Yes it is the IP of the company and our AUP says so. All employees sign an AUP and it goes to their HR file. We have had employees leave and ask for their user folder. The management team goes through it with the AUP in mind. We have had instances when the "Exit Team" denied the entire folder. If they want a copy of their mailbox, well that's easy . . . UMMM NO. Everything is reviewed against the AUP. The AUP was made by laywers....and it's iron-clad. What I have seen leave the firm is pretty benign (scans of PE certificates, kiddo pictures, etc).
Our dept heads had this argument before. My contention is why the heck is IT deciding what data leaves or stays? Before our we got Religion about data retention and company Intellectual Property, when someone left the firm, they would send them to IS to get any files they wanted (I don't have the time, you do it). Whatever! I/we in IT pretty much had to get their dept head involved anyway due to the nature of the personal folder. I argued that this is a management and HR issue. They needed to come up with a policy. One that's aligned to our industry's needs and regulations. I.T. should advise on how to achieve that . . . no more. So at the end of the day, what they get to take with time is their kids pictures, professional certifications (if any) and possibly files from professional associations they are personally members of (ASHRAE is one of them). Some of this is so esoteric that we cant tell what it is, therefore the policy change to bring their dept head into it. We do use a checklist. On Wed, Aug 18, 2010 at 12:37 PM, Ziots, Edward <[email protected]> wrote: > Isn’t the property created on the companies computers by the employees > during said work, the property of the company? Why does an employee that > leaves entitled to any information whatsoever? Again HR policy will dictate > what is truly personal, and what is business related, but could be a nice > avenue for information disclosure… if you aren’t careful. > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:[email protected] <email%[email protected]> > > Cell:401-639-3505 > > > > *From:* Devin Meade [mailto:[email protected]] > *Sent:* Wednesday, August 18, 2010 12:03 PM > > *To:* NT System Admin Issues > *Subject:* Re: Old user data > > > > We just revamped this process. The user prep's an exit folder. The user's > supervisor makes a pass through it to cull any contract docs etc out. The > the IS dept head does the same. Then we burn a CD or DVD fur the user. > > Before this is done, we make a separate image of their workstation, user > folder and export the mailbox to PST. We attempt to capture and > "undisturbed copy" of this data. This is burned to CD/DVD. This goes to HR > and they follow their own data retention policies. IS maintains no long > term archives of this data type. > > We keep their old workstation for no more than a week or two. It may have > CAD templates and Lord-Knows-What-Else. We change the user's password and > their dept head is supposed to login as the user and poke around to see if > they need anything. This is a subset of a Data Retention Policy, I'm sure I > forgot something... > > Devin > > On Wed, Aug 18, 2010 at 10:48 AM, Andrew S. Baker <[email protected]> > wrote: > > Definitely. > > > > Or give them a DVD. > > > > We don't allow them access to the former user's location for file storage, > as that creates too many plausible deniability [1] scenarios. > > > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > * * > > Signature powered by WiseStamp <http://www.wisestamp.com/email-install> > > > > [1] Mix and match posting [2] > > [2] Inside joke > > [3] Even bigger inside joke > > > > > > On Wed, Aug 18, 2010 at 11:45 AM, Steven M. Caesare <[email protected]> > wrote: > > Contact supervisor and offer to copy data to new location of their choice, > often as a subdir to them. > > > > -sc > > > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, August 18, 2010 11:43 AM > *To:* NT System Admin Issues > *Subject:* Old user data > > > > How do you guys manage deleting data from employees that have left the > company, what’s your process? > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 > *// *(Cell) 503.267.9764 > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
