Four Points on Managing Former Employees and Corporate Data
For nearly all businesses, employee turnover is a given. The average organization in the U.S. can expect 24% of its employees to leave in a given year.1 One important piece to consider when employees leave—whether amicably or otherwise—is making sure they don’t take your corporate data with them.
A helpful white paper from Intermedia, based on research, discusses corporate data and how to manage it, particularly when employees leave the organization. Here are four important points from the paper to consider.
1. Employees Use File-Sharing Systems
Employees will use file-sharing software, one way or the other, because it’s almost necessary in the modern global environment. You can have your files unofficially floating around in applications like Dropbox or Google Drive, or you can implement a managed company solution. (For instance, at Telios Law, we use NetDocuments to store all our documents, because it is highly encrypted to international data-protection standards and requires a user account and log-in that we manage. We use a business subscription to Box, which encrypts files to a GDPR standard, for exchanging files in litigation or with clients.) There are a number of solutions that would work.
2. Ex-Employees Often Keep Data
Even after employees leave the company, 89% still have access to at least one application from a former employer. This could be social media, Paypal, corporate email, or document management. Worse, about 25% of the data ex-employees can access is confidential. Many employees log in to this information after leaving, and some even share it with others.
3. Negative Legal and Other Consequences May Arise
Ex-employee access to health information or financial data may trigger obligations under data breach notification statutes. It may mean that companies cannot fully implement legal holds or satisfy discovery obligations in a lawsuit. Companies may lose rights to intellectual property. They may be open to attacks by malicious ex-employees. Or well-meaning employees may accidentally wipe your data as they “clean up” their files in the process of departure.
4. Take Proactive Steps to Protect Company Information
Explore where your corporate data is stored. Have acceptable use policies for company and employee devices, especially personal devices and unapproved software. Have an off-boarding process that makes sure employees turn over their log-in credentials and reveals where corporate data is stored. Manage your cloud applications so you know what is being used and who has access.
1 See Osterman Research White Paper, Best Practices for Protecting Your Data When Employees Leave Your Company (Dec. 2016), available at http://www.sonian.com/wp-content/uploads/2017/01/Best-Practices-for-Protecting-Your-Data-When-Employees-Leave-Your-Company-Sonian.pdf.
Because of the generality of the information on this site, it may not apply to a given place, time, or set of facts. It is not intended to be legal advice, and should not be acted upon without specific legal advice based on particular situations