Iron Mountain study shows sensitive customer data to be the main target for half (51%) of employees taking information when they exit

London, UK – 16 July 2012. One in three (32%) employees have taken or forwarded confidential information out of the office on more than one occasion, according to a recent survey commissioned by information management company, Iron Mountain. When people change jobs, highly sensitive information is particularly vulnerable. The study showed that many employees have no qualms about taking highly confidential or sensitive documents with them when they leave – and most believe they’re doing nothing wrong.

The survey discovered that half (51 per cent) of European office workers who take information from their current employer when they switch jobs – 44 per cent of those in the UK – are helping themselves to confidential customer databases, despite data protection laws forbidding them to do so.

Along with databases, employees who take information are walking out the door armed with presentations [46 per cent], company proposals [21 per cent], strategic plans [18 per cent] and product/service roadmaps [18 per cent] – all of which represent highly sensitive and valuable information, critical to a company’s competitive advantage, brand reputation and customer trust.

The study found that employees who resign don’t generally take information out of malice; they do so because they feel a sense of ownership or believe it will be useful in their next role. Two thirds said they had taken or would take information they had been involved in creating, and 72 per cent said they believed the information would be helpful in their new job.

The picture changes, however, when employees lose their job. The study revealed that as many as one in three office workers (31 per cent) would deliberately remove and share confidential information if they were fired.

“As businesses across Europe rush to tighten up their data protection policies in advance of new EU legislation, it is extremely worrying to see that employees are leaving jobs with highly sensitive information,” said Patrick Keddy, Senior Vice President at Iron Mountain. “Companies concerned about information security tend to focus on building a fortress around their digital data and then forget about the paper and the people.

“This study provides a fascinating insight into what people feel they have ownership of and why. The findings highlight the need for information management policies to be developed closely with Human Resources as part of a Corporate Information Responsibility programme. Firms of all sizes, across all business sectors, need to ensure that employee-exit procedures are robust and compassionate, and that guidelines recognise that how people feel directly influences their behaviour and actions.”

The study suggested that a lack of appropriate information management policies or their ineffective implementation could be a powerful factor in information loss. Only around half [57 per cent] of respondents said it was always clear when information was confidential, and a third [34.4 per cent] said they were not aware of any company guidelines regarding what information could or could not be removed from the office.

The Iron Mountain study surveyed 2000 office workers of all ages and across all business sectors in France, Germany, Spain and the UK.