The devil is in the data

September 13, 2023

The devil is in the data…..How are your IT data security/retention/protection/privacy processes?

About a decade ago, I was in the unfortunate position of managing a discipline process with a staff member who had used some data they had “found” to their advantage.

It caused much anguish on both sides. A lot of money, time and unnecessary effort was wasted on something that could have been prevented. It may have never happened if this person didn’t have access to the files in the first place, but then I have knives in my kitchen and I don’t go round stabbing people.

It led me to a few questions we should all be asking ourselves.

Where is our data?

Who has access to it?

What happens if some bugger steals it.

You would be surprised, how many business owners, GM’s, admin managers don’t know what the answer to the above is and don’t have any controls from an HR perspective if it does all go wrong.

Remember here, the biggest threat to company data is people (not hackers). Theft/ accidental deletion, misuse etc, happen every day in companies all over the world.

Do you have a data security policy in your organisation? Or data retention policies? Or a system that manages access to your files?

Why should you care? If a disgruntled employee leaves and has access to all your IP and shouldn’t have had, your business could potentially be seriously compromised. I saw this happen ten years ago and the owner is still in the heat of a bitter court case.

Your data can be your customer list/your designs/ your financials/ your HR information. I doubt you would want to see any of this in the hands of your competitors or hackers or in the public domain.

Data protection is usually thought of when the horse has bolted and is on the plane to The Maldives with a scotch in one hand and some sugar cubes in the other.

Data protection is easily overlooked because we assume everyone who works alongside us is an angel…..until they aren’t.

By opening doors to data, we are opening temptation. For example, you feel unhappy and unsatisfied at work and one morning you are in the office early (and alone). You see a file called staffsalaries.docx or johnniesperformancemeeting.docx in a folder you have access to…. Will you still be an angel?

Stopping this is easy. A few policy documents and the implementation of some controls, but sometimes it is just as easy to not do something as it is to do it. “We will do it next week”. The devil is in the detail, but I think it might be lurking in the data too.

Eventually the disciplinary action ended in dismissal.

I think I do have some Sympathy For The Devil.