Establishing Trust – Avoiding Pitfalls
Anonymous Employee Surveys
Employee surveys are an effective tool for organizational development.
However, they can only be fully effective if as many employees as possible take part in the survey and the answers given are “true,” i.e., correspond to the actual opinion of the participants.
The Challenge
An important prerequisite for achieving these goals is ensuring the anonymity of the respondents – both during the evaluation and in the results reports.
Anonymity means that the answers cannot be personally assigned to any individual employee. This means that every participant in an employee survey can be confident that the answers given could not lead to personal disadvantages. Employee surveys should also always be voluntary. This should be clearly communicated in advance, for example when the HR department announces them, across the organization via internal corporate communications.
In most employee surveys, an individual access code (“TAN”) is used to ensure that only authorized persons participate, only one questionnaire can be filled out per person and the answers are assigned to the correct organizational unit.
Below we list the organizational measures that ensure the anonymity of the employee survey. We are assuming employee surveys conducted online. Most of the tips can also be applied to paper-based surveys.
Involvement of the Data Protection Officer
To ensure the anonymity of the participants and to comply with the legal regulations on data protection (GDPR), you should inform and involve the data protection officer of your company or organization about the planned survey.
Since personal data is processed in an employee survey, a data processing agreement (AVV) according to Art. 28 Para. 3 GDPR is required. The data protection officers or a data protection officer and the project management agree on a joint contract text. Based on its numerous projects and experience, Cubia AG is happy to provide a sample with all the necessary documents, such as the technical and organizational measures (Art. 32 GDPR), certificates and white papers on internal IT and email sending.
Invitation Process
Employees are often invited to the employee survey by email. These usually contain general information about the survey period, as well as the link to the survey and an access code.
The access code (“TAN”) ensures that only registered and invited employees can take part in the survey, that only one questionnaire can be filled out at a time and that the answers are assigned to the correct organizational unit.
With regard to maintaining anonymity, the TAN has the disadvantage that it is technically linked to the invited person at least at the time the email is sent and, if necessary, a reminder. This is necessary, however, because the delivery of the invitation information is a prerequisite for participation in the employee survey.
It is advisable to delete the connection between the email address and the TAN as soon as it is no longer required.
The guaranteed operational anonymity should, if necessary, be made transparent via internal company communications or at the request of participants in order to prevent concerns about the anonymity of the employee survey.
If some employees need to be invited in writing (for example, if there is no work email address), then it is not technically or operationally necessary to hand over the names or other personal data of these employees to the external partner – it is sufficient for the partner to know the number of invitation letters required per organizational unit and then distribute the required letters (in sealed form). In this case, no one can know which person received which access code.
Safe and Anonymous
Your Employee Survey in Confidence
Book a non-binding consultation now – we will support you in implementing successful and anonymous surveys.
Technological Measures
Particularly in the case of employee surveys conducted online, the internal relationship between the organization/consulting company conducting the survey must ensure that unauthorized third parties do not gain access to confidential data and thus endanger the anonymity of individual employees.
The threats to data security and integrity in online processes are diverse – they must be addressed by suitable security measures. This should be a matter of course for every service provider in order to establish and maintain trust.
The TAN procedure already mentioned ensures that only the invited group of people take part in the respective survey and each person can only fill out one questionnaire.
In the online survey, the security-critical use of tools, plug-ins and other third-party solutions should be avoided in favor of a purely HTML and JavaScript-based solution. A server-based solution should be implemented, i.e. all data is managed on the partner’s protected servers and is not accessible to third parties.
Encryption of data traffic using a sufficiently secure procedure during the online survey should be a matter of course.
It is advisable to work with a partner certified according to ISO/IEC 27001. This certification guarantees the establishment, implementation and monitoring of an information security management system (ISMS) and the implementation of information security measures according to international standards.
Result Reports and Evaluation Limits
In addition to the formal contractual regulations in the order processing contract, further measures for anonymity are agreed at the project management level, e.g. from what number of responses received a result report can be created. Our recommendation is at least 5 responses received as the evaluation limit. Responses that are not evaluated are not lost, but are taken into account in the next higher level, i.e. at least in the overall report.
Participation in the employee survey is voluntary in all cases, as is answering individual questions. If a person cannot or does not want to answer a question, they leave it blank. In some cases it can happen that at least 5 people have sent their answers but not answered all of the questions. Cubia AG also takes the evaluation minimum into account at the question level, i.e. if there are enough completed questionnaires, the results of individual questions are not evaluated if the respective question was answered by too few participants (less than the agreed evaluation limit).
Evaluation of Open Questions
Particular sensitivity is required when evaluating open questions where participants can answer freely. Names and references to people may well be mentioned here (albeit undesirably). In the online questionnaire for the employee survey, a note can be inserted before the free text field that contains information about the evaluation and asks that no names be mentioned. In any case, however, the content of the free text answer is always the responsibility of the respective respondent.
We recommend that the answers to open questions are only evaluated and summarized as a whole for large organizational areas (e.g. entire company, countries, locations) (“categorization”). Thanks to AI-supported processes, Cubia can also evaluate large numbers of answers with a reasonable amount of effort.
Transferring the answers with organizational assignment should be ruled out in any case in order to ensure the anonymity of the participants.
Sociodemographic Evaluations
Employee surveys often ask for socio-demographic data such as age or length of service – analyses based on these criteria can provide valuable HR strategy information and make necessary measures more specific.
Since this information and results are of a more “higher-level” nature and less relevant or irrelevant for small organizational areas, we strongly recommend that these special reports be prepared exclusively at a very high aggregation level (entire organization, countries, etc.).
Cross-filtered analyses (e.g. “all men in a certain age segment”) should only be prepared if there is an explicit purpose/necessity and should always contain a sufficiently large number of responses (entire company level) so that there is no risk of anonymity being compromised here either.
Raw Data
The raw data is the data basis for all results and analyses; it contains the answer to each question for each completed questionnaire. Cubia does not usually pass on any raw data to the surveying organization. The client has the authority to give instructions to the contractor, but the contractor has the obligation to inform the contractor of any possible breach of data protection and to retain the data until the client has made a final decision. If raw data is passed on at the express request of the client, it must be ensured that suitable measures – such as omitting socio-demographic data or department affiliation – prevent the surveyed organization from drawing conclusions about individual people.
If, in the event of an order, existing raw data from a possibly specially conducted employee survey is handed over to Cubia in order to have this employee survey data evaluated, it will of course be treated confidentially and a confidentiality agreement will usually also be signed. The requirements of the General Data Protection Regulation and deletion requirements if the purpose limitation no longer applies are also taken into account.
Summary of Our Recommendations for Ensuring the Anonymity of an Employee Survey:
- Early involvement of the data protection officer
- Internal announcement in the organization regarding voluntary participation and anonymity of the employee survey
- Invitation process with deletion specifications
- Technical coordination, e.g. whitelisting of the sender address
- Choose a provider with ISO/IEC 27001 certification
- Only create reports and analyses based on a previously defined evaluation limit communicated among the participants
- Only have answers to open questions evaluated at the overall company, location or country level
- Sensitive handling of socio-demographic analyses
- No raw data transfer