Box builds in an extra safeguard to prevent the accidental deletion of important files. When Box admins delete a user, they may either delete all the user’s content permanently or transfer it to another active user.
With those default behaviors in mind, administrators can work with HR teams to develop an orderly process for the transfer of data upon user deprovisioning. Organizations should develop a consistent process for handling the accounts of former employees.
Decide Who Gets the Data
Most collaboration services offer the opportunity to mark an account as inactive or disabled. That allows admins to cut off access to former employees without deleting their data. It’s a good idea to disable accounts as a middle step before deletion.
Admins should also carefully think through who is allowed to access data created by a former employee.
It might seem logical to simply transfer all of a former employee’s data to that person’s supervisor, but this could raise privacy concerns. If users intentionally or inadvertently stored personal information in their corporate accounts, transferring their data would give the manager access to that information.
This is not a decision that should be made by IT staff alone. Consult with the organization’s legal and privacy advisers and craft a policy to deal with it. The policy should clearly state the circumstances under which officials may access data in the account of a former employee and the approval process for such access.
Define the Data’s Owner
Ownership of data in a collaborative tool is tricky. If one employee creates a blank document and then shares it with other members of the department, who edit it collaboratively, who truly “owns” that document?
It doesn’t make sense for a document that belongs to an entire team to reside within a single user’s account simply because that person created the initial blank document.
Some of the major collaboration services recognize this issue and have developed features to better accommodate teamwork.
For example, Google shared drives and Microsoft 365 Groups allow administrators to create files that belong to an entire team and are not tied to the account of one user.
Box doesn’t offer a similar function, but many Box administrators work around this limitation by creating an account that owns shared folders for the organization, and then designating individual employees as co-owners of those shared folders.
This way, the Box folders are tied to the organizational account and are never deleted, even if a co-owner leaves the organization.
Technology teams should develop a consistent strategy for their organizations on the creation, tracking and use of shared drives and communicate it to all relevant stakeholders. This makes it simpler for employees to remember the proper locations to store data and facilitates orderly digital transitions when employees leave the business or change roles.
Creating standardized, written procedures will keep a team on the same page and prevent the unwanted and unexpected loss of important data.