting statistics, is only the first step for employers. Equally as important is the creation of an inclusive workforce, meaning one where all employees are ‘valued, respected, accepted and encouraged to fully participate in the organisation’.30 While the terms ‘diversity’ and ‘inclusion’ are often used together, one does not automatically imply the other.
Achieving diversity without achieving inclusion means that employees may not feel able to raise their views and contribute towards the business, resulting in a loss of opportunity to benefit from diversity of thought and experience. It also means there will be a real risk that diversity policies are seen as box-ticking and tokenistic exercises, rather than the outward demonstration of the company’s values. An organisation that makes diversity promises but is unable to show the implementation of those promises may inadvertently make it easier for employees to successfully bring discrimination claims. Employers should therefore not see an improvement in their diversity data as the end of the process and will need to keep their policies under review to ensure that improved diversity is reinforced with a culture of inclusion.
Click here to view the original post