Who is taking important documents home in your business?

Wednesday August 17, 2022

No stranger to scandal, former US President Donald Trump has been in the headlines again following an FBI investigation. A search of his Mar-a-Lago home reportedly found him to be in possession of 11 sets of classified documents, some of which were labelled as Top Secret.

A spokesperson for Trump has said that “everyone ends up having to bring their work home from time to time”.

This is true, especially since the rise in hybrid and remote working, but it’s a questionable excuse for someone no longer in their position. Especially when that position is president of the United States!

As the investigation into Trump’s handling of classified documents continues, it serves as an important lesson to employers everywhere.

Who is taking work documents home with them? What information has left the business? Has a departing employee returned everything that they should have?

If you are unsure of the answers to these questions, you may need to urgently review your policy on the safe handling of data and documents in your organisation.

What does the law say?

Here in the UK, we are governed by the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR), which specify the rules on data processing and storage.

As an employer, you have a responsibility to ensure that your business is compliant with these laws. In some circumstances, this involves appointing a Data Protection Officer (DPO).

Your responsibility extends to how your employees handle data too, and training should be arranged for anyone who does this as part of their role. This could include customer service agents or sales agents taking client details, or an HR manager dealing with personal employee information.

When employees work remotely, you need to make sure that they follow the same processes as they do in the workplace to ensure the continuation of safe data handling and storage.

Risk assessing what matters to your business

Data protection laws protect the sensitive data of individuals. You may also have sensitive documents relating to your business that do not fall into this category but still need to be protected.

A risk assessment can help you to determine what these are, who needs access, and how they should use and store the documents. As with general data protection, you would then train the relevant employees and put a policy in place to protect your business.

Don’t forget to add a procedure for when employees leave too. Make sure that they know what to return, or how to safely dispose of any confidential information. Otherwise, it might end up in the kitchen bin!

Some businesses will go so far as to introduce a restrictive covenant which prevents employees from revealing certain information outside of the business, especially to a competitor, for a set length of time after their employment. If you decide to do this, it’s best to seek professional HR advice, as restrictive covenants have come under scrutiny in recent years for their lack of legitimacy.

What if an employee breaches your policy?

This is a serious matter and can impact the future of your entire business. Following your risk assessment, you may decide that a data or document leak is gross misconduct, which could lead to dismissal.

An investigation will help you to understand what happened and why, but you need all employees to take data protection and the safe handling of documents seriously. That is more likely to happen if they are aware of the repercussions of breaching your policy.

If this is something you’d like to know more about, please do give us a call.

Preventing People Problems

Subscribe to our monthly newsletter

Office Address: 2 Old Bath Road, Newbury, Berkshire, RG14 1QL | VAT Number: 244730220 | Registration Number: 10175120

Copyright © 2007 - 2019 The HR Dept Ltd. HR DEPT is a registered trademark belonging to The HR Dept Limited.