How an Exit Interview Can Prevent Organizational Data Loss
Exit interviews are familiar territory for many HR professionals, and they may be familiar to you as an employee if you have resigned from a job before. If you fall into one of these roles, you likely have encountered the checklist of questions that is typically covered in an exit interview, such as feedback on the company as a place to work and the employee’s reasons for leaving.
However, digital organizations need to think about something else in addition to these standard questions: data.
According to Datacastle CEO Ron Faith, as the workforce has become increasingly mobile, there is a risk that proprietary data could get lost if an employer isn’t prepared. An exit interview can provide HR and IT with the perfect opportunity to ensure that data does not walk out the door with an employee on their last day.
“For most companies the challenge that they face is that most of the data on endpoints for them, whether it’s a laptop, or a smartphone, or a tablet, is what’s called dark data,” he says. “They actually don’t know what data is on those devices. When an employee is about to leave the organization, whether a BYOD device or a company device, the employer in many instances doesn’t know what information the employee has and what they might be walking out the door with.”
Before an employer even gets to the point of an exit interview, it is helpful to have a continuous backup of employee devices so when their access to applications and email is cut off the data is still accessible by the company. In addition, employers should have a remote wipe capability so they can delete content and intellectual property that belongs to the company if needed in a BYOD situation.
Here are the three tips for exit interview success, according to Faith:
1. Remind the employee that is leaving that they have certain obligations.
During an exit interview, the employer should remind the employee of their obligations under their confidentiality agreement and what the company considers its own intellectual property.
“This can be done in a very simple and straightforward way so you’re not accusing an employee of anything,” he said. “Oftentimes they may not know what data is theirs versus what data belongs to the company.”
Faith said that with Datacastle Analytics, its data discovery solution that runs across all backups that have occurred over time, employers can see whether an employee has moved a large number of files into Dropbox or an enterprise sync-and-share solution.
“If HR knows in advance which files have been moved, they can have that discussion with the employee,” he said.
2. Make sure with IT that data has been backed up to prevent a data loss situation.
Faith recommends that HR and IT sit down to create an exit checklist so both are on the same page of questions that need to be answered in an exit interview. Make sure to have answers to the questions around whether there is a good backup of current devices and which SaaS apps the employee may have access to.
3. Schedule and coordinate with IT when access and privileges are going to be revoked.
Ensure that HR and IT are both aware of the key dates when an employee’s access will expire. Don’t forget to consider what access remote employees have as well.
It’s often helpful in the exit interview to let the employee actually know the process, Faith says, though “you don’t necessarily have to tell them when that’s going to happen.”
“Oftentimes exit interviews happen on last day of employment anyway, so it can happen while the exit interview is going on, but make sure there are no surprises for the employee as well because you want to be respectful of everybody in the process,” he said.
This all sounds easy enough if the employee is leaving on good terms, but what if the employee is kind of a jerk?
“Worst case scenario is you are terminating an employee for cause so there is an adversarial relationship in place, and if that’s the case, making sure you have a backup and ability to do remote wipe,” Faith says.
He says that in this case it’s even more important to have an auditable trail of where data is coming and going in an organization “so you can protect yourself in the future.”