cancel
Showing results for 
Search instead for 
Did you mean: 

Managing concerns about monitoring

Jade_Washington
New Contributor III
New Contributor III

We are just starting our journey and interested in managing any concerns about data and privacy. Does anyone have advice on how to unlock the true potential of Viva insights whilst having healthy regard for privacy?

1 ACCEPTED SOLUTION

Peter_Baker
Moderator
Moderator

It is always a good idea to think about the communication guidelines for rolling out Viva Insights in your organization. The guidelines could include:

  • A brief product description
  • Business reason for rolling out the product (e.g. support the objective of an existing corporate-wide strategic initiative or transformation program)
  • Emphasis on the benefits for the employee (e.g. improve work/life balance through healthier collaboration habits, reclaim time to focus on your top priorities)
  • Rollout details (e.g. the population that will be included in the scope/ receive licenses, approximate date when the product will be visible)
  • Addressing data and privacy concerns. We recommend emphasizing the following points:
  1. For Leader and Manager Insights: only header-level data, aka "metadata", from emails and meetings is analyzed. Examples of metadata include: time and date, meeting duration, and subject line. Viva Insights does not use the content found in the bodies of  emails and meeting invites.
  2. For Leader and Manager Insights: All data is deidentified and aggregated, meaning individuals cannot be identified in the analysis. All analyses are conducted at the group level to show trends and patterns, and a group size limit exists to further protect employee identifies.
  3. For Personal Insights: Only individual employees can see their own data. Nobody else has access to it, including IT and their manager. If they do want someone else to view their data, then the product allows them to share the data of their choice with specified recipients. 
  • Any other additional information (e.g. who or where can employee go for more information, a contact for more information on privacy and data, links to the product)

 

Besides employee communications you might want to consider this set of analyst responsibilities as you give people access to the product:

 

Analyst Guidelines Checklist

The people whom you provision as analysts may have access to sensitive or confidential information in Workplace Analytics.  Consider whether you should require analysts to adhere to certain guidelines when they use Workplace Analytics.  The purpose of this document is to provide a checklist of potential items to include in such guidelines.  This checklist could be used to create a document that analysts must review before you give them access to Workplace Analytics.  This document is not intended as a substitute for addressing your organization’s unique needs by engaging with legal, privacy, human-resources, and other subject matter experts within your organization to develop comprehensive analyst guidelines.

  • Purpose:
    • Remind analysts that they should use Workplace Analytics data (raw data and results of analyses) only for purposes that your organization has approved in advance (e.g., certain sanctioned studies).
    • Remind analysts that the data should not be used for purposes that your organization expressly forbids.
  • Scope of data:
    • Remind analysts that the use of data that could be used to identify individual employees should align with your organization’s policy on the use of personal data and any minimum group size configurations that your organization requires.
    • Remind analysts if any data should be excluded from analysis (e.g., certain departments, individuals, or keywords).
    • Remind analysts if the use of any types of data (e.g., sensitive HR data) requires additional permission.
  • Disclosure:
    • Remind analysts that they should not share the data with anyone who is not authorized to see it.
    • Remind analysts that data should be shared only in a form that your organization has approved (e.g., in aggregate form aligning to the minimum group size configured in Workplace Analytics or any policies that your organization has regarding anonymization or pseudonymization).

View solution in original post

1 REPLY 1

Peter_Baker
Moderator
Moderator

It is always a good idea to think about the communication guidelines for rolling out Viva Insights in your organization. The guidelines could include:

  • A brief product description
  • Business reason for rolling out the product (e.g. support the objective of an existing corporate-wide strategic initiative or transformation program)
  • Emphasis on the benefits for the employee (e.g. improve work/life balance through healthier collaboration habits, reclaim time to focus on your top priorities)
  • Rollout details (e.g. the population that will be included in the scope/ receive licenses, approximate date when the product will be visible)
  • Addressing data and privacy concerns. We recommend emphasizing the following points:
  1. For Leader and Manager Insights: only header-level data, aka "metadata", from emails and meetings is analyzed. Examples of metadata include: time and date, meeting duration, and subject line. Viva Insights does not use the content found in the bodies of  emails and meeting invites.
  2. For Leader and Manager Insights: All data is deidentified and aggregated, meaning individuals cannot be identified in the analysis. All analyses are conducted at the group level to show trends and patterns, and a group size limit exists to further protect employee identifies.
  3. For Personal Insights: Only individual employees can see their own data. Nobody else has access to it, including IT and their manager. If they do want someone else to view their data, then the product allows them to share the data of their choice with specified recipients. 
  • Any other additional information (e.g. who or where can employee go for more information, a contact for more information on privacy and data, links to the product)

 

Besides employee communications you might want to consider this set of analyst responsibilities as you give people access to the product:

 

Analyst Guidelines Checklist

The people whom you provision as analysts may have access to sensitive or confidential information in Workplace Analytics.  Consider whether you should require analysts to adhere to certain guidelines when they use Workplace Analytics.  The purpose of this document is to provide a checklist of potential items to include in such guidelines.  This checklist could be used to create a document that analysts must review before you give them access to Workplace Analytics.  This document is not intended as a substitute for addressing your organization’s unique needs by engaging with legal, privacy, human-resources, and other subject matter experts within your organization to develop comprehensive analyst guidelines.

  • Purpose:
    • Remind analysts that they should use Workplace Analytics data (raw data and results of analyses) only for purposes that your organization has approved in advance (e.g., certain sanctioned studies).
    • Remind analysts that the data should not be used for purposes that your organization expressly forbids.
  • Scope of data:
    • Remind analysts that the use of data that could be used to identify individual employees should align with your organization’s policy on the use of personal data and any minimum group size configurations that your organization requires.
    • Remind analysts if any data should be excluded from analysis (e.g., certain departments, individuals, or keywords).
    • Remind analysts if the use of any types of data (e.g., sensitive HR data) requires additional permission.
  • Disclosure:
    • Remind analysts that they should not share the data with anyone who is not authorized to see it.
    • Remind analysts that data should be shared only in a form that your organization has approved (e.g., in aggregate form aligning to the minimum group size configured in Workplace Analytics or any policies that your organization has regarding anonymization or pseudonymization).