Protecting Company Data When Employees Are Separated
With the growing use of personal electronic devices such as smart phones, tablets and laptops, employers must be more diligent in implementing policies to protect company data and systems. Almost 60 percent of terminated employees said they retained sensitive company information after they left their employers, and 25 percent continued to have access to their former employer's computer systems following their termination, according to a 2008 Ponemon Institute survey.
The best time to begin thinking about termination-related data issues is at the time of hire. During the employee's orientation, employers should document the assignment of any company property such as cell phones, laptops, tablets, portable drives and remote access codes for company routers.
Many employers have the new hire sign mandatory noncompete and confidentiality agreements. In addition, employers may ask employees to provide written acknowledgment of the receipt of policies related to the return of company electronics and data on the devices. Some employers recently have included authorizations allowing the employer to complete a "remote wipe" of company or personal cell phones or computing devices. These authorizations permit the employer to send a message to a cell phone or computing device that connects to the company e-mail, which essentially deletes all company data residing on the device. This is generally done as a last resort when company data are at risk.
Employers should have clear processes in place to advise departmental leaders of pending terminations. Advising the information technology department of a pending termination can ensure that access is disabled and company data are protected from retaliatory actions. During the termination meeting, employees should be reminded of noncompete and confidentiality agreements and that company property must be returned at the time of separation.
Despite an employer's best efforts to protect company data and systems or to recover company property, some contentious separations may make this difficult. In such circumstances, the employer may decide, as a last resort, to wipe data remotely from devices remaining in the employee's possession. If terminated employees delete data without authorization, they may be subject to prosecution under the federal Computer Fraud and Abuse Act. The law specifically prohibits employees from intentionally accessing a protected computer without authorization and recklessly causing damage. However, by taking proactive steps beginning at the time of hire through the time of termination, an employer may prevent costly network damage and data losses.
SESCO Management Consultants is available to assist with your human resource issues. You may contact us by phone at 423-764-4127 or by email at sesco@sescomgt.com.