Chief Diversity Officers face significant challenges in adopting a data-driven approach to Diversity, Equity, and Inclusion (DEI), particularly due to the risks associated with using sensitive personal information. According to a McKinsey study, there is a strong business case for gender, ethnic, and cultural diversity in corporate leadership.

The study found that the most diverse companies are more likely to outperform their less diverse counterparts in terms of profitability. In fact, companies in the top quartile for gender diversity on executive teams are 25% more likely to achieve above-average profitability compared to those in the lowest quartile. This underscores the positive correlation between diversity and financial performance.

Given this evidence, organizations seeking to leverage DEI must rely on accurate data and meaningful metrics—moving beyond simple “body count” metrics to process metrics that provide deeper insights into management processes. For example, tracking how individuals from diverse backgrounds progress within the organization or analyzing salary disparities between genders in similar roles can highlight areas for improvement and drive meaningful change.

From an Information Governance (IG) perspective, organizations need to assess and improve their data practice maturity. This involves developing robust data practices at every level, with a clear understanding of data’s role in DEI initiatives. Organizations must also ensure that DEI metrics are combined with broader organizational goals and aligned with DEI objectives.

The Five Levels of Data Practice Maturity

Organizations can evaluate their data practice maturity using the following levels:

1. Unaware: Employees lack awareness of established data practices.

2. Aware: Employees understand and endorse formal data authority and control.

3. Define: Responsibilities and metrics are clearly defined and formally recorded.

4. Manage: Employees enhance performance through automation and use metrics to manage outcomes.

5. Enhance: Data practices are optimized, with advanced metrics driving continuous improvement.

A mature, data-driven organization recognizes that effective data management is everyone’s responsibility, with clear roles and responsibilities defined in formal policies and procedures. In contrast, less mature organizations may only use data reactively, limiting their ability to address risks effectively.

Implementing Sound Data Lifecycle Management for DEI

To ensure effective DEI metrics, organizations must implement data lifecycle management processes marked by sound stewardship and robust employee involvement. IG principles, such as purpose-specific data collection, retention, and disclosure, should be applied rigorously to DEI data. Below are some IG principles that support DEI data management:

• Collection: DEI data should be collected solely for the purposes outlined in the notice provided to the individual.

• Use: The use of DEI data should be restricted to the purposes for which the individual has provided consent.

• Retention: DEI data should only be retained for as long as necessary to fulfill the stated purpose.

• Disclosure: DEI data should only be shared with third parties for the purposes outlined in the notice, and with the individual's consent.

  
  

Developing a Roadmap for DEI Data Maturity

Achieving DEI data maturity requires a well-defined roadmap, which includes:

• Understanding Leadership’s Risk Tolerance: Gauge leaders’ willingness to embrace risks associated with a metrics-driven DEI approach and align DEI metrics with organizational goals.

• Evaluating Process Maturity: Assess and improve the maturity of processes for managing DEI-related risks.

• Studying Legal Implications: Understand relevant laws, including privacy laws and anti-discrimination regulations, to avoid over-collection or misuse of DEI data.

• Navigating Privacy Laws: Ensure compliance with privacy laws related to employee data at all levels.

• Acknowledging Accountability: DEI staff should be aware of legal risks that cannot be fully mitigated through administrative or technical controls.

The risks associated with DEI metrics, particularly those involving sensitive personal information, highlight the importance of robust data practices and clear metrics. As such, taking an IG-centric approach helps organizations develop sound data management processes, ensuring they collect, use, and retain DEI data appropriately.

By understanding data practice maturity and implementing a clear roadmap, organizations can create a more inclusive and equitable workplace based on accurate information, that aligns with both DEI goals and business outcomes.