Principles for Building a Solid Foundation for Self-ID Data Collection: Expertise from Gretchen Ruck, AlixPartners, LLP

In the age of big data, concerns surrounding data collection and privacy are at an all-time high. While the need for data regarding the LGBTQ community is critical in understanding the magnitude of issues faced by LGBTQ individuals, as well as the solutions to those issues, many companies are understandably uncertain about how to collect this data in the correct manner.

As those who have pioneered these efforts understand, collecting Self-ID data provides a rich set of benefits that not only enhances the experience of employees on an individual level, it also provides benefits to the workplace as a whole. Self-ID data allows companies to better understand their workforce, attract, recruit, and retain talent, tailor benefits to be inclusive and more beneficial to employees, and observe the impact of diversity and inclusiveness initiatives. However, in charting the journey to collect this data, it is critical to establish safeguards that lay a foundation of success.

During The Economist’s third annual Pride & Prejudice Summit in May, Gretchen Ruck, director at AlixPartners LLP, sat down with Out & Equal to discuss important elements to consider when embarking on a journey to collect LGBTQ Self-ID data.  In her role at AlixPartners, Gretchen founded and leads the firm’s cybersecurity and information risk practice, where she champions issues related to data protection, cybercrime and technology risks.  Ms. Ruck also serves on the board of directors for the National Center for Transgender Equality.

Combining her expertise in cybersecurity and her advocacy for the LGBTQ community, Ms. Ruck premiered an innovative workshop at the summit, “To Share or Not to Share: Data and Choice in the Information Age”, which stressed the importance building a principles-based approach to collecting and using personal data that creates an affirmative environment for LGBTQ employees.

During her workshop, she described situations in which a fictitious company failed to properly gather, safeguard, or share information concerning LGBTQ employees; thus, triggering consequences ranging from violations of policies and personal rights to the risk of physical harm.  Session participants were asked to vote on which, of two options available for resolving the situation, would be preferable.  Both options incurred negative outcomes, leaving participants to select the one they felt would be preferential, or, rather, the lesser of two evils.

In our discussion, Ms. Ruck shared that the scenarios were intended to unsettle participants by asking them, as decision makers, to take responsibility for difficult choices.  Her goal was to subtly highlight that when companies don’t plan ahead, even those with the best of intentions create conflicts where they’re responsible to mitigate the damage caused.  Based on voting selections and questions asked by the audience, she believes this point hit home for many. To view Ms. Ruck’s workshop, “To Share or Not to Share: Data and Choice in the Information Age,” click here.

Out & Equal: Many companies often approach Out & Equal needing guidance on how to begin their journey to collect Self-ID. What do you believe companies should be most aware of when embarking on these initiatives?

Gretchen Ruck: An absence of data is often cited as a reason for sluggish progress on LGBTQ rights.  As advocates and influencers, we frequently rely on data collection and storytelling to highlight just how many people are hurt by intolerance and to reinforce the importance of our agenda. To do their part, companies are eager to collect data on LGBTQ employees and to encourage them to share their personal stories openly.  However, we should only embark on this path once we first establish good security and privacy practices.  Otherwise, we could unintentionally harm the very same people we intend to help.

O&E: So, what can companies do to ensure they lay the right groundwork for collecting LGBTQ data?

Ruck: I recommend considering how five simple, but important, principles can help to ensure your company is adopting good practices from the very beginning —the same best practice concepts that I apply in cybersecurity:

  • Privacy – Privacy should be at the foundation of everything you do. Consider where your data lives (which systems process and store the data), and who should (or should not) have access to it.
  • Respect – Respect for individuals means recognizing and demonstrating due care for the confidentiality of collected Self-ID information. Give individuals a choice to share or not to share and be transparent and authentic in communicating why this data is being collected, how it’s being used and shared, what safeguards are in place to protect the data and what choices they have in the process.
  • Build Trust – Build trust by establishing clear, concise rules. Decide on roles and communicate simple plain-English options and responsibilities, and make certain employees know how their sensitive data is secured end-to-end. Trust is a two-way street where LGBTQ employees and those leading diversity and inclusiveness programs need to understand each other and share a common language and a consistent set of expectations.
  • Risk – Through training and reinforcement, develop a culture that is aware of the potential risks of handling and sharing sensitive data.  Furthermore, limit sensitive data collection to only that information which is absolutely essential and then strictly control access to the data by providing it only to those who absolutely need it.
  • Value – Personal data should be thought of as a valuable asset that you own.  When deciding whether to share personal data, such as Self ID, employees should be given enough information to help them determine if they’ll receive a positive return on their investment of data.

O&E: How important is proper data handling and protection to the success Self ID collection and to diversity and inclusiveness programs overall?

Ruck: Information can be a poignant and compelling tool to help drive business goals, support a mission, or even to accentuate the struggles with, and the strengths of, our community. This is also a tool that when used improperly can feed into biases and endanger lives. Wanting to do good is a start; but, as advocates we need to build progress through a thoughtful, considered approach and be responsible stewards of the personal data in which we’re entrusted.

O&E: Finally, where can companies turn for help in building their Self ID collection program?

Ruck: For help in defining, communicating, or validating an organization’s Self ID collection program, I’d recommend they reach out to peers in their industry which have already collected and utilized Self ID information successfully.  Alternatively, they could contact Out & Equal, which serves as a workplace advocacy resource center for guidance and advice.

 


gretchen ruckGretchen Ruck serves as a director at AlixPartners LLP, where she established and leads the firm’s cybersecurity and information risk practice. Ms. Ruck advises IT and business executives, public board directors and equity investors on the impact of cybersecurity threats, privacy and data protection regulations and technology risks. Prior to joining AlixPartners, she held positions at organizations such as Moody’s, Gartner, KPMG and SWIFT.
As a business executive, Ms. Ruck has been an active LGBTQ leader, advocate and mentor and she serves the community as a board member for the National Center for Transgender Equality. Her professional contributions include presenting at industry events, lecturing at universities, leading workshops, contributing to [Obama] White House and global initiatives, and authoring her opinions on security, risk assurance, privacy, leadership, and diversity topics. Ms. Ruck’s insights on current events have been featured in news media, most recently including Bloomberg BNA, The Economist, Financial Times, USA Today, Quartz, Metropolitan Corporate Counsel, The Mirror and Law360.