Employee turnover and personal data
People everywhere are changing jobs
Will an employee take your customers’ personal data with them when they go?
"The Great Resignation"
The “Great Resignation”, or the “Great Reshuffle” is sweeping the globe. About 58% of Europeans say they are considering changing jobs this year, according to a LinkedIn survey of approximately 9,000 workers. How might employee turnover affect your company and your personal data?
The cost of employee turnover
The cost of employee turnover is high: Interviewing, onboarding and training replacements; lost productivity, interruption of services, and so much more.
Let’s add to that list a cost that is not always considered: Lost and misplaced personal data.
Lost and misplaced data and employee turnover
Employee turnover puts your customers’ personal data at risk for several reasons.
As employees move to new homes, they may (accidentally or intentionally) take your customers’ sensitive personal data with them on personal devices or cloud apps.
They may leave it unattended, in unknown storage locations. Such data could fall outside the protection of your data privacy and security protocols. It will also be unavailable for company use.
The potential for lost and leaked data may be the most expensive problem associated with employee turnover. Data breaches are expensive. Data breach fines and associated losses have a total average cost of $4.24 million USD (€4.09 EUR) per data breach. That is enough to bankrupt a small business.
Educate employees about data privacy now
It is not unusual for employees to store data in the wrong locations, especially if you have no clear protocols for data privacy and storage.
This sets you up for a huge personal data privacy problem in case of employee turnover.
Once an employee has left your company it will be impractical and a little absurd to call them up at their new place of work whenever you need to find a piece of personal data.
Instead, put solid, standardized policies for how personal data is stored in place now. Data loss prevention should be consistent, start at the top, and extend to all employees.
Your data privacy strategy should be set up to keep all personal data safely in its proper storage location(s). That way, the right people and departments can quickly access the data when they need to, regardless of who comes and goes in the company.
Types of personal and sensitive data
Personally Identifiable Information (PII)
Personal Identifiable Information (PII) and similar terms like personal data and personal information usually refer to information that alone or in combination with other information would allow someone to identify a person with reasonable certainty.
That includes much of the data your employees collect every day in the normal course of business.
Sensitive personal data
Examples of sensitive information are a person’s:
- Financial and health information
- Race or ethnic background
- Political opinions
- Religious or philosophical beliefs
- Membership of a trade union
- Sex life or sexual orientation
- Genetic data and biometric data.
Sensitive business data
Sensitive business information might include intellectual property, trade secrets, plans for a merger, or any other data that would negatively affect the business if it fell into a competitor’s hands.
Find out who stores what, and where
Start by finding out which employees store what personal data and where.
Invite your whole team to connect their storage locations to DataMapper so all data can be monitored from one dashboard by your CISO or DPO.
Automate data inventory
Automate data inventory to save time and eliminate human error (the number one cause of data leaks).
DataMapper’s advanced AI and machine learning then identifies sensitive and personal data and categorizes it by:
- Risk level
Data silos and dark data
Departments and individuals within your company may store high risk data in a way that isolates it and conceals security vulnerabilities.
DataMapper can quickly uncover this type of “dark data” buried in “data silos” may otherwise fall outside your security protocols.
Develop a data privacy strategy
Mapping all your data accurately makes it easy to develop a data privacy strategy. Once you know the categories of data your team stores, decide:
- Where each type of data should be stored
- Who should have access to each type of data
- How long each type of data should be retained
Monitoring all your files with DataMapper will help you implement data loss prevention policies that will protect all the personally identifiable information (PII), sensitive corporate intellectual property (IP), and other valuable data your team stores.
Losing an employee? Do this before they go.
Hopefully, when an employee does leave, they will give you a couple of weeks’ notice.
As you make plans to fill their position and cover their responsibilities, make sure you also get an inventory of the company data they store to make sure it is protected and handed off to the departments that need it.
Inventory their company data
If the employee is not already on DataMapper, invite them to join now.
- Select the local, cloud and email storage you want them to scan for sensitive data
- They select and authenticate folders in those locations and start the scan
- Their results will appear on their dashboard + your DataMapper admin dashboard
This gives you an easy overview of the company data that the employee collected while they worked for you.
Files will be automatically classified by type, risk level, and location.
Minimise ROT, hand key files off to the right people
Review the files from your risk documents tab, using the smart filters to find specific files or groups of files.
DataMapper makes it easy to zoom in on important data and eliminate files that are redundant, obsolete, or trivial (ROT).
Export and share important files with another employee
Move or delete sensitive files stored in the wrong location
Give special attention to high-risk files stored on local drives, email folders and other vulnerable locations. This may be your last chance to salvage or delete them!
You can export important files directly from your DataMapper dashboard and share them with someone else, delete files that are no longer needed, and more.
This is a quick way to make sure your valuable data stays where it should be when an employee leaves.
Best practices for data privacy include performing this simple data inventory process for all your employees regularly. Repeating it any time you know you may lose a member of your team is an absolute must.
The good news is that DataMapper makes discovering who has what data before someone walks out the door with it easy and painless. This lets you concentrate on keeping your business running smoothly during times of employee churn.
Keep your employees when you can, but always keep personal data safe
Studies show that over time, employees become more valuable to a company and data privacy is one of the most important areas you can refine as a team.
Employee turnover certainly increases the risk of personal data breaches, and it is a factor you cannot entirely control; but you can minimize the risk of errors, mismanagement, and misconduct associated with it by switching to an automated solution for data inventory and privacy management.