The cost of employee turnover: Data loss

The “Great Resignation”, or the “Great Reshuffle” is sweeping the globe. About 58% of Europeans say they are considering changing jobs this year, according to a LinkedIn survey of approximately 9,000 workers.  How might employee turnover affect your company and your personal data? Will an employee take your customers’ personal data with them when they go?

The cost of employee turnover is high: Interviewing, onboarding and training replacements; lost productivity, interruption of services, and so much more. Let’s add to that list a cost that is not always considered: Lost and misplaced personal data.  

Employee turnover puts your customers’ personal data at risk for several reasons. As employees move to new homes, they may (accidentally or intentionally) take your customers’ sensitive personal data with them on personal devices or cloud apps. They may leave it unattended, in unknown storage locations. Such data could fall outside the protection of your data privacy and security protocols. It will also be unavailable for company use. 

The potential for lost and leaked data may be the most expensive problem associated with employee turnover. Data breaches are expensive. Data breach fines and associated losses have a total average cost of $4.24 million USD (€4.09 EUR) per data breach. That is enough to bankrupt a small business.  

It is not unusual for employees to store data in the wrong places, especially if you do not have clear protocols for data protection and storage. This puts you in a problematic situation in connection with personal data protection in the event of employee replacement.

When an employee has left your company, it will be impractical and somewhat absurd to call them at their new workplace when you need to find a piece of personal data. Instead, put solid, standardized policies in place for how personal data is stored. Data loss prevention should be consistent, starting at the top and extending to all employees.

Your data protection strategy should be configured to store all personal data securely in its proper storage location(s). In this way, the right people and departments can quickly access the data when they need it, regardless of who comes and goes in the company.

Start by finding out which employees store what personal data and where. All personal data should be listed and monitored by your CISO or DPO. List all the sensitive and personal data you store and categorize it by:  

• Risk level 
• Type  
• Location 
• Access 

Departments and individuals within your company may store high risk data in a way that isolates it and conceals security vulnerabilities. You need to uncover this type of “dark data” buried in “data silos” that may otherwise fall outside your security protocols.  

Mapping all your data accurately makes it easy to develop a data privacy strategy. Once you know the categories of data your team stores, decide: 

• Where each type of data should be stored
• Who should have access to each type of data 
• How long each type of data should be retained 

Monitoring all your files will help you implement data loss prevention policies that will protect all the personally identifiable information, sensitive corporate intellectual property, and other valuable data your team stores. 

Hopefully, when an employee does leave, they will give you a couple of weeks’ notice. As you make plans to fill their position and cover their responsibilities, make sure you also get an inventory of the company data they store to make sure it is protected and handed off to the departments that need it. You could assign someone to help the employee who is leaving go through the personal data they store. 

This is rather labor-intensive, and it is not easy to be sure you will find everything. Using automated data discovery is a more accurate (and much quicker!) way to make sure you find all the data that needs to be cleaned up or handed over safely to someone else. If you use automated data discovery, invite the employee who is leaving to join now.  

1. Select the local, cloud and email storage you want them to scan for sensitive data 
2. They should select and authenticate folders in those locations and start the scan
3. Their results will appear on their dashboard + your admin dashboard 

This gives you an easy overview of the company data that the employee collected while they worked for you. Files should automatically be classified by type, risk level, and location. Review the files you find. Zoom in on important data and eliminate files that are redundant, obsolete, or trivial.  

Export and share important files with another employee
Move or delete sensitive files stored in the wrong location

Give special attention to high-risk files stored on local drives, email folders and other vulnerable locations. This may be your last chance to salvage or delete them! You can export important files to share them with someone else, delete files that are no longer needed, and more.  This is a quick way to make sure your valuable data stays where it should be when an employee leaves. 

Best practices for data privacy include performing this simple data inventory process for all your employees regularly. Then, repeat it any time you know you may lose a member of your team. Make sure you find out who has what data before someone walks out the door with it. Automated data inventory makes this much easier, and will free you up to concentrate on keeping your business running smoothly during times of employee churn.  

Staff turnover is a factor you cannot fully control. But you can minimize the risk of error, mismanagement and misconduct associated with employee replacement by using a data discovery tool to make an inventory of the employee’s data. In Safe Online, we have developed the data discovery tool, DataMapper.

Read more about DataMapper