New details from Iron Mountain show the extent to which employees leaving employment will take confidential company data with them when they go.

Iron Mountain surveyed 2000 French, German, British and Spanish office workers across all business sectors. They wanted to learn staff attitudes to company data when either moving on to a different job – or getting fired. The clear implication is that workers have a feeling of personal ownership when they are involved with the collection of that data.

Across Europe, more than half of office workers (51%) will take data with them when the switch jobs. It’s slightly less in the UK at 44%. The main reason is not malice, but a belief that they have a right to the data they helped create, and a belief that it will help in any future job.

It’s not just databases. Of those who do take information, 46% walk off with presentations, 21% with company proposals, 18% with strategic plans, and another 18% with product/service roadmaps – all of which, says Iron Mountain, represents highly sensitive and valuable information that is critical to a company’s competitive advantage, brand reputation and customer trust.

“As businesses across Europe rush to tighten up their data protection policies in advance of new EU legislation,” comments senior vice president Patrick Keddy, “it is extremely worrying to see that employees are leaving jobs with highly sensitive information.” The problem is that the standard company security model is based on stopping electronic malware getting in, rather than documents getting out. “Companies concerned about information security tend to focus on building a fortress around their digital data and then forget about the paper and the people,” he added.

It’s a problem that just gets worse in difficult economic times. If an employee is sacked or laid off, the survey showed that as many as 31% would deliberately remove and share confidential information. These findings, said Keddy, “highlight the need for information management policies to be developed closely with Human Resources as part of a Corporate Information Responsibility program.”

Read more