Departing-Employee Data Loss: What it is and how to fight it

Some of the greatest threats to an organisation’s confidential data comes from departing employees. A departing employee can collect confidential company data for sinister purposes or unwittingly retain data without malicious intent.  In many cases, both scenarios have potential to lead to disastrous outcomes for the company.

Done without the employer’s knowledge or permission, confidential electronic information could easily be saved on multiple devices in unknown locations beyond the control of the employer.

Civil law relating to confidentiality usually protects company data. Contracts signed by employees in technical or senior positions contain extensive confidentiality obligations. A duty of confidence would be inferred by the law even in situations where no express obligations are indicated. Unfair advantage from a breach of confidence by a departing employee and the new employer will be prevented by the later factor which also forms the basis of an injunction to give up or destroy such information.

A former employee of a recruitment agency in Widnes was prosecuted in February 2017 for unlawfully emailing to her personal email address the personal information of about 100 existing and potential clients.

When employees leave and take sensitive data with them, whether or not intentionally, it can present massive repercussions often more than just the loss of critical information – it can lead to legal penalties, damage to company reputation, or even closure.

What can companies do to prevent facing such scenarios?

  1. Include data handling and ownership policies in new employee agreements

When new employees are brought on-board, immediate significance will be placed around the protection of company data when clear ramifications and specific language are incorporated in offer letters and contract forms. New and existing employees need to understand that all data within the organisation are to be regarded as confidential and proprietary.

  1. Limit access

Based on employee roles and need-to-know, procedures should be set to limit access to sensitive and confidential data. While employees have to have access to certain data so as to be able to perform their duties, unhindered access to all company information can pose a great security threat.

  1. Know what and where your data is

It is important to focus on crucial factors in the protection of sensitive data. Even when certain policies have been put in place, they may not really be of any use if a departing employee can easily plug in a USB drive and copy files.

Data should be classified, and where it resides in the business environment must be duly noted. Before anyone can be stopped from exposing sensitive information, organisations must understand what exactly they are trying to protect. 60-80% of stored information in an average organisation is dark data which is not identifiable. In the event that you suffer a critical data breach, cloud disaster recovery can prevent bigger issues and make rescuing your data that much easier.

  1. Deactivate All Third-Party Apps

All third-party apps with access to corporate data should be removed for the departing employee. Certain tools can be employed to provide full visibility over all applications that have access to corporate data, along with a list of all personnel using each application.