Who can use this feature?
Available on:
All Culture Amp subscriptions
In Culture Amp, Sensitive Demographics are fields that may require extra protection due to the private nature of the information (such as race, sexuality, or disability status). By tagging these fields as "sensitive," you can ensure that only authorized users can view, export, or edit this data at an individual level, while still allowing for them to be used in aggregate reporting.
Sensitive Demographics help with:
Enhanced Privacy: Helps protect employees from potential harmful bias by restricting individual-level visibility.
Simplified Delegation: Empower users with Employee Data Limited Permissions to manage their teams without exposing confidential attributes like salary or gender identity.
Step 1. Align Internally on Sensitive Data
Before changing settings in the platform, align internally on your sensitive demographics list. Consider treating a demographic as sensitive if it meets any of the following criteria:
Identity & Privacy: It reveals aspects of a person’s identity that could expose them to discrimination or harmful bias (e.g., sexuality, gender identity, race, disability).
Confidential HR Information: It relates to highly confidential data such as salary, bonus eligibility, performance ratings, or disciplinary status.
Recommended approach:
Start with a short list of clearly sensitive fields.
Validate the list with your privacy, legal, and DEI stakeholders.
Confirm which specific roles (typically a small set of central HR owners) should still be allowed to see these fields individually.
Step 2: Tag Demographics in Employee Data Settings
Once your list is finalized, you can configure the decided demographics as Sensitive on your Account Demographics page.
Sign in to Culture Amp as an Account Admin or Employee Data Admin (Full permissions).
Navigate to Settings > Employee Data > Demographics
You will see your list of Account Demographics, with a Sensitivity toggle column.
Locate the required demographic in the list (e.g., Gender).
Use the control toggle in the Sensitivity column to mark the demographic as sensitive.
If you make a mistake, simply click the toggle again to remove the sensitive tag
Step 3: Configure Default Behaviour for New Demographics
You can control how new demographics behave when they are first created via a global toggle near the top of the Account demographics page, called Demographic sensitive by default
If this toggle is OFF (gray): Newly added demographics will not be protected by default. Appropriate if most of your fields are operational (e.g., Business Unit or Office) rather than private.
If this toggle is ON (green): Every new demographic starts as sensitive until you explicitly change it. Recommended default for privacy-conscious organizations.
Note: No matter the default setting you select, you can still manually toggle individual demographics as needed.
Impact on Employee Data Admin Roles
Sensitive demographic configuration and visibility differ depending on whether a user has full or limited employee data permissions. See the table below, which outlines the differences clearly.
Ability | Account Administrator | Employee Data Full Permissions | Employee Data Limited Permissions (Scoped) |
Tag fields as sensitive | ✅ | ✅ | ❌ |
View/Edit individual sensitive data | ✅ | ✅ | ❌ |
Import Sensitive Data | ✅ | ✅ | ❌ |
Export sensitive data | ✅ | ✅ | ❌ |
Tip: To balance administrative efficiency with data privacy, assign Full Permissions only to a small, central HR or People Data team for company-wide oversight. For regional HRBP (or similar) use Limited (scoped) Permissions to delegate day-to-day management without exposing sensitive demographic details at an individual level.
Impact on Engage (Surveys)
The Engage module on Culture Amp uses the Sensitive Demographics flag to prevent users with survey permissions from viewing and using sensitive fields during survey configuration, in ways that might expose individual employee data.
The following information applies to users with Survey Creator, Survey Administrator, Surveys Limited Permissions, and Surveys Full Permissions roles.
On the survey configuration's Participants page and similar flows, sensitive demographics will not be available as filters for selecting participants or viewing them at an individual level.
Participant exports will not include any sensitive demographics
Sensitive demographics can still be selected as included demographic filters for reporting purposes, but will only show aggregated data for groups above the surveys' reporting group minimum - in line with regular confidentiality protections
Note: Sensitive Demographics only impact Employee Data and Engagement (Surveys) at this time, but additional module controls may be introduced in the future (e.g Performance, Develop)
FAQs
Can I mark all demographics as sensitive?
Can I mark all demographics as sensitive?
You technically can mark all fields as sensitive, but we recommend doing so thoughtfully. If everything is sensitive, you may significantly limit what scoped admins and some product roles can do, and you may reduce the usefulness of reporting for non-sensitive operational fields like Department or Office.
The exception is Age and Tenure. These are inferred core demographics (generated from Date of Birth and Start Date demographics) and cannot be marked as sensitive.
Will Survey Data Analysts still have access to sensitive demographics?
Will Survey Data Analysts still have access to sensitive demographics?
Yes. If a survey has raw data extract enabled, a survey data analyst will still be able to view sensitive demographics (if included on the survey) when they export the raw data.
Do we need to re-upload our data after enabling sensitive demographics?
Do we need to re-upload our data after enabling sensitive demographics?
No. This setting adds a "flag" to your existing configuration. Your underlying employee records do not need to change.
Can sensitive demographics still be used in reporting?
Can sensitive demographics still be used in reporting?
Yes. You can still use sensitive demographics for high-level insights and aggregate reporting. The primary goal of this feature is to prevent individual identity disclosure.
While unauthorized users cannot see sensitive data tied to a specific person’s name, your organization can still analyze this data in aggregate reports (such as DEI dashboards or Engagement results).
To ensure privacy, Culture Amp’s standard reporting protections—such as reporting group minimum sizes—remain in place. This means results will only be displayed when there are enough responses to keep individual identities confidential.
What happens if an Employee Data Limited Permissions user attempts to update an employee's sensitive demographic?
What happens if an Employee Data Limited Permissions user attempts to update an employee's sensitive demographic?
A user with Employee Data Limited Permissions will not be able to view any sensitive demographics on the users page, so will not have an option to attempt updating these manually.
If, however, they attempt an import that includes a column for a sensitive demographic, the demographic will show under ignored demographics on the import review screen, before confirming the import (in this example, Cat Lovers is the sensitive demographic).
