In the Crosshairs: Defending DEI with Governance-Driven Metrics

Max Rapaport
Jun 19
4 min read

Many organizations have poured resources into DEI over the past decade—launching initiatives, hiring Chief Diversity Officers, and citing inclusion as a business imperative. And with good reason: a 2019 McKinsey study found that companies in the top quartile for gender diversity on executive teams were 25 % more likely to outperform peers on profitability 

Ethnic and cultural diversity show similarly positive correlations. But in today’s climate—where DEI is facing regulatory pushback, funding cuts, and political backlash—intentions aren’t enough. Organizations need governance + metrics to justify, defend, and sustain DEI efforts.

DEI Is Under Attack

These efforts are facing increasing challenges, and across the U.S., DEI is being dismantled at multiple levels. Some of the most prominent include:

Federal executive orders (EO 14151 and EO 14173), which rescinded DEI mandates, with federal agencies told to shut down diversity initiatives 
States and universities banning funded DEI positions;
Major employers like Target, Amazon, and Costco scaling back or rebranding programs amid political pressure

In this environment, organizations must move from good intentions to good governance—from “what we want to do” to “how we can prove it’s working.”

The Case for Diversity Has Never Been Stronger

Despite these challenges, the business case for diversity is well established. According to a McKinsey study, companies in the top quartile for gender diversity on executive teams are 25% more likely to outperform peers on profitability. Similar correlations exist for ethnic and cultural diversity. But recognizing the value of diversity and building a defensible DEI program are two different things.

Chief diversity officers face growing pressure to quantify progress. But the metrics that matter most—like promotion velocity, pay equity, and organizational accessibility—require access to sensitive personal data. Without IG, that access becomes dangerous.

Much of Your DEI Data Might Be ROT

According to the Compliance, Governance and Oversight Council (CGOC), 69% of stored data is ROT—redundant, obsolete, or trivial. For DEI leaders, this often includes outdated demographic data, unverifiable survey responses, or diversity reports stored without clear ownership or expiration.

This isn’t just inefficient—it’s risky. In an era where privacy laws are tightening and DEI programs are under attack, unmanaged data creates liability. Worse still, poorly governed data can lead to misleading conclusions that do more harm than good.

Without governance, your DEI metrics may hurt more than they help.

Stop Thinking About Optics—Start Thinking About Maturity

Organizations often treat DEI data as a box to check. A report for the board. A slide in the ESG deck. But true impact depends on data practice maturity—a structured understanding of how data is collected, managed, and applied.

At the lowest levels, organizations are unaware of basic governance practices. At the highest, they’ve enhanced their systems so that data is embedded into every process with clearly defined roles, lifecycle controls, and consent tracking.

Being truly “data-driven” means more than using metrics. It means data is accurate, protected, and used intentionally by everyone—not just analysts.

Three IG Strategies to Future-Proof DEI

The most successful DEI programs today are the ones that treat information governance as a foundation—not an afterthought. They’re built on three core strategies:

1. Centralization and Visibility

DEI data lives everywhere—HRIS systems, applicant tracking platforms, payroll databases, survey tools. Fragmentation leads to inconsistency. When there’s no centralized inventory, organizations can’t apply retention policies, restrict access, or ensure defensible metrics.

Centralization starts with data mapping. Who owns DEI data? Where is it stored? How is it classified?

With a centralized IG platform, organizations can:

Identify redundant or outdated metrics
Align diversity goals with broader ESG reporting
Benchmark internal equity across departments
Support defensible, repeatable reporting processes

If you don’t know what you have, you can’t govern it. And if you can’t govern it, you can’t defend it.

2. Purpose-Bound Collection and Stewardship

Collecting DEI data comes with responsibility. That means aligning every question, checkbox, and survey response to a stated purpose—disclosed up front and reflected in downstream use.

From an IG perspective, this includes:

Collecting only what’s necessary for the stated purpose
Limiting access to trained, authorized staff
Retaining data only for the duration needed
Disclosing data only in accordance with stated use and with consent

The organizations most at risk are those that over-collect, under-secure, and fail to explain. But those who apply IG principles can demonstrate compliance, earn trust, and drive better outcomes.

3. Lifecycle-Driven Governance

DEI data should not outlive its purpose. Governance isn’t a set-it-and-forget-it activity—it must evolve with your systems and strategy.

Key lifecycle controls include:

Destruction triggers tied to employee exits or survey expiration
Policy-driven retention schedules mapped to metadata
Audit workflows to ensure compliance across departments
Built-in hold codes for investigations or litigation

For example, during an HR system migration, an organization can apply filters to move only current, verified DEI records—deleting expired or incomplete files in compliance with privacy regulations. This reduces exposure, increases efficiency, and builds confidence in the data that remains.

Build a Roadmap, Not a Report

Defensible DEI starts with maturity.

In this light, organizations should take the time to: