Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Businesses Privacy Security IT Technology

Employees in the Dark About Data Retention Policy (betanews.com) 40

An anonymous reader shares a BetaNews article: A new study reveals that over half of office-based employees say their companies don't have written policies on data retention or personal use of work devices, or if they do, they aren't aware of them. The study conducted by Harris Poll for e-discovery company kCura reveals communication habits that could put organizations at risk of incurring increased data retention and discovery costs in today's increasingly litigious business environment. "Complete bans on the personal use of work devices would be difficult -- if not impossible -- to implement, and could be harmful to employee morale. However, companies do need to implement reasonable policies to mitigate risk," the report adds.
This discussion has been archived. No new comments can be posted.

Employees in the Dark About Data Retention Policy

Comments Filter:
  • I've worked for a lot of different Fortune 500 companies in Silicon Valley. The one company that had any kind of data retention policy was eBay/PalPay when I worked there on different contracts. If an employee left the company, the hard drive from their PC got sent over to legal for them to create a backup image for future reference.
  • by Anonymous Coward

    Before I left a horrible place I made sure source code and documentation was all checked into the shared repo and then I wiped everything local; my mail db, drives, unsubscribed from services, reset passwords for everything, y'know the works.

    They didn't say boo about it while I was there or even through the exit interview but I found out after through the grapevine that apparently they wanted crap like that around and were in a huff about it, there were no formal policies they just expected people not to gi

    • On some contract jobs I routinely erased the system before returning it. Most of the time the system would get re-imaged and deployed to someone else anyway. I've never gotten blowback for doing it.
      • by WarJolt ( 990309 )

        That's what they do on classified stuff. Nothing enters or leaves the room. No cables to the outside. Only a very select group of people get to take things out of the room. When you're done with the room everything stays there and gets wiped very carefully.

  • ...Except legal, even though they created them they are always asking us to miracle up something that is over a year beyond the limit of our retention policies.

  • by swb ( 14022 ) on Wednesday April 12, 2017 @03:42PM (#54224589)

    Management's policy process lack's the knowledge and (ugh, sorry) "agility" to adapt what they want to the ever-changing landscape of what and where data is and how it's accessed.

    Whatever policy is on paper is likely woefully vague or out of date relative to technology. Much of the time the organization itself is willfully non-compliant as various centers within the company store and access data in various public clouds, social media sites, on personal or hand-held devices, and so on.

    Even when everyone kind of has their shit together, the technology industry is subverting "corporate data" by turning themselves into personal technology companies, like Apple and now Microsoft, where they've figured out that if you sell to the individual end users as consumers you can essentially *make* corporations support (and sometimes buy) your product.

  • by painandgreed ( 692585 ) on Wednesday April 12, 2017 @03:42PM (#54224591)

    They probably don't have those policies and procedures written up because they can't end up having that meeting, or at least one that comes up with a solution. Head Honcho wants everything deleted after 6 months because of possible liablities and reveal. Low down managers don't want anything deleted because they are looking to cover their asses in possible liabilities and reveals. IT states they only have enough of a budget to store everything for one year. Workers point out that many of their projects last longer than one year and even go multiple years and they'll need all that information well past those timelines just to get the job done and support it. Legal is going to pop up and explain that things can be deleted after 6 months, except for these three corner cases they know about where they are legally obligated to hold information for up to ten years to forever, and there might be more such cases, and dependancies due to contracts. By the end of several hours, they have several conflicting policies demanded by different parts of management and half a dozen problems that need to be looked at with legal and economic issues as to why they can or can't adhere to any policy. Eventually, the day long meeting ends with another, similar meeting scheduled in another few months.

  • by vilain ( 127070 ) on Wednesday April 12, 2017 @03:51PM (#54224681)
    A friend works for a computer forensic recovery and analysis company that many big companies and three-letter agencies use to crawl through a company network, audit each machine it finds (either by breaking in or being given access), and scans for various types of files. It vacuums them up for review by a human. It's used for litigation discovery and spying. My friend is very proud that his company is partially responsible for bringing down some very highly placed Pillbilly Repugnican operatchiks for corruption and sexual escapades.
    • by Anonymous Coward

      Nothing digital ever dies. As Clinton found out when using Bleachbit. Of course, she was lauded and not prosecuted. Anyone else would be given thumb screws doing what she did.

      Doesn't matter. Even if they don't find a smoking gun they will find something else. The engineer from BP found that out by getting accused of obstruction for deleting text messages. Which nearly everyone does anyway on a routine basis. But it looked bad at that moment in time.

      Delete, don't delete, they will hang you for it anyw

  • If you put your data on their device, they can copy it at any time. At that point, it's a question of trusting not only the company policy but also the staff with privileged access---most of whom you will never meet or even know by name.

    A lot of places are doing HTTPS decryption and packet inspection at the perimeter, so even "secure" or "private" connections on these devices are not trustworthy. Any privacy you have is either an illusion or a convenience at best.

    The bottom line: If you're not OK with it be

    • by rtb61 ( 674572 )

      The old rule used to be get as much personal use of company devices as possible, the new rule is, leave them at work. The personal freedom you lose is not longer worth the perceived saving. That company phone is no longer a personal asset but a leash and collar used to control and monitor you. If they demand you carry it at all times, simply call forward to a personal device which they do not control.

    • This is why I've been clicking on multiple pizza links and coupons on their device, just to make sure those people inspecting the data can feel the excitement before lunch. I do wonder if this is what made the pizza delivery boy coming in almost every lunch hour.

      The only week it stopped is when I clicked on some links about sausage factories and rats eating rotten meat.

  • Most of the people who go on about policies have no idea what actual data retention is, or how backups work, or which "critical files" and logs are maintained.

    Or are lawyers, so they just lie to you anyway.

  • These days, any cutting down on personal use of computers or phones just means employees will spend more time on their personal cell phones. Telling them they can't use cell phones will just typically be ignored or result in them using their work computers against policy. Either way, it's just going to cause headaches for the managers because they aren't going to use either against an employee unless they want them fired and need a policy to present as a clear cut reason, which hits morale of all the other

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...