Contactmail

Employment Law Update – July 2019

By Nicole J. Harrell, Data Privacy and Security

Discharging an Employee Can Create Data Security Risks

Terminating an employee is a risky process, no matter how many times you have done it. One risk sometimes ignored is data security. Throughout the termination process, care should be taken to ensure the confidentiality, integrity, and security of the employer’s data. There are any number of real-life horror stories about terminated employees retaining access to their work station, including the company’s network and data, and causing significant harm and risk to the company – 

  • Passwords were changed by IT while the termination meeting was in process, but the terminated employee never logged off prior to the meeting and still had access upon returning to their work station to gather personal belongings. In the short time it took to gather those personal belongings, the terminated employee deleted thousands of emails.
  • When a terminated employee discovered that his access to the employer’s network had been disabled, he reacted by shutting down the power to the employer’s building by just hitting the emergency off switch. Unfortunately, he was an employee of a data center that managed California’s power; thus, he put the power grid for the western U.S. at risk.
  • A terminated computer engineer was able to hijack his employer’s network by creating a password that granted him exclusive access before all of his credentials were disabled.

Of course, HR professionals are responsible for helping to mitigate and avoid this type of risk. That can be done by properly planning for a termination. A coordinated effort among HR, information technology, information security, and legal counsel is key to the process. Once the decision has been made to terminate an employee, follow your policies and procedures paying special attention to information security policies that cover an employee’s access. Those access points can be broader than you may initially think.  Consider physical access to buildings and portions of buildings, access to computer networks and programs, access to other employer accounts, access to bank accounts and credit cards, and access to documents, files, and records.

Your policies and procedures should also consider the participants and timing of events. What departments should be included in the coordinated effort? What will occur before the termination meeting takes place? What will occur while the termination meeting is in process? How long will the employee be able to remain on the premises after termination? Who will be responsible for supervising the employee while gathering personal belongings and escorting the employee from the premises?

FYI

The head of K&C’s Data Privacy and Security Group, Nicole Harrell, will be on hand at the July 25, 2019, Hampton showing of the K&C 35th Annual Employment Law Update to help employers deal with data security issues faced by human resource professionals. In addition, the K&C “Discipline and Discharge Clinic” will be presented as part of the day-long program to further help employers deal with all of the risks that occur during the discharge process. The seminar will be presented with an entertaining social media theme and one lucky attendee will win an Apple iPad Wi-Fi 32 GB at the end of the day. For more information or to register, click here or call 757.624.3232


The contents of this publication are intended for general information only and should not be construed as legal advice or a legal opinion on specific facts and circumstances. Copyright 2019.