This document summarises the data protection considerations and safeguards applied when using Prism AI features for analysing employee survey data.
1. Purpose of Processing
Prism AI is used to support analysis and interpretation of employee survey data. Specifically, it is used to:
Categorise open-text survey comments into themes
Generate summaries of feedback
Analyse quantitative survey results
Identify trends over time using historical data
Compare results against benchmark datasets
Suggest potential actions based on insights
Enable controlled user querying via a chat-style interface
This processing supports insight generation from aggregated and anonymised employee feedback and is not used to assess or make decisions about individuals.
2. Data Flow and Processing
Survey data (qualitative and quantitative) is collected via the People Insight platform
All data is processed within our secure environment prior to any AI interaction
Before any data is processed by Prism AI:
Data is anonymised
Names, email addresses, employee IDs, and other direct identifiers are removed
Thresholds are applied
Data relating to groups below minimum reporting thresholds is excluded
Data is aggregated and structured
Data is compiled into structured JSON format to tightly control scope and content
Data processed by Prism AI may include:
Anonymised open-text comments
Aggregated quantitative survey results (e.g. scores, distributions)
Historical survey data (for trend analysis)
Benchmark data (industry or comparative datasets)
High-level organisational context (e.g. sector, survey structure, strategic themes)
Additional controls:
No live system access: AI services do not have direct access to core databases
No live querying: All interactions are controlled, pre-processed requests
Stateless processing: Each request is processed independently with no persistent session context
3. Nature of Data Processed
Data processed by Prism AI is strictly limited to:
Anonymised qualitative data: survey comments with identifiers removed
Aggregated quantitative data: statistical summaries only
Structured datasets: formatted as JSON to control granularity and content
Contextual information: high-level organisational context to improve relevance
We do not process:
Names or direct identifiers
Contact details
Individual-level identifiable records
Data below reporting thresholds
All data is prepared to ensure individuals cannot be identified, either directly or indirectly.
4. Roles and Responsibilities
Client: Data Controller
People Insight: Data Processor
Prism AI operates as part of the People Insight platform. Any third-party infrastructure used to support Prism AI operates under People Insight’s control and contractual safeguards.
5. Data Residency and Transfers
Prism AI is hosted within the UK
Data is stored within the United Kingdom
Where AI capabilities are supported by external services:
Processing is configured to remain within the UK region
No routine international data transfers are required for Prism AI processing
This supports strong data residency and reduces cross-border data transfer risk.
6. Safeguards and Controls
We implemented the following controls prior to enabling Prism AI:
Data minimisation: Only anonymised and necessary data is processed
Anonymisation: Removal of direct identifiers before processing
Aggregation and thresholding: Prevents identification of individuals or small groups
Structured data control: JSON formatting restricts scope and exposure
Stateless processing: No persistence of input data beyond request processing
No model training on client data: Data is not used to train or fine-tune AI models
No data retention by AI services: Data is processed transiently and not stored beyond processing
No live system access: AI services cannot access databases or internal systems directly
Encryption: Data encrypted in transit and at rest
Access controls: Restricted internal access to systems and data
Human oversight: AI outputs are advisory only and subject to user review
Output aggregation: Insights are presented at group level, not individual level
7. Risk Assessment and Mitigation
Risk | Mitigation |
Re-identification from free text | Anonymisation, aggregation, thresholding |
Re-identification from combined datasets (e.g. trends, benchmarks, context) | Structured JSON control, aggregation, strict thresholds |
Unauthorised data access | Encryption, access controls, no direct system access |
Data persistence or unintended retention | Stateless processing and no retention by AI services |
Bias or misinterpretation in outputs | Human oversight and review |
Over-reliance on AI outputs | Outputs are advisory only |
Residual risk is considered low and proportionate to the purpose of processing.
8. Vendor and Infrastructure Assurance
Prism AI is built on enterprise-grade cloud infrastructure provided a third party.
Prior to implementation, People Insight:
Assessed the third party's security, privacy, and compliance certifications
Configured services to ensure UK data residency
Ensured AI capabilities operate under strict data handling and non-retention principles
Verified that data processed is not used for model training
Established appropriate contractual and technical safeguards
This provides assurance that Prism AI operates within a secure, controlled, and compliant environment.
9. Compliance Position
This processing is designed to align with:
UK GDPR principles:
Data minimisation
Purpose limitation
Security and confidentiality
Accountability
ICO guidance on anonymisation and processors
Industry AI risk management frameworks (e.g. NIST AI RMF)
10. Summary
Prism AI processes only anonymised, aggregated, and structured survey data, including qualitative, quantitative, historical, and benchmark information.
It is hosted within the UK, ensuring UK data residency. Strong technical and organisational controls are in place, including anonymisation, thresholding, structured data handling, and stateless processing.
AI processing does not retain data or use it for model training. Following vendor due diligence and implementation of safeguards, the residual privacy risk is considered low and proportionate.