Nov 08 2021
Digital Workspace

How Businesses Can Secure Data from Shared Files After Employees Leave

The most common collaboration tools allow admins to capture and reassign important information.

A decade ago, businesses struggled to build collaborative workplaces because the technology to facilitate teamwork simply didn’t exist. The advent of modern office productivity suites changed that picture entirely.

With the advent of tools such as Google G Suite (now called Google Workspace), Microsoft OneDrive and Box, teams could quickly and easily work together on a shared document without the version control problems that occurred with file servers and email threads back in the old days.

Eventually, however, these tools presented a new problem: What happens when a user leaves the company? In the days of shared servers, files remained on the server even after the employee who created them departed. That’s not necessarily the case with documents created using cloud-based collaboration tools.

It’s important for IT staff to ­understand how collaboration services behave following the deletion of an employee’s account and plan now to preserve important data if an employee departs. It’s better to understand the consequences of a deletion in advance than be surprised when critical data ­disappears later.

Understand Data Deletion Policies in Your Collaboration Tools

Google Workspace automatically removes data belonging to a user when the account is deleted. That data will no longer be available to collaborators but won’t immediately be deleted from Google’s servers; administrators have 20 days to restore a deleted user and recover their data using the Google Admin Console. Microsoft OneDrive has a 30-day grace period.

Click the banner below to unlock exclusive content on collaboration when you become an Insider.

Box builds in an extra safeguard to prevent the accidental deletion of important files. When Box admins delete a user, they may either delete all the user’s content permanently or transfer it to another active user.

With those default behaviors in mind, administrators can work with HR teams to develop an orderly process for the transfer of data upon user deprovisioning. Organizations should develop a consistent process for handling the accounts of former employees.

Decide Who Gets the Data

Most collaboration services offer the opportunity to mark an account as inactive or disabled. That allows admins to cut off access to former employees without deleting their data. It’s a good idea to disable accounts as a middle step before deletion.

Admins should also carefully think through who is allowed to access data created by a former employee.

It might seem logical to simply transfer all of a former employee’s data to that person’s supervisor, but this could raise privacy concerns. If users intentionally or inadvertently stored personal information in their corporate accounts, transferring their data would give the manager access to that information.

This is not a decision that should be made by IT staff alone. Consult with the organization’s legal and privacy advisers and craft a policy to deal with it. The policy should clearly state the ­circumstances under which officials may access data in the account of a ­former employee and the approval ­process for such access.

MORE ON COLLABORATION: Learn how to enable a work-from-anywhere model.

Define the Data’s Owner

Ownership of data in a collaborative tool is tricky. If one employee creates a blank document and then shares it with other members of the department, who edit it collaboratively, who truly “owns” that document?

It doesn’t make sense for a document that belongs to an entire team to reside within a single user’s account simply because that person created the initial blank document.

Some of the major collaboration ­services recognize this issue and have developed features to better accommodate teamwork.

For example, Google shared drives and Microsoft 365 Groups allow administrators to create files that belong to an entire team and are not tied to the account of one user.

Box doesn’t offer a similar function, but many Box administrators work around this limitation by creating an account that owns shared folders for the organization, and then designating individual employees as co-owners of those shared folders.

This way, the Box folders are tied to the organizational account and are never deleted, even if a co-owner leaves the organization.

Technology teams should develop a consistent strategy for their organizations on the creation, tracking and use of shared drives and communicate it to all relevant stakeholders. This makes it simpler for employees to remember the proper locations to store data and facilitates orderly digital transitions when employees leave the business or change roles.

Creating standardized, written procedures will keep a team on the same page and prevent the unwanted and unexpected loss of important data. 

Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.