Andrea Kirby

June 16, 2026

DEI data on job applications: what I see as a mystery applicant, what TA leaders told me, and what the research says we should do instead

As part of my role managing The Circle Back Initiative, I do a mystery application for every company that signs up. I submit an application the same way a candidate would, and it has been incredibly eye-opening. I have also researched over the last 2 years over 600 career websites and their application process from ASX listed, government and NFPs as part of my career website research. I have also implemented application tracking systems - big and small - globally and in Australia and UK.

Again and again, I see the same thing. Right there on the application form, alongside the CV upload and the submit button are questions about gender, sexual identity, age, race and disability.

Sensitive, personal questions. And almost never with any real explanation of what happens to the answers.

Involuntary outing causes real harm. when recruiters act on DEI disclosure data, even to offer support, they risk outing candidates who disclosed in confidence - or at least thought they did, assuming needs that were not expressed and signalling the data is being used in ways candidates were not told about. This erodes the trust that makes voluntary disclosure work. Candidates from marginalised backgrounds already have strong reasons to distrust the process. Acting on the data without their consent confirms those fears.

My position is simple: if an organisation cannot clearly demonstrate that this data is kept separate from hiring decisions, protected properly, and used in a meaningful way, it should not be asking for it at the application stage.

What I keep seeing in real applications

From all those applications, a pattern has emerged:

DEI questions - gender, sexual identity, age, disability, need for adjustments, appear alongside the main application questions, sometimes on the same page.
It is rarely obvious whether this information is visible to the recruiter or hiring manager. Candidates are left to guess.
Explanations about why the data is collected and how it will be used are often absent, buried in a generic corporate privacy statement, or so vague they don't reassure anyone.

I believe most candidates either skip these questions entirely because they don't trust the process, making the whole exercise pointless, or they answer dishonestly, which makes the data useless. And honestly? I understand why. If you don't know where your answer goes, why would you risk it? Indeed, with recent job applications with my neurodiverse son, I have told him not to answer and not to divulge his disabilities until he needs to, such as testing. He would need accommodations for this but until it is necessary, he doesn’t need to divulge it.

Because there is bias whether we believe it or not.

This isn't just a candidate experience issue. It's a trust, governance, and ethics issue.

What TA leaders told me in a poll

To see whether my observations matched what people inside organisations believe is happening, I ran a poll on LinkedIn aimed at TA and people leaders across Australia and New Zealand:

When your organisation collects DEI/demographic data during job applications (e.g. gender, age etc), how is that data handled in your ATS?

The results:

• 32% said the data is separated from the recruiter view.

• 32% said recruiters can see it.

• 37% said they don't collect this data at all.

That split tells you everything. A third has the data is separated. A third say recruiters see it. And over a third don't collect it at all. For a candidate, there is no way to know which camp any particular employer is in just by looking at the form. They're being asked to trust a system they can't see and a process that's rarely been explained.

If a candidate asked, ‘Why are you asking me this?’ could everyone involved in hiring give the same, clear answer?”

Are you 'outing' candidates when it is their right to disclose their circumstances as it suits them?

What the comments taught me

The comments on that post were where things got really interesting. Three themes stood out.

On adjustments: the chicken-and-egg problem

Alex raised a fair point: if recruiters can't see that someone needs extra time in testing, a wheelchair-accessible room, or other adjustments, how do they make the right arrangements?

Disclosure is the candidate's right, not the recruiters opportunity. Asking whether someone needs adjustments is a reasonable, stage-appropriate conversation, initiated by offering it to everyone, not triggered by flagging individuals who disclosed disability on a form. Using disclosure data to single out candidates, even with good intentions is paternalistic and potentially unlawful.

It's a real tension. But my view is that the answer isn't to give recruiters access to a full DEI profile. The better path is:

Build accessible career sites and application flows from the start, so fewer adjustments are needed just to get through the process. Steve Gard from Benchmarcx pointed out that many employers are still failing basic WCAG accessibility standards, meaning some disabled candidates can't apply at all. That has to come first.
Create a clear, human pathway for candidates to request adjustments. A direct email address or phone number, separate from the DEI data collection, where people can contact you if they're comfortable doing so.
Separate 'what do you need to participate fully?' from 'what labels or identities do you hold?' The first is practical and necessary. The second requires far more trust.

Recruiters don't need to see a candidate's full DEI data to accommodate their needs. They need the right systems, the right invitation, and, crucially, the candidate's trust that disclosing something won't count against them.

On where data goes: the payroll lineage problem

Carly asked a simple but important question: how is this data archived? And Steve followed up with a sharp observation about why DEI data is so often poorly handled in ATS environments.

Many ATS platforms evolved from payroll or HRIS bolt-ons, which means DEI data gets treated as a compliance line item: our applications from ‘group’ were up or down by ‘number’. That's rear-view reporting at best. It looks backward at who got hired, rather than forward at where the process is losing people.

When I was recruiting on systems where DEI data was properly separated, I couldn't see individual answers. But I could run reports on where candidates were falling out of the process, and look for patterns of bias or blocks. That's how this data should work, as a diagnostic for improving the pipeline, not a filter on individual applications.

With the Talent Table, Career Website Research, we specifically look for evidence that organisations are closing the loop: publishing what they found, showing what changed, demonstrating that the data actually led somewhere. It's rarely there. And if candidates are sharing sensitive information and never seeing it lead to visible change, why would they keep trusting the process?

Steve also raised a structural problem: who actually owns DEI data and reporting? TA teams usually set up the data pools. HR often does the formal reporting. The two rarely connect, and rich insights get boiled down to a single graphic in an annual report instead of driving real change in how organisations attract, assess, and retain people.

What the research says: lessons from the Neurodiversity Data at Work guide

All of this is backed up by Australian, neurodivergent-led research. Amaze and Diversity Council Australia recently published Neurodiversity Data at Work - a practical guide grounded in a national community consultation with nearly 3,000 participants, including people with lived experience of neurodivergence alongside HR and diversity practitioners.

It sets out six principles for collecting neurodiversity data that are respectful, safe, and actually useful. While the guide focuses on neurodivergence, every lesson applies to DEI data more broadly.

Self-identification is critical. Ask people how they see themselves, and explicitly include people without formal diagnoses. Many neurodivergent adults remain undiagnosed, often because of the cost of assessment, long wait times, or structural barriers. Research shows that self-identified neurodivergent people report similar outcomes and experiences to those with formal diagnoses. Designing questions around self-identification isn't just respectful. It produces more accurate data.
Prioritise safety and trust. Neurodivergent people commonly experience stigma and discrimination, and are often reluctant to share personal information. The research is clear: people feel more comfortable sharing when there is genuine, demonstrable commitment to diversity and inclusion in the workplace, not just a checkbox on a form. Acknowledge the concerns. Explain what you're doing to protect the information.
Recognise the risk in both collecting and not collecting. Collecting data badly erodes trust, and can expose individuals to discrimination. But not collecting any data makes it impossible to understand where the gaps are, identify barriers, or track whether your inclusion work is having an effect. As awareness of neurodiversity grows, choosing not to ask can also send its own message about who you see and value. The risks on both sides mean we need to be proactive and diligent, not paralysed.
Ensure privacy and confidentiality. When neurodivergence or disability data is linked to personal identifiers, it becomes sensitive information subject to privacy law. Treat it like health data: strong access controls, robust data management policies, limited retention. The guide recommends starting with anonymous collection, through D&I surveys, before considering any link to HRIS records. The data shows that 66% of neurodivergent people would feel comfortable sharing information via anonymous surveys, compared to just 29% in their employee profile or HR record. That gap should tell us something.
Make the approach accessible. The survey instrument itself can be a barrier. Dense text, vague instructions, jargon, and complex layouts can prevent neurodivergent people from being able to answer in the first place, which means your inclusion data will miss the very people you most need to understand. Clear language, logical flow, generous spacing, and a 'prefer not to say' option are not optional extras. They're fundamental to getting useful data.
Commit to action. Collecting data and doing nothing with it is actively harmful to trust. When employees or candidates share sensitive information and never see it change anything, they become sceptical of future surveys and less likely to respond honestly. Use your data to identify barriers, set targets, co-design inclusion initiatives, and report back on what you found and what you did about it.

The guide also offers a practical design

A standalone, voluntary question that defines 'neurodivergent' in plain language, and offers responses of yes / no / unsure / prefer not to say. If you want to go deeper, an optional second question asks 'How do you describe your neurodivergence and/or cognitive difference?' with a multi-select list of neurotypes, a free-text option for people who use different languages, and a 'prefer not to say', asked anonymously only, never linked to an HR record.

You don't have to copy the wording. But you can apply the pattern: define your terms clearly, respect self-identification, allow for complexity and multiple identities, keep everything voluntary, and be crystal clear about who can see the data and what it will be used for.

The ethical tension: risk in asking and in not asking

The research and the practitioner conversation both land in the same place: there are real risks on both sides of this question.

There is risk in collecting sensitive DEI data: if it's mishandled, people can be stigmatised, discriminated against, or effectively 'outed' in ways they didn't consent to. Poor system configuration, broad internal access, and vague communication all make this worse.

There is also real risk in not collecting any data. Without it, organisations can't see where the barriers are. They can't tell if neurodivergent candidates are dropping out at higher rates, if disabled employees are being promoted equitably, or if certain groups are chronically underrepresented in leadership. Opting out of data collection entirely can leave marginalised groups invisible in the numbers.

So the answer isn't 'never collect.' The answer is: only collect what you can protect, explain, and actually act on.

Raising the bar: what I think we should expect

Based on what I see in my research, what TA leaders shared in the poll, the conversation it sparked, and the guidance from the neurodiversity research, here's the minimum bar I think we should be setting.

If you can't explain it, don't ask it

Every DEI question on an application form should pass two tests: Can you explain, in one or two sentences, on the form itself, why you're asking and how the answer will be used? And can you honestly say that answering or not answering will have no effect on the candidate's chances? If you can't do both, don't ask.

Separate analytics from hiring decisions - for real

If you're collecting DEI data for reporting, your systems and processes need to reflect that. Configure your ATS so demographic fields are invisible to recruiters and hiring managers in the decision-making workflow. Restrict access to a small group responsible for analytics or compliance. And be prepared to prove that separation if a candidate, a leader, or a regulator asks you to.

Use anonymous and aggregate data wherever possible

If you can get the insight you need from anonymous or aggregated data, choose that route. Collect detailed DEI data through anonymous engagement or D&I surveys, not linked to individual applications or HR records. Be especially careful in smaller teams, where even aggregated data can accidentally identify individuals. And treat identifiable DEI data the same way you treat health data, collected only when necessary, with robust protections.

Co-design with the communities you're asking about

Don't design DEI questions in a vacuum. Involve neurodivergent people, disabled people, LGBTQIA+ people, and culturally diverse employees in designing and testing both the questions and the explanations. Check that the language feels respectful and the format is genuinely accessible. Remember that self-identification and multiple, overlapping identities are the norm, not the exception.

Close the loop - and show what changed

Use your data to find where the barriers are, not just to report headline numbers. Tie your insights to concrete changes: assessment design, interview formats, accessibility of career sites, manager training. And share what you've learned and what you're doing about it, in a way that protects anonymity. If candidates and employees never see DEI data leading to visible change, their motivation to keep sharing will quietly disappear.

A call to TA and HR leaders in Australia and New Zealand

We now have community-led, research-backed guidance on how to ask sensitive diversity questions safely and respectfully. We know what good looks like. The gap is between knowing and doing.

My ask is this: audit your application forms. Look at your ATS configuration. Read the explanations you give candidates and ask yourself whether, if you were applying, you would feel safe answering.

If the answer is no, start somewhere. Simplify your questions. Make them genuinely voluntary. Separate analytics from hiring decisions. Invest in accessibility so fewer adjustments are needed just to get through the door.

If you can't confidently say that candidates are safe, that their data is protected, that their answers won't influence a decision, then don't ask. Full stop.

Want to keep this conversation going?

This is exactly the kind of question The Circle Back Initiative was built to shine a light on. We work with organisations across Australia and New Zealand to raise the standard of candidate experience - and how DEI data is collected, protected, and used is a big part of that.

If you are an employer who wants to do this better, or if you are a TA or HR professional with thoughts, experiences, or questions about how your organisation handles this - come and join the conversation.

Join The Circle Back Initiative

The Circle Back Initiative is a community of employers committed to responding to every candidate who applies. Because candidates deserve to be treated with respect and that starts with transparency, communication, and yes, knowing what happens to the information they share with you. Joining means you are part of a growing movement holding the standard higher for everyone.

Join the Humaneer community - and this conversation

Humaneer is a growing HR community built for practitioners who want to go deeper — on questions exactly like this one. Inside Humaneer, there is a dedicated HR Circle for Experience Design, where people who care about candidate and employee experience come together to share what they are seeing, what is working, and what needs to change.

This topic - DEI data, candidate trust, and what we owe people when they apply - is coming up on a Circle Back community call in the coming month. It is exactly the kind of nuanced, practitioner-led conversation that is hard to have anywhere else.

Join Humaneer here

PX-Dojo: Product Design Thinking for Employee Experience

If this post has you thinking about how HR and TA teams design experiences - not just processes - then PX-Dojo's new course is for you. It applies product design thinking to employee experience: a practical, modern approach to building HR practices that actually work for people.