Departing workers often steal data from ex-employers: study

Many ex-employees in the U.S. are walking off with companies' sensitive and confidential data when they leave their jobs, a new study has found.

Many ex-employees in the U.S. are walking off with companies' sensitive and confidential data when they leave their jobs, a new study has found.

And of those, most have either used or plan to use the data for their next job with another company.

"Not only is this putting customer and other confidential information at risk for a data breach, but it could affect companies' competitiveness and future revenues," said the study released Monday by the Ponemon Institute, a Michigan-based independent think-tank that researches information and privacy management practices in business and government.

Among 945 survey participants who had been laid off, fired, or changed jobs in the past year, 59 per cent admitted to taking company data with them, said the study, which as sponsored by Symantec Corp., the internet security company that makes Norton Antivirus.

Of those:

  • 65 per cent took email lists.
  • 45 per cent took non-financial business information.
  • 39 per cent took customer information, including contact lists.
  • 35 per cent took employee records.
  • 16 per cent took financial information.

About 61 per cent took the data as paper documents or hard files, 53 per cent burned the information onto a CD or DVD, and 42 per cent downloaded it onto a USB memory stick.

When asked if their former company permitted them to keep the information, 79 per cent admitted that the company did not.

The study's results suggested that the stolen information was valuable to competitors — 67 per cent of the ex-employees said they used confidential, sensitive or proprietary information from their ex-employer to help secure a new job, and 68 per cent said they planned to make use of the data.

Companies share blame

The study's author suggested that companies aren't doing enough to stop the thefts:

  • Only 15 per cent of companies in the survey conducted a review or audit of the paper and electronic documents taken by employees.
  • 92 per cent of employees took CDs, DVDs, USB memory sticks and PDAs with them when they left, and 89 per cent reported that the company did not do an electronic scan of the devices.
  • 24 per cent of employees were able to access their former employer's computer system or network after their departure and 44 per cent continued to receive email on the company's account.

"Even if layoffs are not imminent, companies  need to be more aware of who has access to sensitive business information," said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement.  "Our research suggests that a great deal of data loss is preventable through the use of clear policies, better communication with employees, and adequate controls on data access."

Dissatisfied employees more likely to steal

The study found that only 13 per cent of respondents who had a favourable view of their former employer kept some of the company's information, while more than 61 per cent with an unfavourable view took the data.

When employees who took the data were asked why it was acceptable to do so:

  • 54 per cent said other employees kept the information when they left the company.
  • 50 per cent said no one checked their belongings when they left.
  • 11 per cent said their former supervisor said it was permissible to keep the information.