With the British decision to leave the European Union, there may be a trend of corporate headquarters leaving the UK to remain under the EU. This may trigger inadvertent data breaches as those organizations choosing to move could see an increase in employee exits that may bring security and privacy implications. I have read recent reports of increases in visa applications and emigration requests as many people are seriously thinking of going to Canada, Australia and other countries as a result of the potential consequences of the vote.
Employees, no matter their position within the organization, have access to sensitive systems and files. If you are in customer service or sales, you have access to customer information and sensitive information on your products or services. If you are in HR or Finance, you probably have access to personal information on your employees, business partners and customers.
Anytime an employee leaves an organization, there should be certain security protocols in place to ensure all access to sensitive systems has been removed and that confidential documents are not available and copied for future use. According to the recent Ponemon survey “Risky Business: How Company Insiders Put High Value Information at Risk“, 47 percent of respondents say recently hired employees bring confidential documents from former employers that are a competitor. This is a little disturbing, since taking confidential documents from one employer to another can be a violation of privacy and data breach laws, not to mention ruining a company’s brand and business.
The EU has numerous data protection laws that cover the storage and movement of personal information. Under the Data Protection Directive, personal data can only be gathered legally under strict conditions, for a legitimate purpose. If you collect and manage personal information, you must protect it from misuse and must respect certain rights of the data owners. What is the affect if the company is no longer subject to EU laws? What if an employee exiting a company in another European country moves to a company in the UK or vice versa?
A company needs to always control access to its sensitive data and ensure only authorized people can access it. When the employee leaves, that person should not leave with sensitive company data. If they do, the documents should be inaccessible. If the employee tries to open them and use the information at another job, they should see random characters, not useful data. By encrypting all sensitive files and assigning persistent security policies to them, companies choosing to stay in the UK or leave can guarantee they will not experience a data breach and lose valuable information.
This is something organizations should be vigilant of in the coming months following the Brexit announcement.
Photo credit Christopher Michel