We know that maintaining participant confidentiality is crucial for ensuring that employees feel comfortable with continuing to provide open and honest feedback. Our reporting functions seek to protect confidentiality while still giving you the power to analyze your result thoroughly. Use these settings to strike the right balance for your organization.
NOTE: Reporting configurations cannot be changed after the survey is launched and will be communicated to respondents on the survey welcome page.
TIP: Check out this Culture Amp Training video course for guidance on selecting the confidentiality protections that are right for your organization.
Direct identification protection
Direct identification occurs when someone is identified by filtering results to show individual responses. This can be limited by setting the minimum responses a group needs for the results to be shown.
Reporting group minimum
The reporting group minimum is the smallest number that you can filter down to in reporting. The reporting group minimum prevents direct identification or the direct filtering on demographic groups with too few responses. A group’s results will be hidden unless this minimum is met. Here is an example of responses that would be hidden for a reporting group minimum of 5.
Comments group minimum
The comments group minimum is the number of people in a group who submit a response before comments are shown. A group's comments will be hidden until this minimum is met. Note that it is not the number of comments written that is the minimum, but the number of people in the group who have taken the survey. Most companies use the same number as the reporting group minimum, but some choose to increase the comments group minimum.
Indirect identification protection
Indirect identification protections give you the power to decide what’s best for your organization balancing extra protections with the utility of your report data. These go beyond protecting just direct displaying responses to prevent inferring a group’s response.
What is indirect identification?
Indirect identification occurs when the responses of an individual, or small group are hidden, but their score can still be worked out by looking at the other scores around them. Our extra protections reduce the risk of this happening by also hiding an additional group. This additional group will be the next smallest group, and can sometimes be above the reporting group minimum. Let’s look at an example of indirect identification.
In this example, the overall engagement score for the company overall is 85%, the engagement score for the Tech team is 90%, and the score for the Legal team is hidden because their participation was lower than the reporting group minimum. However, even though the score is hidden, we can still infer that the one legal person’s score must have been quite low, because the company's overall engagement score is lower than the tech team’s score, and there’s only one person bringing it down.
In fact, we could even work out the Legal person’s exact response with a simple calculation, by weighting all the scores, and subtracting the large groups from the whole. So here, 7 * 0.9 is 6.3 and 8 * 0.85 is 6.8. Subtract them, and we get 0.5. So we know that the legal person responded with 50%.
Our extra protections are there to reduce the risk of indirect identification from happening.
Choosing indirect identification protections
We give you three options to configure indirect identification protections depending on the risk your organization is willing to accept to have the added utility in reporting. These options are none, basic, and strong.
- None: No protection from indirect identification. Only groups below the reporting group minimum will be hidden when filtering.
- Basic: Protects individual responses from indirect identification. If a filter includes a group with only 1 individual, the next smallest group’s responses will be hidden.
- Strong: Protects any groups smaller than the minimum from indirect identification. If a filter includes a group smaller than or equal to the reporting group minimum, the next smallest group’s response will be hidden. Let’s look at each more closely using examples.
If you choose the option of no extra protections, only groups below the reporting group minimum will be hidden when in reports. In this example, the responses of Legal are hidden because they are below the reporting group minimum. Note that with this option, no other scores are hidden to protect Legal, and they could potentially be indirectly identified, as demonstrated above.
The Basic option is our recommended default. If a report includes a group with just one participant, then the next smallest group’s response will be hidden to protect the individual’s response from being inferred, even if that group is above the reporting group minimum. In this example, the responses of the Production team are hidden to protect the one individual response from Legal from being indirectly identified. We find that for most companies, this is the right balance of protecting individual confidentiality while maintaining utility of reports.
The Strong option is one step up from our default setting, and in addition to protecting individuals from indirect identification, it also protects any group with fewer responses than the reporting group minimum. If a report includes a group that’s too small, the next smallest group’s response will be hidden to protect the group’s responses from being inferred, even if that group is above the reporting group minimum. In this example, the responses of Production are disabled to protect the responses of Creative from indirect identification. Sometimes when a company uses strong protections, they choose to lower their reporting group minimum since there are additional protections in place.