For employers facing the imminent departure of an employee, the situation can be emotionally charged, with strained personal relationships and difficult conversations aplenty.
In this tense climate, while you might request that your exiting employees return all company property in their possession, you could forget to specifically request that they also return all work files and company data. Or perhaps you don’t have adequate safeguards in place.
So, you could find that your employee returns their company laptop, tablet and smartphone, only to discover that each device is reset...and all of your company information is gone.
This leaves you scrambling to work out what’s missing, while still trying to service your customers as if it’s all Business As Usual. It’s nightmare material for any business!
How is your business protected from the loss or theft of valuable data?
There are significant penalties for employees who destroy or impair access to company data without authorisation, including up to 10 years’ imprisonment for deliberate or reckless modification pursuant to division 477.2 of the Criminal Code Act 1995. But while you can seek compensation for your loss and damage, these avenues won’t solve the problem in the short term.
That’s why when it comes to the security of your data, prevention far outweighs the cure.
What should you do if your business experiences a data breach?
The Australian Government takes data breaches very seriously, recognising that some breaches can result in harm to the person whose personal information is involved. Under the Government’s Notifiable Data Breaches (NDB) scheme, if your business is covered under the Privacy Act 1988 and it experiences a data breach where personal information is lost or disclosed without authorisation, you must notify the affected individuals, as well as the Office of the Australian Information Commissioner.
What should your business be doing to protect its data?
There are a number of steps your business can take to protect your data from employee loss or theft. These include:
- ensuring that all employees backup their data on a server or cloud-based system
- ensuring that your workplace policies and contracts specifically mention the preservation of data, including the return of data upon cessation of employment and the seriousness of unauthorised data modification
- in exit conversations, imploring that hardware should not be reset, or that any company data should be deleted
- if you suspect that an employee may attempt to delete company data, limiting their access to any hardware
Taking the proper precautions will safeguard your business against the risk of exiting employees deleting company files, while also ensuring a smooth transition for all employees who are moving on.
This article is the first instalment in our ongoing series on exiting employees. In our next few instalments, we’ll look at how to best manage the exit process, diving deeper into the various data, insurance and legal considerations. Stay tuned!