Data Security and Why HR Managers Must Think About It
Employees have access to a wide variety of electronic information, from the moderately important (such as email lists) to the critical (such as financial records and trade secrets). Upon their departure, HR managers should work with IT to ensure that employee account access is blocked.
Remember the days when employees kept important information in paper files? They are long gone. According to a study conducted by the University of California at Berkeley, almost all of today’s new information is stored electronically. And that could mean trouble for your company when an employee resigns—because electronic documents are both easy to copy, and portable. That makes them more prone to theft than paper documents.
Case in point: In August 2009, DuPont filed a lawsuit against a research scientist who allegedly stole more than 600 files by copying them to a portable hard drive. And that wasn’t an isolated incident; another DuPont research scientist was sentenced to an 18 month prison term for stealing proprietary information worth $400 million.
Think employee data theft doesn’t apply to your type of business? Think again. A 2009 study conducted by the Ponemon Institute found that data theft is rampant in the business world. According to the study, 59 percent of employees who quit or are fired take confidential business information with them. And when the employee works in IT, the access to confidential data is even greater. A 2008 study by Cyber-Ark Software found that almost 90 percent of IT employees would take sensitive company data with them if they were laid off.
The lesson: When employees leave, you must take steps to protect the electronic information they have access to. This may include customer information, financial records, trade secrets, intellectual property, and email lists, to name just a few items.
We recommend that when an employee leaves, you prevent his or her account access, set the account for immediate review, save any necessary files (which may involve consulting with other departments for verification of documents), then delete the account. In addition to protecting data, this will also optimize server space and open up more storage space for the company.
While some employees might argue that they need access to their personal files before departing, and you may grant such access (supervised, on a case-by-case basis), it is not required; any of the information that is located on a company computer is company property.
In a sensitive situation it’s always good to let us know ahead of time so we can help you prepare for a well-managed and secure transition.