A number of aspects to this and I'm not sure which ones are of concern to

The policy where I am now is that no company data, and certainly no
'record' is to be kept on C: drives, because these are not accessible to
others, and are not backed up. Everyone has a C: drive, a personal network
drive (I: drive), and a network drive shared with others in the same
business unit (G: drive)

The C:/My Documents folder (or equivalent in whatever system you may have)
is actually mapped across to the I: drive and most users don't even
realise 'their' files are not on the C:drive at all.

When someone leaves,  assuming the leaving is friendly then any business
files should first be transferred from the personal I: drive to the shared
G: drive. After the person is gone, personal folders and the C: drive are
backed up and removed from access; their manager can get access if
required, which may be necessary if the parting is turbulent.

For transfers within the company, it is up to the transferee and their
replacement or their former manager to figure out which files should be
left behind - usually this is done by copying the files to the G: drive.
In some areas much stricter rules apply as there are parts of the company
which for conflict of interest and probity reasons cannot see documents
belonging to other parts of the company.

Of course there is a lot of human involvement in all this, so there is a
possibility of error, oversight or deliberate obfuscation. From a document
management point of view I'd rather see diskless workstations, but with
laptops abounding that's not possible. This throws the onus back onto
education and more education: what is a record; why aren't 'my' files
really mine, etc.

My experience is that there is just as much risk, if not more, from
departees or their successors binning paper documents.

I've had interesting experiences in other organisations when PC's are
transferred - the C: drives aren't always wiped or re-imaged. At one site
my mail handling supervisor inherited the PC and all the personal and
company documents of the resident head of the outsourced IT services,
including lots of things that appeared to be about the outsourcing
contract renewal negotiations with us. THAT held desk call was answered in

And when the PC is retired - one client of mine had a series of problems
with confidential info being accidentally sold off at auction, so they
eventually imposed a policy of shredding the hard drives. Made an
interesting crunching noise as all the metal chips came out the bottom of
the big shredder. Even Norton Utilities can't recover data from that!



Glenn Sanders
[log in to unmask]
[log in to unmask]

These views are mine alone. They may or may not be those of any previous
or present employers or clients. I don't know. If I'd asked and they'd
agreed, I would have signed it "Bloggs and Co and Glenn". Or whatever. But
I haven't, so I didn't.

List archives at
Contact [log in to unmask] for assistance