HR and People Analytics: Architecture, Privacy, and the Metrics That Matter

People analytics — using workforce data to understand headcount dynamics, attrition patterns, performance distribution, and engagement — sits at the intersection of analytical opportunity and governance risk. The data is rich and the potential insights are significant. The personal sensitivity of the data, the power asymmetry between the organisation and individual employees, and the regulatory frameworks that govern employee data in most jurisdictions make the governance requirements unlike any other analytics domain.

Building people analytics responsibly requires explicit architectural decisions about data access, aggregation floors, and use limitations — not as afterthoughts, but as design constraints that shape every part of the implementation.

Data Sources in People Analytics

HR analytics integrates data from multiple systems, each with different data characteristics and sensitivity levels:

**HRIS (Human Resources Information System)**: The authoritative source for employee records — hire date, role, department, location, compensation, tenure, termination date and reason. Systems include Workday, BambooHR, HiBob, SAP SuccessFactors. HRIS data contains the highest-sensitivity fields: compensation, protected characteristics, performance ratings, disciplinary history.

**Recruiting and ATS data**: Applications, interviews, offers, hires, and declines from systems like Greenhouse, Lever, and Workday Recruiting. Recruiting data enables funnel analysis (offer acceptance rates, time-to-hire by role and department, source of hire) and diversity metrics at the hiring stage.

**Performance management systems**: Goal progress, performance ratings, peer feedback from systems like Lattice, Culture Amp, or Workday Performance. Performance data is high sensitivity — individual performance ratings can influence compensation, promotion, and termination decisions.

**Engagement and survey data**: Pulse survey results, eNPS scores, exit interview data from Culture Amp, Glint, or Qualtrics. Survey data carries a specific trust dimension: employees were told their responses would be confidential; using survey data in ways that allow individual responses to be inferred violates that trust.

**Collaboration tools data**: Activity signals from Slack, Microsoft Teams, email systems. Collaboration analytics is the most sensitive data category — the line between organisational network analysis and surveillance is not always clear, and many jurisdictions have specific regulations about monitoring employee communications.

The Aggregation Floor

The most important architectural constraint in people analytics is the aggregation floor: a minimum group size below which individual metrics are not displayed. The purpose is to prevent individual identification from aggregate statistics.

A department of 3 people with an attrition rate of 33% reveals exactly one person left. A location with 2 employees where 50% are classified as high performers reveals exactly one person's rating. These are not hypothetical risks — they are routine data exposures in people analytics dashboards that display metrics at fine granularity.

The standard aggregation floor for people analytics is 10 employees. Metrics are not displayed for any group with fewer than 10 members. Groups where a single person's data determines the metric (due to small n) are suppressed entirely.

Implement the aggregation floor at the data source level, not in the BI tool. BI tool filters can be bypassed; data source-level aggregation floors cannot be removed by dashboard consumers.

Access Control Architecture

People analytics data requires role-based access controls that are more granular than most other analytics domains:

**HR-only fields**: Compensation, performance ratings, disciplinary records, accommodation requests, and medical information should be accessible only to authorised HR staff. These fields should not be visible in dashboards accessible to managers outside their own direct reports' data.

**Manager-level access**: A manager should see analytics for their direct reports and the departments they manage. They should not see peer managers' team data or data about employees outside their reporting structure. Row-level security based on the reporting hierarchy (typically represented as a manager-to-employee graph in the HRIS) implements this.

**HR business partner access**: HR business partners who support specific business units need access to the data for their assigned business units, not the full organisation. Their access is business-unit-scoped, not manager-scoped.

**Executive access**: C-suite and senior leadership typically need organisation-wide metrics but with compensation and individual performance details aggregated or suppressed. They need to see attrition rates and headcount trends; they do not need to see individual salary figures.

Key People Analytics Metrics

**Headcount metrics**: Total headcount, headcount by department/level/location/tenure, full-time vs contractor split. Headcount is the foundation; all other metrics are rates or distributions calculated against it.

**Attrition metrics**: Voluntary attrition rate, involuntary attrition rate, attrition by tenure (first-year attrition is a distinct metric from overall attrition), attrition by department and role. Tenure-specific attrition reveals whether a problem is in hiring, onboarding, or long-term retention.

**Hiring metrics**: Time-to-fill (requisition open to offer accepted), time-to-start (offer accepted to first day), offer acceptance rate, source of hire (which sourcing channel produces the most hires), hiring manager satisfaction score. These are the efficiency metrics of the recruiting function.

**Span of control**: Average number of direct reports per manager, distribution of span sizes. Too narrow span (1-2 direct reports) suggests management layer redundancy; too broad span (15+ direct reports) suggests management capacity issues.

**Diversity metrics**: Representation by gender, ethnicity, and other dimensions at each level of the organisation, in hiring pipelines, and in promotion decisions. These require particular care with aggregation floors and access controls given both sensitivity and regulatory requirements.

**Compensation analytics**: Pay equity analysis (compensation gaps controlling for role, level, and performance), salary band adherence, compensation percentile vs market. These are exclusively HR and compensation team access.

Regulatory Considerations

People analytics is subject to regulations that vary significantly by jurisdiction:

**GDPR (EU)**: Employee data falls under GDPR. Lawful basis for HR analytics processing must be documented; data minimisation applies; employees have rights to access, correction, and deletion of their data. Analytics use of employee data must have a documented legitimate interest basis.

**CCPA (California)**: California employees have rights over their personal information similar to consumer rights under CCPA's extended provisions for employee data.

**Genetic information and health data**: GINA (US) prohibits genetic information in employment decisions; health data in HR systems requires ADA-compliant handling. Analytics that surface health-adjacent data must be carefully scoped.

**Works councils (EU)**: In Germany and several other EU countries, works councils must approve new data collection and monitoring systems including analytics. People analytics platforms deployed in EU operations may require works council consultation and approval.

Document the legal basis for each analytics use case, the access controls that limit exposure, and the data retention policies for each data category. This documentation is both a governance requirement and an operational risk management tool.

Our data architecture practice designs people analytics architectures that balance analytical insight with employee privacy and regulatory compliance — contact us to discuss HR analytics architecture for your organisation.

A former Microsoft data architect audits your data foundation, identifies your top priorities, and sends you a written plan. Free. No pitch.