Best Practice for EX-emplyee data storage/handling HELP!!

0 pts.
Tags:
Backup & recovery
Career Development
Networking
Storage
Hello world! I need help here ... your expertise on what you do with the data when someone leaves the company... This is where i'm at currently: 1) Created a RetiredEmployee share. 2) when user JDoe leaves I create a JDoe folder in that share 3) I copy the data of their personal network drive, computer, and pst to that folder. 4) I map anyone needing access to that folder for 30 days. I send them an email to copy or delete, go through since it will be deleted. 5) I actually deleted after 60 days... HELP:::::::::::::::::::::::: My IT director wants to keep the data available, he suggested DVD's and keep them here with a txt of the contents of the DVD. We don't want to keep junk, nor delete data that they are going to asks us 6 months after the employee left. What is your procedure? the BEST practice?? please help ASAP!! thank you.
ASKED: January 13, 2005  11:30 AM
UPDATED: January 13, 2005  12:44 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

1. Create “Read Only” Share
2. Create user folder/copy data
3. Create CD/DVD each month of all removed (30 days, 60 days…)
4. Send DVD to HR department
5. Pick up last month’s CD/DVD, send to offsite storage

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Jaysea
    I think this depends on your backup procedure. I purge at the end of the year after I do a full backup that will go into storage for 10 years. With current regulations I think the data has to be available for 7 years.
    0 pointsBadges:
    report
  • Bobkberg
    Interesting question. Given the storage capacity of a DVD (4 Gigabytes at the moment - with the potential of 50GB depending on the technology) That would seem to be a reasonable method. I have my doubts however about keeping a text record - unless you mean to build a directory listing of the ex-employees into a file - to ALSO be burned on to the DVD. Historically, this hasn't really been done - because disk space was too expensive for idle storage. I'd say that your director has a reasonable idea - as long as you keep the file listing on the DVD - then just print a standard format label on the DVD with the ex-employees name, division (or office, job, whatever), and period of employment so that as the organization changes over time, the information on the DVD label will be informative. Then set a 1 year (or whatever) retention period, and have the disks destroyed. The reason you need to be careful about destruction as a formal policy is that if you ever get sued, all those old records can be subpeonaed as evidence. Bob
    1,070 pointsBadges:
    report
  • Imaginetsecurity
    It sounds like your company does not have current and appropriate Policies and Procedures that cover archiving and retention. Do you have legal counsel available to answer your specific concerns over liability? Is your company subject to any specific federal or state regulations (i.e. HIPAA, GLBA, SOX, etc.)? If so, those regulations provide some specifics on archiving and retention. For example, HIPAA dictates 6 years of ePHI records but does not specify how to archive. GLBA is similar (what, how long, but not how). The methodology your boss mentioned would be relatively compliant with such terms. Add to that the suggestions by the other posts of a temporary read-only share with selected access by appropriate staff only and you are fairly well covered. Best practices vary as to length of data retention of former employees. Issues such as nature of termination and sensitivity of that employee's role and data access while employed should control a lot of your decision on retention time. Longer is definitely more protective but more costly. Your legal counsel can provide more specifics for your business' needs, but you essentially need a written policy to apply to this situation and a written procedure that should be followed. Some links for you to review: http://www.sans.org/rr/whitepapers/backup/514.php http://www.sans.org/rr/whitepapers/recovery/564.php http://www.sans.org/rr/whitepapers/sysadmin/305.php In general , here are some best practices ideals to consider. Best Practice No. 1 ? Select data for preservation based on a conceptually Sound appraisal methodology. Best Practice No. 2 - Select appropriate storage media. Best Practice No. 3 ? Perform data migrations under established retention policies and practices. Best Practice No. 5 ? Address metadata issues relevant to long-term data retention. Best Practice No. 6 - Preserve systems documentation. Best Practice No. 7 ? Store media properly. Best Practice No. 8 ? Perform proper media maintenance tasks. Policies and Procedures for Electronic Records Retention might follow the following: Records Retention ? General Corporate Policy Records Retention at the Desktop Level The Management and Retention of E-mail Software Applications: Records Retention Requirements The Retention of Web Content Long-term Data Retention If you do not have P&Ps in place, your liability is increased. It would seem that now is as good a time as any for your firm to establish some.
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following