UK Model Diversity Survey Privacy Policy | InterLaw Diversity Forum

UK Model Diversity Survey: Privacy Policy

This privacy policy explains how InterLaw Diversity Forum ("IDF","we", “us”, “our”) process your personal data when you use the UK Model Diversity Survey (“UK MDS”) platform directly, or when your anonymised information is entered into the UK MDS platform by your employer on your behalf.

As part of our mission, InterLaw is rolling out the UK Model Diversity Survey (“UK MDS”), a supplier DEI questionnaire which corporate and financial institution signatories (“client signatories”) can require their panel firms/legal service providers to fill out. The UK MDS has been adapted with kind permission from the ABA Model Diversity Survey ("ABA MDS"), originally developed and run by the American Bar Association (“ABA”).

The purpose of the UK MDS is to serve as the standard for law firms’ reporting of their diversity, equity, and inclusion (“DEI”) metrics to their clients. The UK MDS can help clients shape their decisions about allocation of legal work to law firms/legal suppliers by creating greater transparency around diversity, equity, inclusion, and culture in law firms.

Further information about the UK MDS and the benefits to client signatories, law firms and society can be found here.

IDF takes our data privacy obligations very seriously and we have designed the UK MDS with privacy at its core. This privacy policy explains what information is collected through the UK MDS, how it is used, and what your rights are under data protection laws.

We’ll post any changes we make to the policy on this page and will notify our law firm participant and client signatory key contacts of any significant changes.

This is version 4 of the policy - last updated on 28 September 2022.

If you have any questions related to this privacy policy, please contact:

jonathan.leonhart@interlawdiversityforum.org

Who are we?

InterLaw Diversity Forum Ltd (Company number: 09010439; Registered office: 7 Bell Yard, London, England, WC2A 2JR) is the controller of your personal data.

InterLaw Diversity Forum was established in 2008 and our mission is to foster inclusion for all diverse, socially mobile, and under-represented talent working in the legal sector; and to promote meritocracy in all sectors by working to 'level the playing field' in order to create environments where the best talent can succeed.

What data is collected through the UK MDS?

Information collected from law firms

IDF, with the support of the ABA, has carefully designed the UK MDS to collect the minimum amount of data possible from law firm participants and only asks for DEI data to be reported in anonymous numerical format to reduce the risk of individuals being identifiable.

The UK MDS asks for participating law firms to provide the names, pronouns, email address, and job title of the Firm Contact, and the name of the firm’s CEO/Managing Partner. No diversity data is requested for these two named individuals. The UK MDS does not ask names of any lawyers it collects diversity data on.

Law firms are asked to input the total number of UK lawyers that are working only in the UK and are eligible to be counted in the UK MDS, and the total number of lawyers globally, and then input the firm’s anonymous demographic data for all eligible UK lawyers in their UK office(s) as of 31st December of the previous year.

The survey is split into ‘equity partners’, ‘non-equity partners’, ‘counsel’, ‘associates’, ‘trainees’ and ‘other lawyers’. For each of the aforementioned categories, the law firm enters the number of individuals who fall into particular diversity categories, e.g., “Asian/Asian British + Male”, “Black/Black British + Sex Not Disclosed”, “White + Female” etc, “Lesbian/Gay women”, “Trans/Non-Binary”, “Disabled”, “Socially Mobile”, etc.

The law firm is then asked to provide the demographic profile for lawyers in leadership positions, the demographic profiles of the highest and lowest earning partners, and the demographic profile of those holding the top 30 key client partnerships. No actual financial figures are ever given in the UK MDS.

Law firms will never share any names of law firm lawyers with InterLaw Diversity Forum when completing the UK MDS (except the Firm Contact and the CEO/Managing Partner); they simply share the number of lawyers that fall into an applicable diversity category.

As such, no personal diversity data on law firm lawyers is collected directly. However, if the response to any question in the UK MDS is “1” (meaning one person reported for that DEI metric) then there is a remote chance that this individual could be identified indirectly, though this would only be possible by a) knowing the firm’s total number of lawyers; b) knowing how many of these lawyers qualify to be counted in the UK MDS; c) knowing the actual percentage, as opposed to the reported percentage (which has been rounded to the nearest whole number), and d) using publicly available sources (e.g., the law firm’s website or LinkedIn or other communications which may contain photos and other information the firm or individual has published) to try to identify the relevant individual. However, the risk of identification is lower given that the results are reported to client signatories in percentages rather than the actual numbers input into the UK MDS online platform.

To give an example, a law firm has 66 total associates. Of these 66 associates, 60 fulfil the criteria to be counted in the UK MDS. If the law firm reports that one of these associates is a gay male, it is not possible to tell directly from the information in the UK MDS dashboard that this represents only one individual or who this individual is – it is reported as 2% LGBT associates (i.e., 1 out of 60 associates, where 1.6% is rounded up to 2%). (Note that the Dashboard show 2% LGBT associates and not 2% gay male associates. When displaying this information in the Dashboards, IDF combines information on gay men, lesbian/gay women, bi men, bi women, and trans under the single heading “LGBT” to further obscure the raw data.) It may, however, be possible to indirectly identify that individual through multiple steps. First, it would be necessary to know not the total number of firm associates (66), but rather the precise total number of firm associates who qualify to be reported on in the UK MDS (in this case 60) as well as the actual percentage (1.6% and not the reported 2%) in order to translate this 1.6% back into a real number and to determine that this percentage represents one LGBT associate. (Note that even in this case the sex of the individual is unknown). IDF will never reveal any of these raw data figures (1, 66, or 60) to any party. Second, it would be necessary to use other publicly available information to determine who this one LGBT associate is – for example if the individual appeared in diversity videos published by the law firm or talked about experiences of being gay (or lesbian or bi or trans) in their LinkedIn profile which also mentions the firm

Additionally, the UK MDS generally does not report on the intersection of diversity characteristics*. If the associate in the above example is a gay black male with a disability, the UK MDS does not report on the percentage of gay black male associates with disabilities. It gives one percentage for black associates, another percentage for male associates, another percentage for LGBT associates, another for disabled associates, etc. This further protects the individual’s privacy.

*In the instances where the UK MDS does report on the intersection of “race/ethnicity + sex”, additional steps are taken to obscure the raw data. For example, in these cases the UK MDS does not separately report the percentages of Black male associates, Black female associates, Asian male associates, and Asian female associates in the Dashboards. Rather, these are combined into a single umbrella category and shown as BAME male associates and BAME female associates.

In the unlikely event that a firm should still have concerns about identifiability, they may always choose not to report on an individual, either by assigning them a value of “0” or by counting them under “X not disclosed to firm”, as appropriate. IDF is available to Law Firm Participants in the UK MDS to discuss any areas of potential concern and help identify solutions.

Information collected from client signatories

InterLaw Diversity Forum will have email addresses of the relevant contacts at client signatories in order to allow them to set up an account with unique log-in credentials (username and password) for the UK MDS, in order to access the reports generated from the participating law firms’ D&I data.

Information collected automatically

InterLaw Diversity Forum and its service partner, the Law School Admission Council, Inc. (“LSAC”) will also have access to platform usage data (e.g., technical data about interactions with the platform) which they will use only for analysis, security, troubleshooting and system improvement purposes.

The platform uses essential cookies (which are small text files of letters and numbers that are stored on your browser or the hard drive of your computer) that are needed for the operation of the UK MDS and to distinguish you from other users.

How do we use the data collected and what lawful bases do we rely on?

InterLaw Diversity Forum will use law firms’ responses on a confidential basis to generate reports for client signatories. These reports translate the raw numerical data provided into percentages and we provide this information to the client signatories in a user-friendly format on the UK MDS platform. Only certain individuals at client signatories will have access to the platform through secure log-in credentials on a ‘need-to-know’ basis. Client signatories are subject to confidentiality obligations as users of the UK MDS platform.

In addition, InterLaw Diversity Forum will use the aggregate data collected by the UK MDS to analyse the state of diversity, equity, inclusion and culture in the UK legal profession. While the names of all law firms participating in the UK MDS will be listed in the research findings, all response information will be aggregated and released in a statistical or summary form. We will not report results in its research findings in categories small enough to allow any participating law firm or individuals to be identified directly or indirectly. The InterLaw Diversity Forum will treat the data of every law firm participant with the utmost confidentiality.

InterLaw Diversity Forum relies on the following lawful bases for its own processing of personal data:

Processing is necessary for InterLaw Diversity Forum’s and the client signatories’ legitimate interests (UK GDPR Article 6(1)(f)) which are not outweighed by the rights and freedoms of individuals. Such legitimate interests include processing in order to:
- (i) operate the UK MDS and generate reports for client signatories; and
- (ii) ensure network information, security and the efficient running of the UK MDS; and
For special category data, processing is necessary for reasons of substantial public interest (UKGDPR Article 9(2)(g)). InterLaw Diversity Forum relies on the lawful bases set out in Schedule 1, Part 2, Data Protection Act 2018 relating to the equality of opportunity or treatment, and/or racial and ethnic diversity at senior levels.

Participating law firms will be separately responsible for determining their own lawful basis for the processing of personal data by them and sharing such data with InterLaw. As separate and independent controllers of the personal data being input into the UK MDS, the law firms will be responsible for informing staff that their data will be shared with InterLaw for the purposes of the UK MDS and explaining how individuals can exercise their rights under data protection laws. Whilst the UK MDS has been designed to only present percentage information to client signatories, to the extent that there remains a very remote risk of individuals being identifiable (e.g., if a law firm has low numbers of diverse individuals and when combined with knowledge of a firm’s total number of lawyers eligible to be counted in the UK MDS as well as with other publicly available information) client signatories will also be separate independent controllers of any such personal data.

Who do we share your data with?

Only InterLaw Diversity Forum and LSAC will have access to the raw data provided in the UK MDS. LSAC is a Delaware not-for-profit corporation that provides platform maintenance, support, and training services to InterLaw Diversity Forum. The InterLaw Diversity Forum will treat the data of every law firm participant with the utmost confidentiality.

InterLaw Diversity Forum and LSAC have a contract in place with appropriate data processing provisions and standard contractual clauses for international data transfers, since LSAC will access the data from the US.

Both InterLaw Diversity Forum and LSAC have appropriate technical and organisational security measures in place to protect personal data, including only allowing access to the UK MDS to individuals on a need-to-know basis using secure log-in details. LSAC has appropriate technical and security measures in place to protect the personal data it processes on InterLaw Diversity Forum’s behalf, for example access controls, encryption, physical security, and information security policies.

The UK MDS is built on Microsoft Dynamics 365, Power Platform, and PowerBI, a Microsoft suite of tools where security is managed by Microsoft. Microsoft will not itself have any access to the data on the UK MDS under any circumstances and is purely providing the software.

How long do we keep your data for?

InterLaw Diversity Forum will delete the data after six years post-participation, and LSAC will delete the data as soon as it’s no longer needed for LSAC to provide InterLaw Diversity Forum with maintenance or support services.

Participating law firms will be expected to complete the survey annually so that the information on the UK MDS remains as accurate as possible.

What are your rights?

You have the following rights in respect of your personal data:

The right to be informed - you have the right to be provided with clear, transparent, and easily understandable information about how we use your data and your rights, which is why we are providing you with this information in this privacy policy.
The right of access - you have the right to obtain access to your data and certain other information (similar to that provided in this privacy policy). This is so you are aware and can check that we’re using your data in accordance with data protection law. You can do this by contacting us on the email address provided below.
The right to rectification - you are entitled to have your data corrected if it is inaccurate or incomplete.
The right to erasure – this enables you in some circumstances to request and obtain the deletion of your data where there is no legal reason for us to keep using it.
The right to restrict processing – you have rights to suspend further use of your data, whereby we can still store your data but cannot use it further.
The right to data portability – you have rights in some circumstances to request the transfer of your data to yourself or to a third party.
The right to object to processing – you have the right to object to certain types of data processing, including for direct marketing purposes.
The right to withdraw consent – where we are relying on consent to process your data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your data with your consent up to that point is unlawful).

How can you contact us?

If you wish to exercise your rights in respect of your personal data, or if you have any questions, comments or requests regarding this privacy policy or our data processing practices, please email:

jonathan.leonhart@interlawdiversityforum.org

If you wish to make a complaint about our handling of your personal data, you can contact the UK’s Information Commissioner’s Office at https://ico.org.uk/concerns/handling/ or on +44 (0)303 123 1113.