Don’t lose crucial data along with employees that leave

September 3, 2015

When employees leave organisations unwillingly, they may be tempted to take something of value with them. A properly implemented exit management policy can prevent data theft.

Why think about client data when redundancies have to be made?
When redundancies occur, several factors expose an organisation to the potential risk of data theft or other breaches of data security. The combination of resentment towards the company and concerns over their ability to find alternative jobs may lead employees at risk of redundancy to feel they have nothing to lose by taking their organisation’s confidential information.

Employees under threat of dismissal, for example, in gross misconduct situations, are normally suspended and are then out of the workplace. Potentially redundant employees, on the other hand, are given warning that dismissal is being considered while still at their desks, able to copy files or download valuable information on to memory sticks. And since potentially redundant employees are only “at risk” of dismissal initially, organisations may be reluctant to treat them in a way that would imply they are definitely leaving.

What precautions should we take?
Before formally notifying the affected employees of the redundancies, contracts of employment should be checked to establish what duties of confidentiality and protections exist post-termination. These duties are commonly known as restrictive covenants and are designed to protect the employer’s legitimate business interests, rather than to penalise the employee.

Covenants can be inserted at any time of the employment relationship – even on termination – but the employee needs to agree to them. So if an employer wants to agree them on exit, it’s likely that it will need to “pay” for them; for example through increased compensation.

What other safeguards should there be?
An exit management policy is essential. It enables managers to close down areas of risk and is a key element of a sensible business protection strategy. Client information should be treated like any other valuable asset: it should be protected from being leaked outside, where it could benefit competitors and damage the business.

The range and scale of difficulties this can present mean that dealing with it on an ad hoc basis simply isn’t an option. It’s crucial to have a thorough exit management policy prepared in advance that prevents employees taking confidential information before they leave. Properly implemented, such a policy guarantees a return on investment.

What should be included in an exit management policy?
An exit management policy should set out the “road map” of options that managers should consider if any of their key team members resign or, in this case, faces possible redundancy. This will range from the basic – checking their contract of employment to confirm their notice period and whether or not they can be put on garden leave – to the less obvious: considering whether or not to review their email history to see if there is any suspicious activity. The purpose of an exit management policy is to remove the need for managers to think about what practical steps they could potentially take – it should provide those – allowing them to focus instead on which steps are the most appropriate in the circumstances.

What prevents crucial information walking out the door?
Reducing the influence an employee has on important customers is an obvious option. It’s better for key clients to deal with a number of employees. This operates in theory in most organisations, but reality often lags behind. Restricting access to confidential information – perhaps with a password protection system – can also make a difference.

If employers are going to embark on a redundancy exercise, client databases or content management systems can be locked to users. It’s also possible to monitor email and printing use, provided this is allowed under an organisation’s IT policy or where the employer suspects misconduct. Otherwise the organisation risks breaching data protection and privacy laws.

Information can now be downloaded onto a variety of media, not only memory sticks but mobile phones etc. But there are systems that will monitor external storage devices, so employers could make sure that only certain memory sticks have access.

Remote access is another potential area of weakness. It may be appropriate to disable it during a redundancy exercise.

Leeds based HR180 is a team of superheroes in HR Outsourcing, Projects and Consultancy committed to work in partnership with organisations of all sizes to establish working policies to go above and beyond Employment Law requirements, to protect both employees and employers alike. We love to hear from you, so call us on 0113 287 8150 or hit the Rescue Me button.

Why not join our mailing list...




  • This field is for validation purposes and should be left unchanged.