Partner Login
0800 328 2522
 
Datalab - We find the impossible
 
No stat mask

What Data Leaves with Key Staff, Both Intentionally and Not.

Updated: Oct 14, 2025

Staff seem to need access to all the data, all the time. 

Healthy or not, in today's interconnected workplace, this necessity propagates data across a wide array of company assets and personal hardware. From cloud-based documents accessed on a home computer to client details synced to a personal smartphone, information naturally spreads to the most convenient points of access. This "data sprawl" is often a byproduct of productivity and flexibility. But what happens when that person, the central node for all that information, walks away from the business? The departure of a key employee can create a "digital backdraft," a sudden and often invisible outflow of sensitive company information that can have lasting consequences.

The most common form of data loss is entirely unintentional. Think of the countless ways data gets cached, copied, and synced for convenience. Browser auto-fill might save login credentials to a personal laptop, company documents might be automatically backed up to a personal Dropbox or iCloud account, and project files might be downloaded to a home computer for after-hours work. There's no malicious intent, but the result is the same: fragments of proprietary information are left scattered across unmanaged devices. This forgotten data becomes a significant security risk, vulnerable to accidental exposure, malware on a personal device, or discovery by a future user of that hardware.

On the other end of the spectrum is intentional data exfiltration. A departing employee, particularly one heading to a competitor or starting their own venture, may be tempted to take valuable information with them. This can range from seemingly innocuous files, like project templates or work samples for their portfolio, to highly sensitive intellectual property, such as client lists, strategic plans, or proprietary source code. The methods are often simple: a USB drive loaded with files in their final week, a series of emails sent to a personal address, or a large download from a company SharePoint or server. This deliberate act constitutes a direct threat to a company's competitive edge, customer relationships, and regulatory compliance.

Digital Investigations Circle

Mitigating the risks of a digital backdraft requires a proactive and structured offboarding process. It’s not enough to simply collect a laptop and a keycard. A comprehensive strategy must include immediate revocation of all system access, from email and internal networks to third-party SaaS platforms. For businesses with "Bring Your Own Device" (BYOD) policies, clear procedures for remotely wiping company data from personal devices are essential.

  • High stakes staff must be identified early to ensure their systems and data are handled in a manner that can be investigated.
  • IT must know how to offboard, and when, employing a ‘Lead Up to Leave’ strategy.
  • Exit interviews must take place to ensure staff are aware of the offboarding including how their devices may be affected and what may be looked at in terms of data movement.

This technical lockdown, combined with exit interviews and reinforcing the employee's ongoing confidentiality obligations, creates a robust defense. By planning for an employee's departure with the same diligence as their onboarding, a company can ensure that when a team member leaves, the company's valuable data stays behind.

If you’d like to talk to us about an incident or the ‘Leavers Audit’ Datalab has designed, reach out today on 0800 328 2522 or visit us via www.datalab.co.nz.

Linked In   Facebook

Auckland

Level 1, 399 Khyber Pass Rd, Newmarket, Auckland 1023

Wellington

Level 6, Aon Centre, 1 Willis Street, CBD, Wellington 6011

Christchurch

Ground Level, 14 Hazeldean Rd, Addington, Christchurch, 8024

© Datalab Ltd 2024  •  Privacy Policy  •  Terms & Conditions  •  Website Terms of Use