What Happens to the Data When Employees Come and Go?
Most employers will have some kind of HR policy document that employees have to sign when they start working. Much of the verbiage is important for legal reasons but sometimes important practical aspects of computer use is overlooked.
Of course nobody should be doing personal work, filling up space with their favorite media apps or viewing inappropriate content. That is fine, now what should they be doing? What should they have access to? What resources are available?
Some companies have a small resource guide as part of the employee manual to answer those questions. It is easier for a new hire to start on the right foot following norms and rules if they know what those rules are. That is related to, but separate from what I am talking about here, so if it seems missing, that is why.
Practical Computer Network Setup Considerations
Here I want to talk about some practical computer network setup considerations around new hires and departing staff.
We encourage our clients to have a clear on-boarding/off-boarding policy, and with it we like to have a tracking sheet that walks management and IT support thought the process step by step on a checklist.
A few years back we set this up for a care facility, a nonprofit, running a day program for cerebral palsy patients. They run a few social programs, track participants, have databases and raise funds as a nonprofit.
Because the care facility was covered by HIPAA, a formal start and stop to employee computer use was needed. There was private patient information and partial medical records involved. When caring for cerebral palsy patients there are serious network security concerns as well as confidential staff screening. “Who can view and/or edit the files in this folder?” should always be a question with a clear answer.
This nonprofit office needed a clear on-boarding/off-boarding procedure that left nothing informal so we wrote check list for them. We have since done check lists for several clients following this model.
One of the things I liked about it, was that legal compliance was turned from a burden into an organizing asset.
What to do When You Have New Employees
When new employees start they need some basics.
A user name and password. Preferably only ONE username and password used for file access, database use and an email account. A bit of planning makes this easy. A lot of quick, ad-hoc choices makes a big mess.
A clear idea of which files this person should be able to view only and which ones they should be able to see and edit. (And which ones are reserved for management alone). In the case of a Microsoft Active Directory system, this is User and Group rights to shares and folders. Technically different on Office 365 / SharePoint or Google Drive but the concept remains the same.
Any employee needs a spot to put “their own” documents which they alone work on. The location of the correct personal folder should be made clear to the incoming staff member.
The first day of work is a great day to make the employee’s access rights clear with an authorization from a supervisor. Then IT can set them up correctly. This is also an excellent time to get the new staffer to sign a use policy as they are issued a password and network access. If you have a user guide, hand it to them, and answer any questions.
All the considerations became check boxes on the list, with blanks to fill in as we set up a custom on-board / off-board sheet built around that client’s HR rules and the network structure. The client’s HR consultant was brought in to make sure we were doing it correctly.
When we were done, it became easy for the supervisor to take out a blank onboarding sheet, check off the rights next to the program folder, email and data base names, sign it, have the new staff member sign it and then hand it to us to set up.
Once the new user setup was finished, the record went into the HR file for that employee.
What to do When You Have Exiting Employees
The time comes for people to go. When they did we had a second check list that included some of the following:
Retirement of the user name and password with the ability to turn it back on if needed.
Removal of the user from the security access groups.
Archive their personal data folder into a read only area.
Archive their email folders.
Auto reply and auto forward of their company email.
On the sheet the supervisor could decide what the message on an auto reply would be, who would get the forwarded email, (if anyone) and who would have access rights to the archived data. This was often a supervisor for a short while followed by replacement employees.
Using this method, no data was lost or even hard to find. Supervisors and the subsequent employee had access to the prior data and email and they could search it and copy it to their active data when needed.
The care center continues to get their new employees up and making good use of the company computer network quickly and at the same time helped smooth the transition as staff changes happened all while keeping up their legal responsibilities.