One of the many uncertainties that comes with the departure of an employee, whether voluntary or not, is the risk of losing the institutional knowledge and expertise that the employee has retained over the course of his or her work term. The whirlwind of processes, paperwork and exit interviews that follow an employee departure can leave organizations vulnerable if the proper precautionary steps are not taken. Shred-it’s 2019 Data Protection Report uncovered that that 52% of C-Suites and 40% of SBOs report human error or accidental loss by an employee/insider to be the main cause of a data breach. Organizations often forget the importance of collecting and destroying the departing employee’s records, digital assets and other critical documentation. If this confidential information gets into the wrongs hands, it has the potential to cause huge financial, reputational and possibly legal issues for a company.
Since employee departures often come with little to no advance notice, an organization must be prepared to deal with the disposal of sensitive information. To help, Shred-it is reminding organizations to establish information security guidelines that proactively identify risks, such as sources of fraud and identity theft, that organizations might face in such an event.
Here is a step-by-step check list to ensure organizations are prepared:
- Collect all records: Human Resource departments must ensure that all documents and records are accounted for by the departing employee. Once these documents are collected, it is a good idea to properly discard these items with the help of a professional shredding company.
- Organize all records: To remain compliant with government and industry requirements, remember to separate, label and store all documents accordingly. Organized paperwork is key to keeping your corporate and personal business secure.
- Mark for destruction: Mark the departure and destruction date on all boxes to ensure documents are destroyed in a compliant and timely fashion. It is a best practice to shred all documents to be safe.
- Destroy all digital data: It’s important to destroy hard drives and electronic devices as well. Even if you wipe old hard drives, there is still the risk that confidential information on those devices are not properly erased. As a best practice, destroy the hard-drive from the departed employee’s computer.
This process doesn’t have to be stressful for employees. Human Resource professionals should work with the departing employee to collect any contracts, accounting information or confidential customer data they have stored in paper files or on devices. It is also important to work with your IT team to remove any sensitive company or client information from personal devices used in a professional capacity, including smartphones, tablets and computers.
While the above steps provide a good starting point for your business and operations to stay protected when employees leave, it is wise for your organization to develop a culture and mentality of information security. Therefore, establishing strong security practices is key to keeping your business safe.
For a full list of legislative guidelines, and documents to keep an eye on upon the departure of an employee, visit Shred-it’s Employee Exit Checklist.