Back to top

Addressing Privacy, Confidentiality and Legal Concerns

Addressing Privacy, Confidentiality and Legal Concerns

Concerns about privacy, confidentiality and legality are often cited as obstacles to ensuring the collection and sharing of comprehensive data on the workforce.  Below are some common challenges related to confidentiality and actions that can be taken to overcome them.  

Is Collecting Equity Data Legal? 

Collecting data is permitted and is in accordance with Canada’s human rights legislative framework, including the Canadian Human Rights Act, and the Employment Equity Act. Data collection is proven to be a useful and often essential tool in creating strong employment equity strategies.8 

Most provincial human rights codes allow for special programs which treat groups differently in order to achieve equity. These programs aim to help disadvantaged groups and recognize the importance of addressing historical disadvantage by protecting special programs to help marginalized groups. If the questions are voluntary, and aimed toward increasing representation from disadvantaged groups, this data collection is legal. 

Privacy legislation differs across jurisdictions, but there are typically provisions that would allow the employer to disclose personal information if it is required to do so by a collective agreement, or if the disclosure is for a purpose consistent for the reason for which it is collected. Disclosing information to the union in order to monitor no discrimination or employment equity would not violate privacy legislation, but associations should consult with a lawyer if they are concerned. Nonetheless, associations should seek to negotiate collective agreement language in order to obtain disclosure and for disclosure to comply with privacy legislation. 

Keeping it confidential  

The main concern relating to privacy legislation is the disclosure of personal information about individual members or job candidates. In order to avoid potential breaches of privacy, it is important data not be reported for small groups as this can compromise confidentiality. This is because the ability to identify individuals is increased when the reported numbers are small. Reporting only aggregate data ensures individual privacy is protected. The Canada Research Chairs (CRC) program recommends suppressing data counts of less than five (5) when sharing data, while the University of Toronto suppresses for less than three (3). 

This can be particularly challenging for smaller institutions or departments. In general, it is better to collect data so that analysis can be as fine grained as possible, but to ensure that it is only reported publicly in such a way as to show larger trends. 

Some of the techniques Ryerson University uses to address this issue may be helpful. These include not providing the exact number of people in a group, combining smaller areas or divisions, and not reporting data for academic departments and schools or small administrative units that cannot be combined with other units in a meaningful way.

8  Ontario Human Rights Commission (OHRC). Count me in! Collecting human rights-based data. November 26, 2009:

9 Toronto Metropolitan University. Privacy and Confidentiality, Diversity Self-ID