Protecting your business from an employee departure – the IT response.
September 20, 2010
Assume a scenario where you star salesperson tells you he/she is quitting or you are about to fire a subpar employee. The employee may or may not have a non-compete or non-solicit. The employee regularly has access to proprietary information. This includes customer contact information, customer pricing information, and confidential internal pricing information. What do you do in terms of protecting that information?
- Email – Does the company monitor employee email – probably not. As distasteful as it may sound someone in HR or someone on the business side may need to examine the substance of the employee’s emails (from the company email address). How far back? Depends on the situation. The employee’s emails need to be scrubbed to determine if they are offloading or have offloaded proprietary information to competitors or personal email accounts for future use. Further, the IT department needs to maintain and preserve the email account but end the employee’s access to the account either immediately or upon some agreed time.
- The network – Most employees are not going to email company information to a competitor or even a personal email account – some still do though. The delivery device of choice is the thumb drive. It’s small, cheap, and can hold a lot of information. I’m no IT expert but many IT folks can determine what type of downloading an employee has been up to including the use of zip drives or thumb drives. How far back should the company go? As far as necessary to obtain some "comfort" level.
- Beyond email and the network – Many companies have proprietary databases where customer/client information is maintained. In one non-compete case a client was able to show that the former employee had dumped the entire database (through printing) the night before they were fired. Can you do the same? Many databases require an additional log in and indicate the when, what and where of the employee access. Was there a middle of the night access prior to quitting or strange access from home? Find out.
These are of course a start – not a comprehensive list. An IT policy for exiting employees is a must. The employee is naturally going to take what they have developed or worked on during their tenure. But, that "information" may not belong to them. The company needs a standard operating procedure for handling the departure – an ad hoc response will not suffice. That former employee will be your competitor.