A survey by information management company Iron Mountain reveals that half (51 per cent) of European office workers who take information from their current employer when they switch jobs – 44 per cent of those in the UK – are helping themselves to confidential customer databases, despite data protection laws forbidding them to do so.
Along with databases, employees who take information are walking out of the door armed with presentations [46 per cent], company proposals [21 per cent], strategic plans [18 per cent] and product/service roadmaps [18 per cent] – all of which represent highly sensitive and valuable information, critical to a company’s competitive advantage, brand reputation and customer trust.
Employees who resign don’t generally take information out of malice, but rather because they feel a sense of ownership or believe it will be useful in their next role. Two thirds say they had taken or would take information they had been involved in creating, and 72 per cent that they believed the information would be helpful in their new job.
The picture changes, however, when employees lose their job. As many as one in three office workers (31 per cent) would deliberately remove and share confidential information if they were fired.
Employers should clearly be more mindful of staff leaving jobs with highly sensitive information. As Patrick Keddy, senior vice president at Iron Mountain says, ‘Companies concerned about information security tend to focus on building a fortress around their digital data and then forget about the paper and the people.’
The findings clearly highlight the need for information management policies to be developed in any size business. Companies of all sizes, across all business sectors, need to ensure that employee exit procedures are suitably robust. After all, in a separate study, nearly a quarter of SMEs (23.1 per cent) admit to being not very or not at all aware of the legal requirements for storing, keeping or disposing of confidential data in their industry. This compares poorly with businesses with more than 250 employees where 94 per cent of those responding said they were aware in some form of the Data Protection Act.
Without due care, remedying the effects of data loss could be far more time-consuming than putting in place prevention measures.