Losing Data with Employees
Written by Geoff Newman on 04/08/2010
Employees who leave organisations unwillingly may feel inclined to take something valuable with them. But an exit management policy that is properly implemented can help you avoid this.
The problem with redundancies.
Redundancies can expose organisations to the risk of data theft or data insecurity in a number of ways. Resentment towards the company or concerns about finding replacement jobs may cause those fearing redundancy to think they’ll lose nothing by taking confidential information. Employees in gross misconduct situations are usually suspended and removed from the workplace and access to data. Potentially redundant employees, however, are warned and then left at their desks, with the ability to copy and download files.
What precautions should be taken?
Before an employee is formally notified of their position, contracts of employment should be checked to identify what duties of confidentiality and protection - commonly called ‘restrictive covenants’ - exist after termination. These are really designed to protect employers’ business interests rather than to penalise employees, and can be inserted throughout any period of the employment relationship, including termination. The employee does, however, need to agree to them, so if this is done during termination then the employer will probably have to ‘pay’ for the agreement through such means as increased compensation.
What other safeguards should be in place?
Exit management policies are essential. Having one allows managers to shut down areas that are of risk to data theft. Client information should be treated just as any other valuable asset and should be protected from being leaked outside to benefit competitors and therefore damage the business. An exit management policy cannot be ad hoc and must be thorough and prepared in advance to stop confidential information being leaked. When correctly implemented, such a policy guarantees a return on investment.
What should an exit management policy (EMP) include?
An EMP should lay down a ‘road map’ of options for managers to consider if any of their vital key members resign, or specifically in this case, face potential redundancy. The information should range from basic ideas such as checking the contract of employment to confirm their notice period, to less obvious ones such as whether or not a review of their email history should be done to check for suspicious activity. An EMP aims to remove the need for managers to think about the practical steps the could or should take, which means they can focus on determining which steps are most appropriate for the particular situation.
What stops the loss of vital information?
One option is to reduce the influence a single employee can have on important customers; key clients should deal with a number of employees. However, though this works in theory, in reality it is often difficult to ensure. Another idea is to restrict access to confidential information through a password protection system, or by locking databases and systems to users. Monitoring activity like email and printing use, or the use of external storage devices like iPods can also help employers to keep an eye on suspicious conduct, but only as long as this is in keeping with the organisation’s IT policy or if the employee is suspected of misconduct. If not, then there is a risk of breaching privacy laws.