How safe are your secrets?


How safe are your company's secrets? If a new survey by information management firm Iron Mountain is to be believed, they may not be very safe at all. Because a third of employees admit to having taken or forwarded confidential information out of the office on more than one occasion and half would be happy to take information with them if they switched jobs.

According to the survey, which quizzed 2,000 office workers in France, Germany, Spain and the UK, customer databases are particularly vulnerable to being taken by employees who change jobs. Half (51 per cent) of European office workers who take information from their current employer when they switch jobs help themselves to confidential customer databases, despite data protection policies forbidding them to do so.

Along with databases, employees who take information are walking out the door armed with presentations (46 per cent), company proposals (21 per cent), strategic plans (18 per cent) and product/service roadmaps (18 per cent), all of which represent highly sensitive and valuable information critical to a company's competitive advantage, brand reputation and customer trust.

The study found that employees who resign don't generally take information out of malice; they do so because they feel a sense of ownership or believe it will be useful in their next role.

Two-thirds said they had taken or would take information they had been involved in creating, and three-quarters said they believed the information would be helpful in their new job.

The picture changes, however, when employees lose their job. The study revealed that a third would deliberately remove and share confidential information if they were fired.

The study suggested that a lack of appropriate information management policies or their ineffective implementation could be a powerful factor in information loss. More than half (57 per cent) of respondents said it was always clear when information was confidential, and a third said they were not aware of any company guidelines regarding what information could or could not be removed from the office.

As Patrick Keddy, senior VP at Iron Mountain, said, "companies concerned about information security tend to focus on building a fortress around their digital data and then forget about the paper and the people."