Employee data are a valuable commodity. This is not least because such data are needed in order to comply with an ever-increasing raft of legal obligations. Data can also be needed for employers to be able to track progress against metrics introduced in employee remuneration arrangements, including metrics linked to diversity at senior management levels.
Employee diversity data also serve a broader purpose for employers’ diversity and inclusion initiatives. The data enable employers to understand their baseline diversity, develop appropriate initiatives to improve diversity and inclusion, monitor progress against such initiatives, identify potential barriers to progress and select the most effective interventions.
However, in order to make use of employee diversity data, employers need to first be able to collect, store and analyse such data. Employees must also be willing to provide such data in the first place, which relies on there being a trusting and cooperative workplace culture.
This chapter considers current employee diversity reporting initiatives in the UK and likely future developments. It also explores some of the potential conflicts that could arise between different regimes, highlights some of the risks to employers when collating and reporting employee diversity data, and provides some practical tips to manage those risks.
Why does diversity reporting matter?
While diversity within the workforce is in itself a worthwhile goal from a moral and ethical perspective, it also yields rewards from a commercial perspective.2 There is a statistically significant, and consistent, correlation (on a global scale) between a more diverse leadership team and financial outperformance.3 There is also an apparent penalty for businesses that are poor performers from a diversity perspective, which are also less likely to have strong financial performance.4
In addition, investors, clients and suppliers are increasingly expecting businesses to demonstrate a commitment to diversity5 and reflect their own diverse profiles. The weight of expectations has been growing for some time, but has recently been accelerated as a result of the inequalities exposed by, and the changes to working practices caused as a result of, the covid-19 pandemic. Diversity reporting can serve as a comparative metric across companies, industries and jurisdictions, enabling companies to differentiate themselves from their competitors (or highlighting companies that are underperforming when it comes to diversity). This can both encourage a sense of healthy competition and inspire underperformers to take steps to improve.
Given the importance of organisational diversity, it is equally important that employers have effective mechanisms in place to measure their existing diversity, evaluate the effectiveness of their current diversity and inclusion practices and plan for targeted improvements.
Diversity reporting initiatives
In recent years the UK has introduced several mandatory reporting requirements for certain employers. There are also reporting initiatives that, although voluntary at present, are expected to become mandatory in the coming years. These initiatives principally relate to remuneration, although it is likely that broader reporting requirements will be introduced in the future.
Even where employers are not strictly caught by mandatory requirements, many have decided to opt in, as a result of either wishing to emulate good practices or pressure from industry.
Mandatory remuneration reporting
Gender pay gap reporting
Under the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017, UK private sector employers with 250 or more employees must publish an annual gender pay gap report covering:
- the overall gender pay gap figures for relevant employees, calculated using both the mean and median average hourly pay;
- the proportion of women and men in each of four pay quartiles;
- the gender bonus gap; and
- the proportion of male and female employees who received a bonus in the same 12-month period.
Compared with other countries that have introduced similar reporting requirements, the UK takes a relatively light-touch approach to gender pay gap reporting. There is no requirement for private sector employers to provide any information about policies that are put in place to improve gender equality, or to produce a corrective action plan. While employers have the option of including a narrative explaining their pay gaps and setting out what action, if any, they plan to take to address them, this is not mandatory for private sector employers, and the Government Equalities Office estimated that in 2018/19 only around half of such employers published a plan. Duties on public sector employers vary by nation within the UK, with Wales having a requirement for an action plan where gender pay differences are identified, but England and Scotland having no such requirement.
Other countries have more onerous reporting in place. By way of example, in Australia relevant private sector employers are required to provide details on the availability and use of a range of different policies, including those relating to recruitment, retention, flexible working and employer-funded parental leave. Under French legislation, failure by relevant private sector employers to gain an adequate score across a set of gender pay gap indicators means an action plan must be agreed either through negotiations with trade unions or consultation with employee representatives within an organisation.
CEO pay gap reporting
The reporting obligation (imposed by the Companies (Miscellaneous Reporting) Regulations 2018) requires all publicly listed firms with more than 250 UK employees to publish the ratio between the total remuneration of their chief executive officer (CEO) and the full-time equivalent remuneration of their UK employees on the 25th, 50th (median) and 75th percentile ratios in their annual directors’ remuneration report. There are three different methods that companies can use to identify the 25th, 50th and 75th percentile (one of which relies on the company’s existing gender pay gap data) used to calculate the pay ratios.
Unlike the gender pay gap reporting requirements, the CEO pay gap reporting requirements stipulate that companies must provide a supporting narrative that explains:
- the reasons for any year-to-year reductions or increases in the ratios;
- whether the company believes the median ratio is consistent with the organisation’s wider policies on employee pay, reward and progression; and
- which of the three options the company has used to calculate the ratio, and why it chose that option.
While not overtly related to diversity in the same way as gender pay gap reporting, the purpose of CEO pay gap reporting is to indicate the relationship between the pay of the CEO and the pay of other, more junior employees in the same company, which goes to the broader concepts of increasing fairness and equality within the company and supporting social diversity.
Voluntary remuneration reporting
Ethnicity pay gap reporting
Six months after the first gender pay gap reporting deadline, the UK government launched a consultation on the proposed introduction of mandatory ethnicity pay gap reporting. This consultation, which ended on 11 January 2019, was very much focused on how, not whether, ethnicity pay reporting should be introduced. Despite this, a combination of Brexit and covid-19 effectively stalled progress on ethnicity pay gap reporting.
In 2021, there were fresh calls on the UK government to introduce mandatory ethnicity pay gap reporting as one way of addressing social inequalities for ethnic minorities6 (in part due to the increased focus on racial inequality in connection with the covid-19 pandemic and the international resurgence of the Black Lives Matter movement7). However, apparently motivated by a concern around ‘imposing new reporting burdens on businesses as they recover from the pandemic’, the UK government confirmed in March 2022 that mandatory requirements for UK employers to report on their ethnicity pay gap will not to be implemented ‘at this stage’.8 Instead, it intends to publish guidance to support the increasing9 number of employees who voluntarily report their ethnicity pay gap.
Ethnicity pay gap reporting involves a more complex set of data, and achieving transparency in this area represents a greater challenge than gender pay gap reporting. There are different approaches available to employers who do choose to voluntarily report, as outlined below.
- One approach is to present a single pay gap figure, showing the pay of ethnic groups as a percentage of white employees. This has the advantage of simplicity but is potentially a damagingly homogeneous approach and, as such, could reduce the quality of information produced.
- An alternative approach is to produce several pay gap figures, using a classification system based on a greater number of ethnic groups.10 This would be more instructive but much more complex, expensive and time-consuming to produce. There are also several classification systems available, and some employers will have developed their own system to reflect the demographics of their own workforce. There is potential for inconsistency, making it difficult to draw useful comparisons between organisations and across industries.
- A third approach would combine both the white and non-white binary reporting with a more complex disaggregation of ethnicity pay comparisons. While this would still carry the burden of complexity, the headline figure could be used to give a simple snapshot of an employer’s ethnicity pay gaps while the comparisons by each race could be used to enrich the explanatory narrative.11
One of the biggest problems is the base demographic data. A prerequisite to meaningful reporting is having an accurate set of data to work with. Many employers do not collect data relating to ethnic origin; those that do often suffer from a low declaration rate, with employees unwilling to state their ethnic origin, potentially due to fear of suffering discrimination as a result. Employers may simply not have enough reliable information from which to draw meaningful conclusions.
Disability pay gap reporting
In November 2018 the UK government published a voluntary reporting framework12 to support employers to report and publish on disability, wellbeing and mental health in the workplace. While primarily aimed at employers with over 250 employees, it is also intended to be used by smaller employers who want to increase transparency within their organisation.
The framework recommends that employers report the following:
- a narrative explaining the activities in the organisation in relation to the recruitment and retention of disabled people, including organisational policies, support offered to employees with specific disabilities, the role of network and support groups, progression and pay of disabled employees, workplace adjustments and employee engagement scores; and
- the percentage of individuals within the organisation who consider themselves to be disabled or have a long-term physical or mental health condition.
This voluntary disability reporting framework was cited by the government (along with logistical difficulties) as a reason for its rejection on 14 May 2021 of calls to introduce disability pay gap reporting. This was despite Trades Union Congress research that showed that disabled workers earn 15 per cent less than other staff and are significantly less likely to be employed at all (the employment rate for disabled people was 52.6 per cent in June 2019, compared with 81.5 per cent for those who were not classed as disabled).
However, that rejection was short-lived; on 28 July 2021, as part of a National Disability Strategy13 published by the Department for Work and Pensions, the government committed to consulting on voluntary and mandatory workforce disability reporting for large employers, which is expected to include disability pay gap reporting.
Other reporting initiatives
More broadly, there is likely to be a growing trend (and potentially a legal obligation) for employers to report on the diversity of their workforce outside the arena of remuneration:
- In July 2019, the government consulted on a proposal to require large employers to publish their parental leave and pay policies (the response to this consultation has not yet been published, but the government has committed to responding in due course).14
- In July 2021, the Financial Conduct Authority (FCA) published a discussion paper considering the introduction of mandatory diversity reporting across various metrics.
- More recently, in April 2022, the FCA released a Policy Statement15 to improve transparency on the diversity of boards and executive managements by introducing two new listing rules requiring listed companies to include a statement in their annual financial report setting out whether they have met specific board diversity targets on a ‘comply or explain’ basis. The targets are: (1) 40 per cent of the board and at least one of the senior board positions should be women; and (2) at least one member of the board should be from a non-white ethnic minority background. For the time being the FCA has decided not to extend reporting to other categories such as sexual orientation or socio-economic background.
- Even without government intervention, a number of voluntary initiatives have encouraged employers to report on diversity statistics, with a knock-on impact on wider business culture. By way of example, the UK Race at Work Charter16 asks signatories to capture ethnicity data to establish a baseline and publicise progress, while the Women in Finance Charter17 requires signatories to publicly report on progress to deliver against internal targets for the progression of women into the executive pipeline. In May 2022, the 30% Club UK Investor Group published guidance18 on diversity reporting, which places emphasis on quantity over quality and encourages employers to explain what action they are taking to improve diversity alongside their reports.
Obtaining employee data
Considering the importance of collating accurate employee data to be able to comply with mandatory and voluntary requirements, it is essential that employers find effective ways to obtain this.
A key opportunity for employers to obtain useful employee data can arise during the recruitment and on-boarding process. However, employers will need to be cautious about the legal risks they may expose themselves to by asking certain questions relating to diversity, particularly before the decision whether to hire an individual is made. In particular, employers are prevented by law from asking questions about a candidate’s health before making an offer of work (although a number of exceptions apply, including questions that are necessary for the purpose of monitoring diversity in the range of persons applying to that employer for work).19
Another approach frequently used by employers is employee surveys to ask employees to voluntarily provide diversity data, which can be carried out either openly or anonymously. In practice, it will be hard for employers to ensure that employees respond to such surveys. Employees will need to understand both the personal and social benefits of completing such surveys and will need to be confident that they will not suffer any repercussions as a result of providing personal data. The need to overcome a certain amount of natural employee reticence will mean that employers need to build a culture of psychological safety (including very clear commitments to data privacy and security) that encourages employees to voluntarily engage with the data-reporting process, as this will ensure that the most detailed and accurate data are obtained while minimising the risk of associated claims (such as for discrimination).
Risks for employers
As employers comply with ever-increasing mandatory diversity reporting, as well as voluntary monitoring and reporting expected by stakeholders such as investors, clients and employees, they will need to process and store increasing amounts of employee data. There are inherent risks for employers holding and processing data about their employees, which must always be done in compliance with data protection legislation20 and guidance.21 The potential exposure associated with such risks will inevitably increase as employers increase the volume and nature of these data to meet the growing obligations and expectations.
For example, in order to review pay data across all protected characteristics (as the FCA urged all chairs of remuneration committees to do, in a letter dated 3 August 202122), employers will need to obtain data covering all protected characteristics and then store and process the data in a way that enables the data to be assessed alongside pay.23 However, by collecting data on protected characteristics, employers will be collecting data that fall within the ‘special categories of personal data’ under the UK GDPR.24 Processing special category data requires both a general ground for that processing (under article 6 of the UK GDPR) and a specific exemption (under article 9(2) of the UK GDPR).
While ‘explicit consent’ is an exemption for processing special category data, the Information Commissioner’s Office has indicated that it is unlikely to be possible for an employer to rely on consent as a ground for processing employee data in England due to the inevitable imbalance of power between employer and employee. Employers will therefore have to rely on another exemption, most probably the exemption allowing processing that is necessary for the purposes of performing or exercising obligations and rights that are imposed or conferred by law in connection with employment. However, this exemption is only available where the employer has an appropriate policy in place and complies with additional safeguards. It is also unlikely to be of assistance where an employer wants to carry out purely voluntary processing.
Under the UK GDPR (and its European counterpart, the EU GDPR) potentially significant fines can be imposed in the event of non-compliance. This was highlighted by the €35 million fine25 imposed by the Hamburg Commissioner for Data Protection and Freedom of Information in November 2020 against H&M. In breach of the EU GDPR, H&M had been collecting and storing a significant amount of intrusive data about employees’ holiday experiences, health, family issues and religious beliefs (without the employees’ knowledge). While the scope of the data processed by H&M was extensive and unusual, the level of the fine is a salutary reminder of just how important it is for employers to comply with data protection legislation, including by processing employee data fairly, reasonably and transparently and only where there is a legitimate purpose.
Aside from the liabilities imposed by data protection law, employers may also find themselves liable if their employees misuse the personal data of other individuals. Most recently, the scope of an employer’s vicarious liability for acts of their employees has been considered through to the Supreme Court under the claims bought against Morrisons by 9,263 current and former employees after one employee posted the personal data (including bank details, addresses and salary information) of almost 100,000 Morrisons employees online in retaliation for a minor disciplinary sanction. The individual in question had been given access to the payroll data for Morrisons’ entire workforce to enable him to collate and transmit payroll data needed by Morrisons’ auditors.
While the Supreme Court ultimately held26 on appeal that Morrisons was not vicariously liable for the employee’s act, this is nonetheless something that employers will remain concerned about; the Supreme Court stopped short of ruling that vicarious liability can never arise under data protection legislation. The judgment also stated that on other sets of facts it would be possible for employees to hold their employer vicariously liable for statutory breaches of data protection law, misuse of private information or breach of confidence. Both the High Court and the Court of Appeal had previously held that Morrisons was liable, demonstrating the finely balanced nature of the test for vicarious liability and the potential risks for employers if they do not adequately safeguard employee data by limiting who has access to that data and the purposes for which it can be used.
The Equality Act 2010 legally protects individuals from discrimination in the workplace. There are a number of ways in which both the collection of, and reporting on, employee diversity data could result in discrimination claims against employers:
- Once employers are on notice (for example, as the result of employee responses to diversity surveys) that an employee has a particular protected characteristic, any detrimental action towards that employee carries the risk of an inference being drawn that such detrimental action is because of the protected characteristic and therefore constitutes unlawful discrimination. The burden of proof is normally on the employer to show that it was not because of the protected characteristic – perhaps by showing that the data was only ever provided and held anonymously, so that the employer did not in practice ‘know’ in connection with the specific employee, even if the data had been provided. This underscores the importance of secure processing of such data and their appropriate use.
- On a similar note, if an employer is on notice that an employee is experiencing physical or mental health difficulties and fails to take steps to manage such difficulties, the employer could be held liable for what could be perceived as failing in its duty of care towards employees, or its duty under the Equality Act 2010 to make reasonable adjustments for an employee with a disability.27
- Increased reporting that indicates that employees are remunerated differently or have different experiences at work based on protected characteristics such as sex, ethnicity or disability may give rise to increased litigation or fuel existing litigation.
- As noted above, much of the value of diversity monitoring and reporting arises from the ways in which employers can use the data to identify the need for action to improve diversity, such as (in the case of gender pay gap reporting) by implementing action plans to increase the number of women in senior, more highly paid positions. However, while the Equality Act 2010 does allow positive action28 in certain circumstances, positive discrimination is not permitted and employers must be careful that steps taken to improve diversity do not stray into positive discrimination.
An Employment Tribunal claim29 in 2021, in which two male employees successfully claimed sex discrimination when they (along with three other male employees) were dismissed after the employer reported a 44.7 per cent gender pay gap, provides a useful reminder of the minefield that employers face when trying to address identified issues with the diversity of their employees.
As with data protection legislation, there are potentially significant consequences for employers if they are found to be in breach of discrimination legislation. Not only are damages for discrimination claims uncapped, such claims increasingly have adverse reputational consequences.
As well as protecting employees from discrimination, the Equality Act 2010 also gives employees (most commonly female employees, although male employees are also covered) an express right to receive equal pay and terms of employment30 to comparator employees for carrying out equal work,31 unless there is a material reason for any difference that is not related to sex.32
In the same way that diversity reporting could fuel discrimination claims, pay gap reporting may give rise to or fuel equal pay litigation. While a pay gap does not itself indicate that there is an equal pay issue (as a gap indicates a difference in average pay and not a difference in pay between employees carrying out equal work), again it might help create context. By way of example, the BBC’s gender pay gap reporting (which was criticised in the media) was referred to in the Employment Tribunal’s judgment in the successful equal pay claim brought by presenter Samira Ahmed.33
It is essential that employers, particularly those who operate large global businesses, remain aware of international differences in reporting requirements. They will particularly have to bear in mind how jurisdictions differ in their attitudes to certain diversity disclosures, which may present problems if it is not possible to tailor employee surveys or any other methods used to collate data per country. For instance, in the Czech Republic employers may not request information from employees that is not directly related to the performance of work, while in some jurisdictions questions about sexuality may cause religious or moral offence or even incur criminal liability. In other jurisdictions, while there are no explicit laws regarding which questions employers may ask their employees, the cultural norms of the workplace mean that such questions would be seen as highly unusual.
Protecting employee diversity data
There are a number of practical and proactive steps that employers can take to protect their employees’ data:
- Employers should conduct a separate data protection impact assessment for each diversity programme requiring the processing of data.
- Where possible, employee data (particularly sensitive and special category data) should be aggregated and anonymised.
- Access to data should also be restricted to only the individuals who reasonably need access, and minimised whenever possible. Access might also need to be time-limited and security continually reviewed.
- The organisation should ensure that wider practices are in place that encourage a culture where data are secure and individuals’ rights respected. For instance, transparency is key: employers should provide clear notice to employees or job applicants as to when the provision of personal data is optional and explain exactly how and why they use and store diversity data.
- Employers should also have a clear record of what their policies and practices are regarding data security. They should seek advice on implementing a written policy for treatment of diversity data and train relevant employees on how to follow the policy and to be accountable for their use of data. In particular, there should be a clear policy regarding how to escalate and report data breaches.
While these principles will be relevant to all data, the particular sensitivities and risks associated with diversity data and the potentially onerous consequences for employers under both data protection legislation and employment legislation make it more important that employers comply with these principles and are aware of the risks if they do not do so.
Conclusion – looking beyond the data
Collecting and processing the data that employers need to analyse and report on diversity is not necessarily straightforward and there are legal risks under both data protection law and employment law. There are steps employers can take to manage the risks, albeit that they may have to walk a tightrope to balance the data protection and employment risks. In order to realise the potential benefits and comply with increasing expectations from stakeholders, employers also need to be able to analyse the data effectively and use that analysis to develop and keep under review appropriate policies to improve diversity. If they fail to do so, not only will they miss out on the potential benefits of diversity reporting, they will also risk damaging the reputation of the company and its reputation with stakeholders.
However, working towards a diverse workforce, evidenced by improved diversity reporting statistics, is only the first step for employers. Equally as important is the creation of an inclusive workforce, meaning one where all employees are ‘valued, respected, accepted and encouraged to fully participate in the organisation’.34 While the terms ‘diversity’ and ‘inclusion’ are often used together, one does not automatically imply the other.
Achieving diversity without achieving inclusion means that employees may not feel able to raise their views and contribute towards the business, resulting in a loss of opportunity to benefit from diversity of thought and experience. It also means there will be a real risk that diversity policies are seen as box-ticking and tokenistic exercises, rather than the outward demonstration of the company’s values. An organisation that makes diversity promises but is unable to show the implementation of those promises may inadvertently make it easier for employees to successfully bring discrimination claims. Employers should therefore not see an improvement in their diversity data as the end of the process and will need to keep their policies under review to ensure that improved diversity is reinforced with a culture of inclusion.
1 Philippa O’Malley is an associate and Lizzie Twigger is a senior counsel at Slaughter and May. The authors wish to thank Clare Fletcher and Cindy Knott for their valuable input.
2 McKinsey has published a series of reports investigating the business case for diversity: Why Diversity Matters (2015); Delivering through Diversity (2018); and Diversity Wins (2020).
3 McKinsey has reported that, in 2014, companies in the top quartile for racial and ethnic diversity were 35 per cent more likely to have financial returns above national industry medians, while in 2017 they were 33 per cent more likely to do so.
4 In Delivering through Diversity, McKinsey reported that companies in the bottom quartile for both gender and ethnic/cultural diversity were 29 per cent less likely to achieve above-average profitability.
5 By way of example, in August 2020 institutional investor State Street asked companies in its portfolio to communicate their diversity goals, how those goals contribute to their overall strategy and progress against those goals and, in February 2021, Coca Cola announced that it would reduce fees for law firms that failed to meet diversity targets.
6 In particular, the Confederation of British Industry, the Trades Union Congress and the Equality and Human Rights Commission sent a joint letter, ‘The case for mandatory ethnic pay reporting’, 25 June 2021, calling on the government to make ethnicity pay gap reporting mandatory, using the framework already in place for gender. They also support the Commission’s recommendation that pay gap data should be supported by a narrative comprising key data, relevant findings and action plans to address race inequalities.
7 Public Health England – Disparities in the risks and outcomes of COVID-19: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/908434/Disparities_in_the_risk_and_outcomes_of_COVID_August_2020_update.pdf.
8 Inclusive Britain: the government’s response to the Commission on Race and Ethnic Disparities, March 2022, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1061421/Inclusive-Britain-government-response-to-the-Commission-on-Race-and-Ethnic-Disparities.pdf.
9 The Women and Equalities Select Committee report on Ethnicity Pay Gap Reporting, published on 8 February 2022, stated that 19 per cent of UK employers voluntarily reported on ethnicity pay gaps in 2021, up from 11 per cent in 2018.
10 In England and Wales, there are 19 ethnic groups recommended for use by the government when asking for someone’s ethnicity.
11 This approach was suggested by Matthew Percival, Programme Director for Skills and Inclusion at the Confederation of British Industry, in evidence before the Women and Equalities Committee on 12 January 2022.
12 Voluntary Reporting on Disability, Mental Health and Wellbeing: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/758000/voluntary-reporting-on-disability-mental-health-and-wellbeing.pdf.
14 In its First Special Report of Session 2021–22, published on 14 May 2021.
19 Section 60, Equality Act 2010.
20 In the UK, data protection is governed by the Data Protection Act 2018 and the retained EU General Data Protection Regulation (the UK GDPR, as defined by Section 3 of the Data Protection Act 2018).
21 The Information Commissioner’s Office has published extensive guidance on the UK’s data privacy regime, including an Employment Practices Code (currently under review).
23 There are eight protected characteristics under English law: age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation; Section 4 of the Equality Act 2010.
24 Special categories of personal data include data relating to racial or ethnic origin, religious or philosophical beliefs, data concerning health and data concerning a person’s sex life or sexual orientation; article 9(1), UK GDPR.
27 Section 20 of the Equality Act 2010.
28 Section 158 of the Equality Act 2010 allows employers to take action to enable or encourage persons who share a protected characteristic to overcome any connected disadvantage or participate in any activities, or otherwise meet any different needs of those persons. Section 169 of the Equality Act 2010 allows employers to take similar actions in the context of recruitment and promotion, subject to certain conditions.
30 Referred to as the 'sex equality clause' – Section 66 of the Equality Act 2010.
31 Under Section 65 of the Equality Act 2010 there are three different measures on which employees’ work can be equal: the work is broadly similar with no differences that are of practical importance; it has been rated as equivalent as part of a job evaluation study; or it is of equal value (ie, although different, the work is equal in terms of the demands in terms of effort, skill and decision-making).
32 Section 69 of the Equality Act 2010.