When collecting personal information about protected characteristics, organisations must have clear, legitimate reasons for asking these questions. Research shows that unnecessary data collection about sexuality, age, gender, assigned sex at birth, race, religion, or disability status creates significant legal and reputational risks for organisations.
Evidence indicates that the key principle is proportionality. If information about protected characteristics directly relates to the service being provided or is required for legal compliance, such as equality monitoring or reasonable adjustments, then asking may be appropriate. However, guidelines emphasise that organisations should not collect this data simply as standard practice or out of curiosity.
Legal frameworks demonstrate that collecting unnecessary personal data about protected characteristics exposes organisations to potential discrimination claims. When individuals feel their sensitive information has been gathered without justification, this can lead to allegations of bias or prejudice, particularly if that data appears to influence service delivery or decision-making processes.
People often ask whether standard forms should include these questions, but best practice suggests organisations should carefully audit what they actually need to know. Effective data protection policies require organisations to be transparent about why they are collecting sensitive information and how it will be used, stored, and protected.
The most robust approach involves reviewing each question against genuine business need and legal requirements. This careful consideration helps organisations provide inclusive services while protecting both themselves and their clients from unnecessary privacy intrusions.