Skip to main content

The cost of employee turnover: Personal data loss

The “Great Resignation”, or the “Great Reshuffle” is sweeping the globe. About 58% of Europeans say they are considering changing jobs this year, according to a LinkedIn survey of approximately 9,000 workers.  How might employee turnover affect your company and your personal data? Will an employee take your customers’ personal data with them when they go?

The cost of employee turnover

The cost of employee turnover overall

The cost of employee turnover is high: Interviewing, onboarding and training replacements; lost productivity, interruption of services, and so much more. 

Let’s add to that list a cost that is not always considered: Lost and misplaced personal data.  

Lost personal data

Employee turnover puts your customers’ personal data at risk for several reasons.

As employees move to new homes, they may (accidentally or intentionally) take your customers’ sensitive personal data with them on personal devices or cloud apps. 

They may leave it unattended, in unknown storage locations. Such data could fall outside the protection of your data privacy and security protocols. It will also be unavailable for company use. 

The potential for lost and leaked data may be the most expensive problem associated with employee turnover. Data breaches are expensive. Data breach fines and associated losses have a total average cost of $4.24 million USD (4.09 EUR) per data breach. That is enough to bankrupt a small business.  

Educate employees about privacy and the risk of data loss now

It is not unusual for employees to store data in the wrong locations, especially if you have no clear protocols for data privacy and storage. 

This sets you up for a huge personal data privacy problem in case of employee turnover.

Once an employee has left your company it will be impractical and a little absurd to call them up at their new place of work whenever you need to find a piece of personal data.  

Instead, put solid, standardized policies for how personal data is stored in place now. Data loss prevention should be consistent, start at the top, and extend to all employees. 

Your data privacy strategy should be set up to keep all personal data safely in its proper storage location(s).  That way, the right people and departments can quickly access the data when they need to, regardless of who comes and goes in the company. 

Find out who stores what, and where

Start by finding out which employees store what personal data and where. All personal data should be listed and monitored by your CISO or DPO. List all the sensitive and personal data you store and categorize it by:  

  • Risk level 
  • Type  
  • Location 
  • Access 

Discover data silos and dark data

Departments and individuals within your company may store high risk data in a way that isolates it and conceals security vulnerabilities.   

You need to uncover this type of “dark data” buried in “data silos” that may otherwise fall outside your security protocols.  

Dark data

Develop a data privacy strategy

Mapping all your data accurately makes it easy to develop a data privacy strategy. Once you know the categories of data your team stores, decide: 

  • Where each type of data should be stored
  • Who should have access to each type of data 
  • How long each type of data should be retained 

Monitoring all your files will help you implement data loss prevention policies that will protect all the personally identifiable information, sensitive corporate intellectual property, and other valuable data your team stores. 

Losing an employee? Do this before they go to prevent data loss.

Hopefully, when an employee does leave, they will give you a couple of weeks’ notice.  

As you make plans to fill their position and cover their responsibilities, make sure you also get an inventory of the company data they store to make sure it is protected and handed off to the departments that need it.  

List the personal data they store

You could assign someone to help the employee who is leaving go through the personal data they store. 

This is rather labor-intensive, and it is not easy to be sure you will find everything. Using automated data discovery is a more accurate (and much quicker!) way to make sure you find all the data that needs to be cleaned up or handed over safely to someone else.

If you use automated data discovery, invite the employee who is leaving to join now.  

  1. Select the local, cloud and email storage you want them to scan for sensitive data 
  2. They should select and authenticate folders in those locations and start the scan
  3. Their results will appear on their dashboard + your admin dashboard 

This gives you an easy overview of the company data that the employee collected while they worked for you.  

Files should automatically be classified by type, risk level, and location.  

Minimise ROT, then hand key files off to the right people

Review the files you find. 

Zoom in on important data and eliminate files that are redundant, obsolete, or trivial (ROT).  

Export and share important files with another employee  

Move or delete sensitive files stored in the wrong location 

Give special attention to high-risk files stored on local drives, email folders and other vulnerable locations. This may be your last chance to salvage or delete them!  

You can export important files to share them with someone else, delete files that are no longer needed, and more.  

This is a quick way to make sure your valuable data stays where it should be when an employee leaves. 

Best practices for data privacy include performing this simple data inventory process for all your employees regularly. Then, repeat it any time you know you may lose a member of your team.

Make sure you find out who has what data before someone walks out the door with it. Automated data inventory makes this much easier, and will free you up to concentrate on keeping your business running smoothly during times of employee churn. 

Want more free data privacy tips?

Get the latest data privacy management news, trends and expert tips delivered straight to your inbox.

    How we can help you

    Studies show that employee turnover increases the risk of security breaches. Staff turnover is a factor you cannot fully control. But you can minimize the risk of error, mismanagement and misconduct associated with employee turnover by switching to an automated solution for data inventory and privacy management. 

    Make your first data inventory → 

    Sebastian Allerelli

    Governance, risk, and compliance specialist