The time has come again for all SRA-regulated firms to collate and submit their diversity data as part of the SRA reporting process.
SRA’s diversity reporting requirements
Firms will need to ask their staff to provide their diversity characteristics such as ethnicity, age, gender identity and educational background. This process is part of the SRA’s bi-annual collection of data from the firms it regulates. This data then feeds into an analysis and report by the SRA on diversity in the legal profession, and also the SRA’s law firm diversity tool (accessible here) which allows users to see the representation of various groups within partner, solicitor and other staff roles in law firms.
Firms will need to move quickly: the window for submitting the data to the SRA is opens shortly on 26 June 2023 and will close four weeks later on 23 July 2023.
What do firms need to do?
SRA-regulated firms need to submit their data to the SRA and in many cases will also need to publish it on their website.
Given the time-consuming nature of the process, and the many pitfalls which firms may encounter, it is important that all SRA-regulated firms take action as soon as possible.
Failure to provide the necessary data to the SRA before the deadline could lead to enforcement action and potentially sanctions such as a rebuke or a fine.
What has changed since 2021?
The format of the SRA’s template questionnaire is similar to that used in the last reporting round in 2021. There has been a change to the solicitor partner category this year, in that SRA-regulated firms will need to report separately for full equity solicitor partners and salaried or partial equity solicitor partners. There has also been a slight change to the question on parental occupation to align with Social Mobility Commission guidance.
Collecting the data
There are a number of points to consider when collecting the data for your firm:
The collection and compilation of the data can be outsourced, but firms should note that this also raises its own GDPR and regulatory issues.
GDPR: The collection of diversity information will involve the processing of additional employee personal data, including “special category” (i.e. sensitive) personal data such as ethnicity and disability characteristics. As a result, there are a number of compliance issues that need to be addressed to ensure the data can be processed lawfully. We have summarised these below:
Lawfulbasis– firms should decide on the lawful basis upon which they will carry out the processing. Legitimate interests or compliance with a legal obligation could be relevant. If relying on legitimate interests, a “legitimate interests assessment” should be carried out. Generally, there are issues with relying on consent in an employment context and this should be avoided to the extent possible.
Art. 9 GDPR condition – as special category data will be processed, an Article 9 condition needs to be in place. Depending on the condition relied upon, it may be necessary to put in place an “appropriate policy document” under the Data Protection Act 2018.
Data Protection Impact Assessment (DPIA) – as the processing will likely involve collecting large amounts of special category data, firms should carry out a DPIA. This involves identifying the risks involved with the processing and the safeguards that can be put in place to mitigate those risks.
Transparency– staff privacy notices should be updated to include details of the purposes of the processing and lawful basis upon which it is based, as well the fact that data may be disclosed to the SRA, if this is not already in place.
Security– firms should put in place controls to ensure that only members of staff who need to access it are granted are given access.
Deletion protocol – firms should update their data deletion policy to account for this new collection of data.
“Anonymisation”– firms should not assume that just because no directly identifiable information (such as names and email addresses) are included in responses that this makes them “anonymous”. Care should therefore be taken if publishing results to make sure these cannot be used to identify specific employees.
Identifying whose data should be collected: Firms should take care to ensure that they request all employees to complete the questionnaire, including those on maternity leave or on sickness absence leave if they are in contact with the firm. Secondees should also be included, but not employees who are usually based outside England & Wales.
Categorising each person’s role: Each member of staff will need to be categorised as one or more of a large number of categories such as solicitors, partners, legal executives, assistants, support staff, trainees and employed barristers. If you feel it would be unclear for those in certain roles, you may wish to clarify which category those job titles will fall into.
Using the data for global diversity surveys: It is increasingly common for global firms to aggregate diversity data across all offices. This will invariably require the transfer of personal data outside of the UK and potentially outside of Europe. It is crucial that the recipient of the data has arrangements in place to comply with the GDPR and the Data Protection Act.
Submitting the data to the SRA
The diversity information, once compiled, should be submitted to the SRA via the portal on its website.
Submitting the data to the SRA is a regulatory requirement under the Code of Conduct for Firms and the SRA may take enforcement action if firms fail to do so by the 23 July 2023 deadline.
Publishing the data
SRA-regulated firms are expected to make their diversity data available to all employees and externally (subject to compliance with data protection legislation). The data may be published on the website, or placed on posters in break rooms, included in internal or external newsletters, bulletins etc.
The SRA expects most firms to publish their diversity data on an anonymised basis, but many firms (or their UK offices of larger firms) will be too small to ensure that the data is truly anonymous. There is no need to make a formal application to the SRA to waive the publishing requirement if a decision is taken not to publish data for this reason, but it is important that the rationale for that decision is adequately recorded.
Next steps
Further information about the process can be found on the SRA’s website at: www.sra.org.uk/diversitydata. Fox Williams can also advise on the process.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Cookie
Type
Duration
Description
__atuvc
third party
1 year
This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
__atuvs
third party
30 minutes
This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
__stripe_mid
third party
1 year
__stripe_sid
third party
30 minutes
_ga
third party
2 years
This cookie is installed by Google Analytics and collects information on how users interact with the website. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. It is used to distinguish users.
_gat
third party
1 minute
Google Analytics cookies to track users as they navigate the website and help improve the website's usability.
_gid
third party
24 hours
This cookie is installed by Google Analytics and collects information on how users interact with the website. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. It is used to distinguish users.
cookielawinfo-checkbox-necessary
session
1 year
Records the default button state of the corresponding category. It works only in coordination with the primary cookie.
cookielawinfo-checkbox-non-necessary
session
1 year
This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Non-Necessary'.
di2
third party
1 year
This cookie is set by addthis.com on sites that allows sharing on social media. The cookie is used to track user behavior anonymously to generate usage trends to improve relevance to their services and advertising.
loc
third party
1 year
This cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are located.
m
third party
2 years
na_id
third party
1 year
This cookie is set by Addthis.com to enable sharing of links on social media platforms like Facebook and Twitter
NID
third party
6 months
This cookie is used to a profile based on user's interest and display personalized ads to the users.
ouid
third party
1 year
The cookie is set by Addthis which enables the content of the website to be shared across different networking and social sharing websites.
uid
third party
1 year
This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
um
third party
1 year
Set by addthis.com.(Purpose not known)
uvc
third party
1 year
The cookie is set by addthis.com to determine the usage of Addthis.com service.
vc
third party
1 year
This cookie is set by addthis.com on sites that allow sharing on social media.
viewed_cookie_policy
session
1 year
Is the primary cookie that records the user consent for the usage of the cookies upon accept and reject. It doesn't track any personal data and is set only upon user action (accept/reject).
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.