Author Topic: Turning over company files stored on personal laptop?  (Read 7389 times)

0 Members and 1 Guest are viewing this topic.

Offline Pack34Topic starter

  • Frequent Contributor
  • **
  • Posts: 753
Turning over company files stored on personal laptop?
« on: July 16, 2018, 05:34:57 am »
Out of necessity, I've had to use my personal laptop for a couple years. It has all of my personal and financial information on it as well as some design files for a couple companies I've moonlighted for over the past couple years.

I'm meticulous in documenting my designs and making sure everything is uploaded, committed, etc. Everything is there with the likely exception of some raw and random test data I can dump on an external drive.

Considering that it's my personal property, has confidential information on it, etc. I do not feel comfortable handing it over for them to ensure it's scrubbed. I was planning on making sure that everything was uninstalled, deleted, and the recycle-bin is purged. Then walk someone from IT through it to demonstrate that their information isn't on my computer anymore.

I've used almost exclusively my own software, computer, and test equipment while here. I've always been given the "cash flow" excuse when asking for equipment so I gave up asking. Hence why I'm in this situation now.
 

Offline rdl

  • Super Contributor
  • ***
  • Posts: 3665
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #1 on: July 16, 2018, 05:46:32 am »
Why would you even consider handing your personal computer (with your personal info on it) to somebody else so they can "examine" it? What good would it do them anyway? You could have multiple copies elsewhere. Actually, I hope you do have multiple copies elsewhere. Backups of important data is a good thing to have.
 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 4922
  • Country: si
Re: Turning over company files stored on personal laptop?
« Reply #2 on: July 16, 2018, 06:35:48 am »
That makes no sense to me.

How does this prove you whipped the data when you could have copied it to an USB drive and left it at home. Do they also have to do a search of your home and check any data storage medium they find. What about your Dropbox account, you could have kept the files there so you have to give then your Dropbox login too...

You can proabobly sign some form of NDA like document on that data instead.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #3 on: July 16, 2018, 06:59:37 am »
Erase it yourself using a tool which will certify that the drive bearing serial number XYZ has been erased to a particular standard. Active@ Killdisk for example. Then allow them to confirm that the drive erased is the one installed in your laptop. Or, perform a secure erase first yourself, then hand it to them in a santised state.

I would not be handing over any of your personal equipment with data intact unless compelled to by a court.

Sure it means that you will have to re-install everything (I suppose you could take an image of it before-hand).


 
The following users thanked this post: ChunkyPastaSauce

Offline ChunkyPastaSauce

  • Supporter
  • ****
  • Posts: 539
  • Country: 00
Re: Turning over company files stored on personal laptop?
« Reply #4 on: July 16, 2018, 07:05:19 am »
I'd probably end up just backing up what's not theirs and wipe the drive, likely less hassle. Get comp for time though, if you can.  Definitely not signing NDA willy nilly though
 

Offline firewalker

  • Super Contributor
  • ***
  • Posts: 2450
  • Country: gr
Re: Turning over company files stored on personal laptop?
« Reply #5 on: July 16, 2018, 07:10:34 am »
Backup your stuff (everything :P). Tell them to buy you an SSD (better one) for you laptop. Destroy the old disk in front of them. Ask a signed confirmation that they acknowledge the data destruction and you are free of any blah blah.

Alexander.
Become a realist, stay a dreamer.

 

Offline Pack34Topic starter

  • Frequent Contributor
  • **
  • Posts: 753
Re: Turning over company files stored on personal laptop?
« Reply #6 on: July 16, 2018, 07:11:20 am »
The setup is a bit wonky and I'm trying to think of the cleanest way to depart. I was overly nice last time I changed jobs with training and turnovers and I paid for it. I helped train them for three months afterwards so they would be sustained until they landed a replacement. That ended up a mess. I ended up being shorted pay and they felt they deserved more work out of me.

When the offer letter is officially signed, it'll be a 50% raise and I want this done clean, fast, and both parties as happy as possible. I want to be doing my next thing and make sure my reference at this place is as positive as possible.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #7 on: July 16, 2018, 07:15:53 am »
When the offer letter is officially signed, it'll be a 50% raise and I want this done clean, fast, and both parties as happy as possible. I want to be doing my next thing and make sure my reference at this place is as positive as possible.

Then your only real solution is to satisfy them but do it in a way that is fair and reasonable to you too. Ask if you can supervise the secure erase procedure yourself, so you know that no one is messing around with your private data. If it were me, I would securely erase that drive first, then hand it over to them to repeat the process to their satisfaction, if all they are worried about is making sure that disk is erased, then they have no reason to start poking around.
 
The following users thanked this post: ChunkyPastaSauce

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #8 on: July 16, 2018, 07:18:22 am »
I personally have the rule that if a company wants to manage it, they have to spring for it. In this case it seems the company didn't want to do this despite repeated requests, so they don't have a say in the matter. If they provide you with a laptop, it's a different story. Their hardware, their rules. Your hardware, your rules. Due to the presence of your own information your interest is at least as big as yours, though I would say your risk is bigger. Their risk is a professional one, while yours is personal.

If they regret their stance in hindsight, they might ask you to clean the disk in company time. Have them spring for a replacement disk and after copying your stuff to that you shred the current disk. They should be happy you worked with hardware you paid yourself, not cause your problems because of it. They dropped the ball here. Maybe they'll learn something. Though I doubt it, as the also had you use your own personal lab equipment. One can't really feel sorry for an organisation that exploits its employees like that.
 

Offline ChunkyPastaSauce

  • Supporter
  • ****
  • Posts: 539
  • Country: 00
Re: Turning over company files stored on personal laptop?
« Reply #9 on: July 16, 2018, 07:33:40 am »
Ask if you can supervise the secure erase procedure yourself, so you know that no one is messing around with your private data. If it were me, I would securely erase that drive first, then hand it over to them to repeat the process to their satisfaction, if all they are worried about is making sure that disk is erased, then they have no reason to start poking around.
Sanitizing the disk before they get to inspect is the way to go, since he has confidential files on the computer from other parties (and his own).

 

Online tszaboo

  • Super Contributor
  • ***
  • Posts: 7307
  • Country: nl
  • Current job: ATEX product design
Re: Turning over company files stored on personal laptop?
« Reply #10 on: July 16, 2018, 07:34:30 am »
I bring 3 types of items to my workplace, which I leave there:
Pens (Staedtler pigment liner, office always cheap out on technical pens) and  ruler, food, headphone (because office always thinks that sharing headsets are hygienic). That's it. I very rarely take a tool home from the office, after asking, returning next day.
And then there are some people, who think their home office is just some kind of extension to the office, sharing expensive test equipment, products and IT infrastructure at will. BYOD is just crazy IMHO.
 
The following users thanked this post: tooki

Offline AndyC_772

  • Super Contributor
  • ***
  • Posts: 4208
  • Country: gb
  • Professional design engineer
    • Cawte Engineering | Reliable Electronics
Re: Turning over company files stored on personal laptop?
« Reply #11 on: July 16, 2018, 07:42:10 am »
Anyone *that* keen on verifying that your personal laptop is 'clean', doesn't understand the concept that digital files can be copied.

Your laptop being totally sterile means nothing. If you wanted to surruptitiously keep hold of company material, you'd simply copy it to another drive. You know that, they know that, anyone who has ever used a computer knows that. Giving a company IT tech access to your laptop is pure theatrics.

Comply with any obligations you already have to delete company data. Flat-out refuse to sign anything new. If you're leaving a company, you have nothing to gain by agreeing to any new obligations as part of an exit process - so don't.
 
The following users thanked this post: tooki

Offline Pack34Topic starter

  • Frequent Contributor
  • **
  • Posts: 753
Re: Turning over company files stored on personal laptop?
« Reply #12 on: July 16, 2018, 07:48:49 am »
I bring 3 types of items to my workplace, which I leave there:
Pens (Staedtler pigment liner, office always cheap out on technical pens) and  ruler, food, headphone (because office always thinks that sharing headsets are hygienic). That's it. I very rarely take a tool home from the office, after asking, returning next day.
And then there are some people, who think their home office is just some kind of extension to the office, sharing expensive test equipment, products and IT infrastructure at will. BYOD is just crazy IMHO.


This next job will be the first one I'll work at that isn't BYOD (laptop excluded). They've all been to either use the <100MHz monochrome scopes and $20 irons provided or bring your own from home. I've never had an equipment purchase approved.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #13 on: July 16, 2018, 07:52:09 am »
Sanitizing the disk before they get to inspect is the way to go, since he has confidential files on the computer from other parties (and his own).
It's quite hard and a lot of work to completely sanitize a disk and you're never quite sure whether you caught everything, especially when it's an OS disk. OSs tend to spread data everywhere.  It doesn't help that these people have completely different interests than you do. You can't assume your data is safe in their hands, even if they mean well. Like I said before, Pack34's interest is at least as big as the companies. He has personal data on that disk. His own privately owned disk.

It's assumed they worry about third parties accessing the information left on your disk. As AndyC_772 remarks correctly, they can't exactly stop you from copying it elsewhere anyway. Copying your personal data to another disk and shredding the original disk completely is quite a bit safer than sanitizing a disk. It protects the company both from the disk being stolen and your computer being infected by malware that steals data. Although again, the fact that they have relevant data on your computer is a problem of their own making. They're to suggest how to solve their own problem.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #14 on: July 16, 2018, 07:54:19 am »
This next job will be the first one I'll work at that isn't BYOD (laptop excluded). They've all been to either use the <100MHz monochrome scopes and $20 irons provided or bring your own from home. I've never had an equipment purchase approved.
BYOD typically means providing a budget with which a device can be bought. Dumping it on the employee is a cheapskate tactic I rarely see.
 

Offline Pack34Topic starter

  • Frequent Contributor
  • **
  • Posts: 753
Re: Turning over company files stored on personal laptop?
« Reply #15 on: July 16, 2018, 08:04:13 am »
This next job will be the first one I'll work at that isn't BYOD (laptop excluded). They've all been to either use the <100MHz monochrome scopes and $20 irons provided or bring your own from home. I've never had an equipment purchase approved.
BYOD typically means providing a budget with which a device can be bought. Dumping it on the employee is a cheapskate tactic I rarely see.


It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
 

Online Ian.M

  • Super Contributor
  • ***
  • Posts: 12807
Re: Turning over company files stored on personal laptop?
« Reply #16 on: July 16, 2018, 08:16:07 am »
At home, drive to drive image backup the drive, and scrub their files on the image with a file level secure erase tool.   After verifying that all your and 3rd party files are intact on the backup,  scrub all your (and 3rd party) confidential files on the laptop.   Uninstall the backup software and the file level secure erase tool (or better yet run them from live CD in the first place).  Make sure the machine boots without errors, and common applications launch correctly.

If you are feeling mean 'salt' it with OSHW designs, FOSS software sources and cat pictures etc. with randomised filenames.   

Remove *all* clutter from your laptop bag, only leaving the machine, its PSU and power lead.

In the interests of good will and a swift departure, offer supervised access to the machine in your presence during paid working hours, for them to remove any data they believe belongs to them, on the basis that you will not permit an image copy to be made or for them to retain the physical drive (though if they are willing to pay the full cost of its replacement you will permit its physical destruction in your presence), and that you will demonstrate that the machine boots and runs correctly before they touch it and if it does not boot and run the same afterwards, they are responsible for all costs for a 3rd party repair service to restore it to the operating condition it was in before they touched it + for hire of an equivalent replacement machine while it is being repaired.
« Last Edit: July 16, 2018, 08:28:56 am by Ian.M »
 

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 13695
  • Country: gb
    • Mike's Electric Stuff
Re: Turning over company files stored on personal laptop?
« Reply #17 on: July 16, 2018, 08:16:26 am »
You've not said what they have actually asked for ( if anything)
Just tell them you've removed their data and that's the end of it, and ignore any further requests. If they don't trust you, what are they doing hiring you

As soon as they made it necessary for you to use your own laptop, they lost any right to inspect it.
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 
The following users thanked this post: PlainName

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #18 on: July 16, 2018, 08:23:27 am »
It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
I think it largely depends on where you work geographically. US labour laws tend to be quite a bit more liberal than those in many countries of the EU. The latter can differ quite a bit between countries.
 
The following users thanked this post: b_force

Offline Pack34Topic starter

  • Frequent Contributor
  • **
  • Posts: 753
Re: Turning over company files stored on personal laptop?
« Reply #19 on: July 16, 2018, 08:23:47 am »
You've not said what they have actually asked for ( if anything)
Just tell them you've removed their data and that's the end of it, and ignore any further requests. If they don't trust you, what are they doing hiring you

As soon as they made it necessary for you to use your own laptop, they lost any right to inspect it.


Nothing has been requested yet. Getting my "ducks in a row" before resigning.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #20 on: July 16, 2018, 08:30:00 am »
Nothing has been requested yet. Getting my "ducks in a row" before resigning.
You're overthinking a problem that doesn't exist. And whatever you do, don't make it a problem that does exist.
 
The following users thanked this post: tooki, ChunkyPastaSauce

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #21 on: July 16, 2018, 10:29:47 am »
Sanitizing the disk before they get to inspect is the way to go, since he has confidential files on the computer from other parties (and his own).
It's quite hard and a lot of work to completely sanitize a disk and you're never quite sure whether you caught everything, especially when it's an OS disk. OSs tend to spread data everywhere.

Not at all. Download DBAN, throw it on a USB or CD, boot it up and let it do its thing. Even a single pass is more than enough in 99% of cases. Don't get too hung up on multiple passes or specific standards, one is enough.

Of course (if you didn't already know) running DBAN will ensure everything on the disk is irrecoverably gone. Operating system, any recovery partitions, user data, the lot. The only things it won't touch are the Host Protected Area and any remapped sectors on an SSD, but don't worry too much about those.
« Last Edit: July 16, 2018, 10:36:49 am by Halcyon »
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Turning over company files stored on personal laptop?
« Reply #22 on: July 16, 2018, 10:33:05 am »
The last contract I did wanted me to do this. So I informed them that it was outside of the contract and therefore chargeable and the charge was ÂŁ2500 for data removal and reconstruction as it was my kit and would cost me time, money and software.

They didn't take that optional service  :-DD
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #23 on: July 16, 2018, 10:58:18 am »
Not at all. Download DBAN, throw it on a USB or CD, boot it up and let it do its thing. Even a single pass is more than enough in 99% of cases. Don't get too hung up on multiple passes or specific standards, one is enough.

Of course (if you didn't already know) running DBAN will ensure everything on the disk is irrecoverably gone. Operating system, any recovery partitions, user data, the lot. The only things it won't touch are the Host Protected Area and any remapped sectors on an SSD, but don't worry too much about those.
You're talking about shredding the disk, not sanitizing it. I've explained in one of my earlier posts that shredding it is the better option, after evacuating the personal data to another disk. It's still a hassle to sort through your files and risk shredding something you intended to keep. I wouldn't go through all that effort without a very good reason. Sanitizing an OS disk, meaning that you keep the OS and some files and permanently destroy others, is very hard and tedious to do properly. Most OSs shift data around all the time and it's not always accessible or obvious to the user.

One thing that does worry me is that OP seems to suggest this is the only copy of his data. Obviously, proper backups need to be made if the data is worth anything.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #24 on: July 16, 2018, 10:59:04 am »
The last contract I did wanted me to do this. So I informed them that it was outside of the contract and therefore chargeable and the charge was ÂŁ2500 for data removal and reconstruction as it was my kit and would cost me time, money and software.

They didn't take that optional service  :-DD
It's also a case of being fairly easy to do if requested beforehand, but painful and tedious when requested after the fact.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Turning over company files stored on personal laptop?
« Reply #25 on: July 16, 2018, 11:04:51 am »
Exactly that.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #26 on: July 16, 2018, 11:05:35 am »
Not at all. Download DBAN, throw it on a USB or CD, boot it up and let it do its thing. Even a single pass is more than enough in 99% of cases. Don't get too hung up on multiple passes or specific standards, one is enough.

Of course (if you didn't already know) running DBAN will ensure everything on the disk is irrecoverably gone. Operating system, any recovery partitions, user data, the lot. The only things it won't touch are the Host Protected Area and any remapped sectors on an SSD, but don't worry too much about those.
You're talking about shredding the disk, not sanitizing it. I've explained in one of my earlier posts that shredding it is the better option, after evacuating the personal data to another disk. It's still a hassle to sort through your files and risk shredding something you intended to keep. I wouldn't go through all that effort without a very good reason. Sanitizing an OS disk, meaning that you keep the OS and some files and permanently destroy others, is very hard and tedious to do properly. Most OSs shift data around all the time and it's not always accessible or obvious to the user.

One thing that does worry me is that OP seems to suggest this is the only copy of his data. Obviously, proper backups need to be made if the data is worth anything.

No, I'm talking about sanitising the disk (i.e.: overwriting every sector with 0's, 1's or random data). Sanitising and shredding (destruction) are two totally different things. The OP doesn't sound like he wants to destroy the disk.

Of course physically destroying the disk is quicker, but that also renders it useless. As I mentioned in my previous post, doing a single-pass overwrite is going to be more than enough in the circumstances described in this thread.

If all he wants to do is overwrite the data so that it cannot be recovered, but leave the disk intact so that it can be used later, DBAN is the tool for the job. He isn't talking about destroying Secret or Top Secret information here.
 

Offline b_force

  • Super Contributor
  • ***
  • Posts: 1381
  • Country: 00
    • One World Concepts
Re: Turning over company files stored on personal laptop?
« Reply #27 on: July 16, 2018, 11:13:52 am »
It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
I think it largely depends on where you work geographically. US labour laws tend to be quite a bit more liberal than those in many countries of the EU. The latter can differ quite a bit between countries.
Getting involved into someone's data or mailbox is seen as an infringement of privacy, which is taken very seriously and embedded in most constitutions.
Unless a company has good proof that someone is fooling around or they can't access proven valuable data, it's not easy to even access someones mailbox.
If this is also done in practice is a different story.

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #28 on: July 16, 2018, 11:21:01 am »
It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
I think it largely depends on where you work geographically. US labour laws tend to be quite a bit more liberal than those in many countries of the EU. The latter can differ quite a bit between countries.
Getting involved into someone's data or mailbox is seen as an infringement of privacy, which is taken very seriously and embedded in most constitutions.
Unless a company has good proof that someone is fooling around or they can't access proven valuable data, it's not easy to even access someones mailbox.
If this is also done in practice is a different story.

If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1799
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #29 on: July 16, 2018, 11:32:59 am »
I personally have the rule that if a company wants to manage it, they have to spring for it. In this case it seems the company didn't want to do this despite repeated requests, so they don't have a say in the matter. If they provide you with a laptop, it's a different story. Their hardware, their rules. Your hardware, your rules.
I oversee IT for our company and I agree with this policy.

Most employers are not going to give half a crap about what’s on your personal laptop. To OP, they know you could already have made backups, they know you’ve already signed an NDA and assignment of IP document, and they’re not likely to make a big deal of your personal laptop anyway.
 

Offline b_force

  • Super Contributor
  • ***
  • Posts: 1381
  • Country: 00
    • One World Concepts
Re: Turning over company files stored on personal laptop?
« Reply #30 on: July 16, 2018, 11:54:15 am »
It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
I think it largely depends on where you work geographically. US labour laws tend to be quite a bit more liberal than those in many countries of the EU. The latter can differ quite a bit between countries.
Getting involved into someone's data or mailbox is seen as an infringement of privacy, which is taken very seriously and embedded in most constitutions.
Unless a company has good proof that someone is fooling around or they can't access proven valuable data, it's not easy to even access someones mailbox.
If this is also done in practice is a different story.

If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
Ehm no they can't, but again it depends per country.
But there are quite some countries that the organization can't just look into your details, even if it's the "property" of the company you don't have access to it without a good reason.
Monitoring internet traffic is something else. But that only tells them what you visit when, not the actual data from it.
Only when there is good evidence that an employee abuses the system, it is allowed to check the data more closely.
Once again, this really depends on the country you're in.
« Last Edit: July 16, 2018, 11:58:22 am by b_force »
 

Offline IanMacdonald

  • Frequent Contributor
  • **
  • Posts: 943
  • Country: gb
    • IWR Consultancy
Re: Turning over company files stored on personal laptop?
« Reply #31 on: July 16, 2018, 11:57:24 am »
Issue here, apart from privacy,  is that they might cause damage. Also if they are as stupid as to think this will prevent you having copies, they might also be stupid enough to get your computer infected with malware by doing something daft with it, like downloading a 'computer cleaner' app from a dodgy site.

Blocking administrators from seeing company email, as Exchange does, is stupid in the opposite direction though. Staff need to get to grips with the notion that company data stored on company servers is NOT private, that they should NOT be using it for personal communications anyway, and that other staff are entitled to see it. Plus, if the admin can't see the email how can he deal with any problems like spamming?

 
« Last Edit: July 16, 2018, 12:01:48 pm by IanMacdonald »
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 26755
  • Country: nl
    • NCT Developments
Re: Turning over company files stored on personal laptop?
« Reply #32 on: July 16, 2018, 11:57:44 am »
The setup is a bit wonky and I'm trying to think of the cleanest way to depart. I was overly nice last time I changed jobs with training and turnovers and I paid for it. I helped train them for three months afterwards so they would be sustained until they landed a replacement. That ended up a mess. I ended up being shorted pay and they felt they deserved more work out of me.

When the offer letter is officially signed, it'll be a 50% raise and I want this done clean, fast, and both parties as happy as possible. I want to be doing my next thing and make sure my reference at this place is as positive as possible.
Did you ever consider just not telling anyone and whipe the information? I assume there is some kind of confidentiality agreement in place anyway. Don't make a bigger mess then you have to. I have used my own computers for employers as well and this has never been an issue.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline b_force

  • Super Contributor
  • ***
  • Posts: 1381
  • Country: 00
    • One World Concepts
Re: Turning over company files stored on personal laptop?
« Reply #33 on: July 16, 2018, 12:09:40 pm »
Issue here, apart from privacy,  is that they might cause damage. Also if they are as stupid as to think this will prevent you having copies, they might also be stupid enough to get your computer infected with malware by doing something daft with it, like downloading a 'computer cleaner' app from a dodgy site.

Blocking administrators from seeing company email, as Exchange does, is stupid in the opposite direction though. Staff need to get to grips with the notion that company data stored on company servers is NOT private, that they should NOT be using it for personal communications anyway, and that other staff are entitled to see it. Plus, if the admin can't see the email how can he deal with any problems like spamming? 
That's a more political discussion.
Although I understand your point, I believe in the fact that it is more important to guarantee the privacy (and maybe safety) of the employee.
Not the first time a company puts pressure on someone using arguments from someones private life.
I think nowadays it is perfectly doable for a company to get a good sense if someone is abusing the system or not.
Once you get good indications and a couple of good talks/meetings with that person you DO have good reasons to investigate further.

Once again, depending the country you're in, but nowadays it's reasonable and allowed to do some small private tasks on the computer at work.
« Last Edit: July 16, 2018, 12:20:14 pm by b_force »
 

Offline AndyC_772

  • Super Contributor
  • ***
  • Posts: 4208
  • Country: gb
  • Professional design engineer
    • Cawte Engineering | Reliable Electronics
Re: Turning over company files stored on personal laptop?
« Reply #34 on: July 16, 2018, 12:26:36 pm »
Good grief, this has dragged on...  :palm:

If you wanted to keep a copy of some company data, it'll be on another disc. *Everybody* knows this.

You could ceremonially burn your laptop in front of the CEO and security team and it would mean *nothing*.

Be prepared to assure your employer, verbally, that you've acknowledged and complied with any pre-existing requirement to destroy confidential data. That's all you have to do, and it's the only thing you can do that actually means anything.

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Turning over company files stored on personal laptop?
« Reply #35 on: July 16, 2018, 12:30:26 pm »
Actually don't even do that unless it absolves you of all liability. That just makes you a convenient scapegoat if they fuck up in the future.
 

Offline GreyWoolfe

  • Supporter
  • ****
  • Posts: 3649
  • Country: us
  • NW0LF
Re: Turning over company files stored on personal laptop?
« Reply #36 on: July 16, 2018, 02:14:46 pm »
Not at all. Download DBAN, throw it on a USB or CD, boot it up and let it do its thing. Even a single pass is more than enough in 99% of cases. Don't get too hung up on multiple passes or specific standards, one is enough.

Of course (if you didn't already know) running DBAN will ensure everything on the disk is irrecoverably gone. Operating system, any recovery partitions, user data, the lot. The only things it won't touch are the Host Protected Area and any remapped sectors on an SSD, but don't worry too much about those.

Both my company and I use DBAN.  IIRC, DBAN does a 3 pass cleaning using the default settings.  Yes, it does take time but, in my case, it satisfies contractual requirements for erasing a drive and long as the drive hasn't failed.
"Heaven has been described as the place that once you get there all the dogs you ever loved run up to greet you."
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #37 on: July 16, 2018, 02:58:40 pm »
If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
The latter is false in large parts of the world.
 

Offline JoeO

  • Frequent Contributor
  • **
  • Posts: 527
  • Country: us
  • I admit to being deplorable
Re: Turning over company files stored on personal laptop?
« Reply #38 on: July 17, 2018, 01:05:07 am »
It sure would help if we knew what country you are in.
The day Al Gore was born there were 7,000 polar bears on Earth.
Today, only 26,000 remain.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5629
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #39 on: July 17, 2018, 02:23:58 am »
If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
The latter is false in large parts of the world.

Certainly not in Australia. You would be surprised how far reaching the rules and laws go, even in your country. I should however clarify, I meant to say "express consent", in that you don't necessarily need to sign a written agreement.

The organisation I work for has complete and lawful access to all my e-mails sent/received using my work e-mail, whether they are marked Unofficial/Unclassified or otherwise. Likewise, any photograph I take, diagram I draw or notes I make as part of my duties all belong to the organisation (even if it's using my private phone). If I so much as distribute anything without their permission, I'm in deep trouble. Even if I used social media and made a comment about work on my private account, that comment is not considered private. If I simply "liked" a questionable organisation/person/comment which goes against the values and policies of the organisation I work for, that too can be used in formal action against me.

Same as web history; they capture every site I visit and if defaults to HTTP (like this forum does), a lot of the unencrypted data I send/receive is captured as well. All perfectly legal.

A lot of people are under the assumption that your complete right to privacy remains intact even at the workplace, when in many cases it doesn't. If you don't want work knowing what you get up to, don't post it on social media and don't use company resources. Simple. I have a personal rule that I follow: If I wouldn't say it to my supervisor or if I wouldn't let my mother read what I've written, then don't say/write those things at all, anywhere.

Of course every country is different and even private vs. public sector has different policies and rules.

Anyway, drifting off-topic here. Just use DBAN and securely erase the entire drive.
 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 6796
  • Country: va
Re: Turning over company files stored on personal laptop?
« Reply #40 on: July 17, 2018, 02:44:49 am »
I'm with Mike on this: if they quibble about whatever data of theirs you might have, tell them it is deleted. That's it. Erasing disks? 'Sanitising' stuff? Absolutely not. At most you could sign a letter that says you have deleted all of their data, but even then they cannot insist that you show them that. That's why you sign the letter, see, and as nearly everyone else has pointed out, if you were inclined to keep stuff you'd have it stashed somewhere else already.

If they are technically illiterate dorks and think seeing is believing (or MI6 hassling The Guardian for wikileaks files), tell them it will cost them the price of a disk to complete the process of proving you have none of their data, then buy the new disk, format it, give it to them.
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #41 on: July 17, 2018, 02:50:53 am »
Swap in another hard drive, wipe it, hand over the laptop and let them verify it has been wiped, then take it home and put the original drive back in. Delete anything that doesn't belong to you and go on with life.
 

Offline @rt

  • Super Contributor
  • ***
  • Posts: 1051
Re: Turning over company files stored on personal laptop?
« Reply #42 on: July 17, 2018, 03:14:07 am »
Oh my God... Tell them you also have confidential files on it from the new company now,
and if they want to change the scribble in your colouring in book, the other kid wants to be present so they don’t see either of your scribble,
and you want to be present to guard your colouring in book.


 

Online rstofer

  • Super Contributor
  • ***
  • Posts: 9886
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #43 on: July 17, 2018, 04:31:48 am »
Make a full backup on USB or whatever

Make sure you have the OS secret squirrel code

Run multiple secure erasures of the entire disk - let IT watch.  In fact, insist they watch.  You had a bootable drive, they saw it boot, now it's erased and they saw it happen.

Reinstall the OS - download an ISO from the Internet and provide the secret squirrel code from above.
Reinstall software and copy data files back.

The key is to securely erase the entire drive including the OS.
I don't suppose you could just get away with installing a new disk still blank.

Alternative:  Buy a new SSD.  Show IT your laptop boot, remove disk, drill hole through entire disk and leave it with them.  At home, install SSD and setup the machine with a new and faster drive.  I usually drill at least one 3/8" hole making sure to hit the platters.

 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 6796
  • Country: va
Re: Turning over company files stored on personal laptop?
« Reply #44 on: July 17, 2018, 04:42:21 am »
Quote
Make a full backup on USB or whatever

And then delete it in their presence, right? Otherwise screwing up your entire system is pointless if you've got a backup. (Actually, it is pointless, costly and wasteful anyway, but let's play the game.)
 

Online Ian.M

  • Super Contributor
  • ***
  • Posts: 12807
Re: Turning over company files stored on personal laptop?
« Reply #45 on: July 17, 2018, 06:38:41 am »
No.   After backing up and removing (and file level scrubbing) your own + 3rd party confidential data at home, allow the morons at the current (and soon to be previous) employer supervised access to the PC to do whatever magic chicken-waving makes them feel good, on the basis that they are responsible for the costs of returning the PC to fully working condition if they (as expected) FUBAR it.

Don't volunteer to help. Don't offer to scrub files, or suggest they do so or use DBAN etc.  Don't tell them you have previously removed all your own easily accessible confidential data. If you suffer from motor-mouth, bring a good book and STFU while they work, and finally don't sign anything that hasn't been checked by your lawyer.
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #46 on: July 17, 2018, 06:55:20 am »
Alternative:  Buy a new SSD.  Show IT your laptop boot, remove disk, drill hole through entire disk and leave it with them.  At home, install SSD and setup the machine with a new and faster drive.  I usually drill at least one 3/8" hole making sure to hit the platters.

I don't get why people go to such extreme measures as to destroy the drive. It's not difficult to securely erase a hard drive. I'd like to see someone extract the data from one of my older drives that I've repurposed, I would be absolutely shocked if anyone actually succeeded in extracting anything recognizable. Personally I think it's just paranoia.

Information leaks because people are careless and either don't delete the data at all, or simply delete it rather than using something to re-write over the data.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #47 on: July 17, 2018, 07:12:36 am »
Certainly not in Australia. You would be surprised how far reaching the rules and laws go, even in your country. I should however clarify, I meant to say "express consent", in that you don't necessarily need to sign a written agreement.

The organisation I work for has complete and lawful access to all my e-mails sent/received using my work e-mail, whether they are marked Unofficial/Unclassified or otherwise. Likewise, any photograph I take, diagram I draw or notes I make as part of my duties all belong to the organisation (even if it's using my private phone). If I so much as distribute anything without their permission, I'm in deep trouble. Even if I used social media and made a comment about work on my private account, that comment is not considered private. If I simply "liked" a questionable organisation/person/comment which goes against the values and policies of the organisation I work for, that too can be used in formal action against me.

Same as web history; they capture every site I visit and if defaults to HTTP (like this forum does), a lot of the unencrypted data I send/receive is captured as well. All perfectly legal.

A lot of people are under the assumption that your complete right to privacy remains intact even at the workplace, when in many cases it doesn't. If you don't want work knowing what you get up to, don't post it on social media and don't use company resources. Simple. I have a personal rule that I follow: If I wouldn't say it to my supervisor or if I wouldn't let my mother read what I've written, then don't say/write those things at all, anywhere.

Of course every country is different and even private vs. public sector has different policies and rules.

Anyway, drifting off-topic here. Just use DBAN and securely erase the entire drive.
I'm actually fairly acutely aware of the rules in various places and luckily workers are a lot more protected in a lot of countries around the world. In many places the law recognizes that there cannot be made a distinct divide between your personal and professional life and as such, workers do have an expectation of privacy in the workplace. Extensive all-inclusive monitoring tends to be prohibited. Monitoring typically has to be justifiable and done with reasonable restraint. This lack of complete separation works both ways, so statements made in your personal life can in many cases indeed impact your professional life.

Some of the other things you mention have to do with copyright, which is another matter.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #48 on: July 17, 2018, 07:16:35 am »
I'm with Mike on this: if they quibble about whatever data of theirs you might have, tell them it is deleted. That's it. Erasing disks? 'Sanitising' stuff? Absolutely not. At most you could sign a letter that says you have deleted all of their data, but even then they cannot insist that you show them that. That's why you sign the letter, see, and as nearly everyone else has pointed out, if you were inclined to keep stuff you'd have it stashed somewhere else already.

If they are technically illiterate dorks and think seeing is believing (or MI6 hassling The Guardian for wikileaks files), tell them it will cost them the price of a disk to complete the process of proving you have none of their data, then buy the new disk, format it, give it to them.
I wouldn't sign anything. It only opens you up to nastiness later, because if you haven't and some data gets stolen it's on you. Just confirm the data has been treated as has been agreed upon when starting the job, which means nothing was agreed upon. They profited from OP by having him bring his own laptop and made their problem his. They shouldn't and can't make dealing with the consequences another problem for OP. I certainly wouldn't let anyone tinker with my own personal laptop with personal files on it. It's their problem.

Though again, they haven't actually asked for anything. I don't understand why you would be looking for trouble or would even worry about it.
« Last Edit: July 17, 2018, 07:18:37 am by Mr. Scram »
 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 6796
  • Country: va
Re: Turning over company files stored on personal laptop?
« Reply #49 on: July 17, 2018, 07:54:47 am »
Quote
I wouldn't sign anything. It only opens you up to nastiness later

That's a fair point. I suggested it as Something Is Done that they can fixate on but which has minimal real impact. Of course, if one isn't going to really delete the data then that's bad form.

 

Offline rdl

  • Super Contributor
  • ***
  • Posts: 3665
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #50 on: July 17, 2018, 01:30:15 pm »
Tell them it was stolen.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #51 on: July 17, 2018, 01:31:50 pm »
Tell them it was stolen.
"Yeah, that data you're worried about? It's goneski and out in the world, somewhere beyond your or my control. Later!"

That should calm them down.
 

Offline GreyWoolfe

  • Supporter
  • ****
  • Posts: 3649
  • Country: us
  • NW0LF
Re: Turning over company files stored on personal laptop?
« Reply #52 on: July 17, 2018, 06:51:15 pm »
No.   After backing up and removing (and file level scrubbing) your own + 3rd party confidential data at home, allow the morons at the current (and soon to be previous) employer supervised access to the PC to do whatever magic chicken-waving makes them feel good, on the basis that they are responsible for the costs of returning the PC to fully working condition if they (as expected) FUBAR it.

Don't volunteer to help. Don't offer to scrub files, or suggest they do so or use DBAN etc.  Don't tell them you have previously removed all your own easily accessible confidential data. If you suffer from motor-mouth, bring a good book and STFU while they work, and finally don't sign anything that hasn't been checked by your lawyer.

Ian, can I steal the magic chicken-waving line?  I really like that! :-DD
"Heaven has been described as the place that once you get there all the dogs you ever loved run up to greet you."
 
The following users thanked this post: Ian.M

Online Ian.M

  • Super Contributor
  • ***
  • Posts: 12807
Re: Turning over company files stored on personal laptop?
« Reply #53 on: July 17, 2018, 07:47:13 pm »
I stole it from someone else who stole it so of course you are welcome.


Need more Chicken!
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf