Author Topic: Turning over company files stored on personal laptop?  (Read 7390 times)

0 Members and 1 Guest are viewing this topic.

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Turning over company files stored on personal laptop?
« Reply #25 on: July 16, 2018, 11:04:51 am »
Exactly that.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5632
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #26 on: July 16, 2018, 11:05:35 am »
Not at all. Download DBAN, throw it on a USB or CD, boot it up and let it do its thing. Even a single pass is more than enough in 99% of cases. Don't get too hung up on multiple passes or specific standards, one is enough.

Of course (if you didn't already know) running DBAN will ensure everything on the disk is irrecoverably gone. Operating system, any recovery partitions, user data, the lot. The only things it won't touch are the Host Protected Area and any remapped sectors on an SSD, but don't worry too much about those.
You're talking about shredding the disk, not sanitizing it. I've explained in one of my earlier posts that shredding it is the better option, after evacuating the personal data to another disk. It's still a hassle to sort through your files and risk shredding something you intended to keep. I wouldn't go through all that effort without a very good reason. Sanitizing an OS disk, meaning that you keep the OS and some files and permanently destroy others, is very hard and tedious to do properly. Most OSs shift data around all the time and it's not always accessible or obvious to the user.

One thing that does worry me is that OP seems to suggest this is the only copy of his data. Obviously, proper backups need to be made if the data is worth anything.

No, I'm talking about sanitising the disk (i.e.: overwriting every sector with 0's, 1's or random data). Sanitising and shredding (destruction) are two totally different things. The OP doesn't sound like he wants to destroy the disk.

Of course physically destroying the disk is quicker, but that also renders it useless. As I mentioned in my previous post, doing a single-pass overwrite is going to be more than enough in the circumstances described in this thread.

If all he wants to do is overwrite the data so that it cannot be recovered, but leave the disk intact so that it can be used later, DBAN is the tool for the job. He isn't talking about destroying Secret or Top Secret information here.
 

Offline b_force

  • Super Contributor
  • ***
  • Posts: 1381
  • Country: 00
    • One World Concepts
Re: Turning over company files stored on personal laptop?
« Reply #27 on: July 16, 2018, 11:13:52 am »
It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
I think it largely depends on where you work geographically. US labour laws tend to be quite a bit more liberal than those in many countries of the EU. The latter can differ quite a bit between countries.
Getting involved into someone's data or mailbox is seen as an infringement of privacy, which is taken very seriously and embedded in most constitutions.
Unless a company has good proof that someone is fooling around or they can't access proven valuable data, it's not easy to even access someones mailbox.
If this is also done in practice is a different story.

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5632
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #28 on: July 16, 2018, 11:21:01 am »
It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
I think it largely depends on where you work geographically. US labour laws tend to be quite a bit more liberal than those in many countries of the EU. The latter can differ quite a bit between countries.
Getting involved into someone's data or mailbox is seen as an infringement of privacy, which is taken very seriously and embedded in most constitutions.
Unless a company has good proof that someone is fooling around or they can't access proven valuable data, it's not easy to even access someones mailbox.
If this is also done in practice is a different story.

If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
 

Offline sokoloff

  • Super Contributor
  • ***
  • Posts: 1799
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #29 on: July 16, 2018, 11:32:59 am »
I personally have the rule that if a company wants to manage it, they have to spring for it. In this case it seems the company didn't want to do this despite repeated requests, so they don't have a say in the matter. If they provide you with a laptop, it's a different story. Their hardware, their rules. Your hardware, your rules.
I oversee IT for our company and I agree with this policy.

Most employers are not going to give half a crap about what’s on your personal laptop. To OP, they know you could already have made backups, they know you’ve already signed an NDA and assignment of IP document, and they’re not likely to make a big deal of your personal laptop anyway.
 

Offline b_force

  • Super Contributor
  • ***
  • Posts: 1381
  • Country: 00
    • One World Concepts
Re: Turning over company files stored on personal laptop?
« Reply #30 on: July 16, 2018, 11:54:15 am »
It might just be a combination of size and product type of the companies. Mom-and-pop sized places combined with the EE portion being seen as the technology that facilitates the sale rather than being seen as a core part of the product. From my experience it seems common.
I think it largely depends on where you work geographically. US labour laws tend to be quite a bit more liberal than those in many countries of the EU. The latter can differ quite a bit between countries.
Getting involved into someone's data or mailbox is seen as an infringement of privacy, which is taken very seriously and embedded in most constitutions.
Unless a company has good proof that someone is fooling around or they can't access proven valuable data, it's not easy to even access someones mailbox.
If this is also done in practice is a different story.

If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
Ehm no they can't, but again it depends per country.
But there are quite some countries that the organization can't just look into your details, even if it's the "property" of the company you don't have access to it without a good reason.
Monitoring internet traffic is something else. But that only tells them what you visit when, not the actual data from it.
Only when there is good evidence that an employee abuses the system, it is allowed to check the data more closely.
Once again, this really depends on the country you're in.
« Last Edit: July 16, 2018, 11:58:22 am by b_force »
 

Offline IanMacdonald

  • Frequent Contributor
  • **
  • Posts: 943
  • Country: gb
    • IWR Consultancy
Re: Turning over company files stored on personal laptop?
« Reply #31 on: July 16, 2018, 11:57:24 am »
Issue here, apart from privacy,  is that they might cause damage. Also if they are as stupid as to think this will prevent you having copies, they might also be stupid enough to get your computer infected with malware by doing something daft with it, like downloading a 'computer cleaner' app from a dodgy site.

Blocking administrators from seeing company email, as Exchange does, is stupid in the opposite direction though. Staff need to get to grips with the notion that company data stored on company servers is NOT private, that they should NOT be using it for personal communications anyway, and that other staff are entitled to see it. Plus, if the admin can't see the email how can he deal with any problems like spamming?

 
« Last Edit: July 16, 2018, 12:01:48 pm by IanMacdonald »
 

Offline nctnico

  • Super Contributor
  • ***
  • Posts: 26757
  • Country: nl
    • NCT Developments
Re: Turning over company files stored on personal laptop?
« Reply #32 on: July 16, 2018, 11:57:44 am »
The setup is a bit wonky and I'm trying to think of the cleanest way to depart. I was overly nice last time I changed jobs with training and turnovers and I paid for it. I helped train them for three months afterwards so they would be sustained until they landed a replacement. That ended up a mess. I ended up being shorted pay and they felt they deserved more work out of me.

When the offer letter is officially signed, it'll be a 50% raise and I want this done clean, fast, and both parties as happy as possible. I want to be doing my next thing and make sure my reference at this place is as positive as possible.
Did you ever consider just not telling anyone and whipe the information? I assume there is some kind of confidentiality agreement in place anyway. Don't make a bigger mess then you have to. I have used my own computers for employers as well and this has never been an issue.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline b_force

  • Super Contributor
  • ***
  • Posts: 1381
  • Country: 00
    • One World Concepts
Re: Turning over company files stored on personal laptop?
« Reply #33 on: July 16, 2018, 12:09:40 pm »
Issue here, apart from privacy,  is that they might cause damage. Also if they are as stupid as to think this will prevent you having copies, they might also be stupid enough to get your computer infected with malware by doing something daft with it, like downloading a 'computer cleaner' app from a dodgy site.

Blocking administrators from seeing company email, as Exchange does, is stupid in the opposite direction though. Staff need to get to grips with the notion that company data stored on company servers is NOT private, that they should NOT be using it for personal communications anyway, and that other staff are entitled to see it. Plus, if the admin can't see the email how can he deal with any problems like spamming? 
That's a more political discussion.
Although I understand your point, I believe in the fact that it is more important to guarantee the privacy (and maybe safety) of the employee.
Not the first time a company puts pressure on someone using arguments from someones private life.
I think nowadays it is perfectly doable for a company to get a good sense if someone is abusing the system or not.
Once you get good indications and a couple of good talks/meetings with that person you DO have good reasons to investigate further.

Once again, depending the country you're in, but nowadays it's reasonable and allowed to do some small private tasks on the computer at work.
« Last Edit: July 16, 2018, 12:20:14 pm by b_force »
 

Offline AndyC_772

  • Super Contributor
  • ***
  • Posts: 4208
  • Country: gb
  • Professional design engineer
    • Cawte Engineering | Reliable Electronics
Re: Turning over company files stored on personal laptop?
« Reply #34 on: July 16, 2018, 12:26:36 pm »
Good grief, this has dragged on...  :palm:

If you wanted to keep a copy of some company data, it'll be on another disc. *Everybody* knows this.

You could ceremonially burn your laptop in front of the CEO and security team and it would mean *nothing*.

Be prepared to assure your employer, verbally, that you've acknowledged and complied with any pre-existing requirement to destroy confidential data. That's all you have to do, and it's the only thing you can do that actually means anything.

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23018
  • Country: gb
Re: Turning over company files stored on personal laptop?
« Reply #35 on: July 16, 2018, 12:30:26 pm »
Actually don't even do that unless it absolves you of all liability. That just makes you a convenient scapegoat if they fuck up in the future.
 

Offline GreyWoolfe

  • Supporter
  • ****
  • Posts: 3649
  • Country: us
  • NW0LF
Re: Turning over company files stored on personal laptop?
« Reply #36 on: July 16, 2018, 02:14:46 pm »
Not at all. Download DBAN, throw it on a USB or CD, boot it up and let it do its thing. Even a single pass is more than enough in 99% of cases. Don't get too hung up on multiple passes or specific standards, one is enough.

Of course (if you didn't already know) running DBAN will ensure everything on the disk is irrecoverably gone. Operating system, any recovery partitions, user data, the lot. The only things it won't touch are the Host Protected Area and any remapped sectors on an SSD, but don't worry too much about those.

Both my company and I use DBAN.  IIRC, DBAN does a 3 pass cleaning using the default settings.  Yes, it does take time but, in my case, it satisfies contractual requirements for erasing a drive and long as the drive hasn't failed.
"Heaven has been described as the place that once you get there all the dogs you ever loved run up to greet you."
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #37 on: July 16, 2018, 02:58:40 pm »
If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
The latter is false in large parts of the world.
 

Offline JoeO

  • Frequent Contributor
  • **
  • Posts: 527
  • Country: us
  • I admit to being deplorable
Re: Turning over company files stored on personal laptop?
« Reply #38 on: July 17, 2018, 01:05:07 am »
It sure would help if we knew what country you are in.
The day Al Gore was born there were 7,000 polar bears on Earth.
Today, only 26,000 remain.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5632
  • Country: au
Re: Turning over company files stored on personal laptop?
« Reply #39 on: July 17, 2018, 02:23:58 am »
If it's done using company resources, absolutely an organisation has the right to access it. They don't have the right to access your personal cloud accounts without your consent, but if you're silly enough to leave chat logs, downloads or other data on a company laptop, that's your own fault. They can also lawfully monitor your web activity using their equipment and infrastructure, without your consent.
The latter is false in large parts of the world.

Certainly not in Australia. You would be surprised how far reaching the rules and laws go, even in your country. I should however clarify, I meant to say "express consent", in that you don't necessarily need to sign a written agreement.

The organisation I work for has complete and lawful access to all my e-mails sent/received using my work e-mail, whether they are marked Unofficial/Unclassified or otherwise. Likewise, any photograph I take, diagram I draw or notes I make as part of my duties all belong to the organisation (even if it's using my private phone). If I so much as distribute anything without their permission, I'm in deep trouble. Even if I used social media and made a comment about work on my private account, that comment is not considered private. If I simply "liked" a questionable organisation/person/comment which goes against the values and policies of the organisation I work for, that too can be used in formal action against me.

Same as web history; they capture every site I visit and if defaults to HTTP (like this forum does), a lot of the unencrypted data I send/receive is captured as well. All perfectly legal.

A lot of people are under the assumption that your complete right to privacy remains intact even at the workplace, when in many cases it doesn't. If you don't want work knowing what you get up to, don't post it on social media and don't use company resources. Simple. I have a personal rule that I follow: If I wouldn't say it to my supervisor or if I wouldn't let my mother read what I've written, then don't say/write those things at all, anywhere.

Of course every country is different and even private vs. public sector has different policies and rules.

Anyway, drifting off-topic here. Just use DBAN and securely erase the entire drive.
 

Online PlainName

  • Super Contributor
  • ***
  • Posts: 6796
  • Country: va
Re: Turning over company files stored on personal laptop?
« Reply #40 on: July 17, 2018, 02:44:49 am »
I'm with Mike on this: if they quibble about whatever data of theirs you might have, tell them it is deleted. That's it. Erasing disks? 'Sanitising' stuff? Absolutely not. At most you could sign a letter that says you have deleted all of their data, but even then they cannot insist that you show them that. That's why you sign the letter, see, and as nearly everyone else has pointed out, if you were inclined to keep stuff you'd have it stashed somewhere else already.

If they are technically illiterate dorks and think seeing is believing (or MI6 hassling The Guardian for wikileaks files), tell them it will cost them the price of a disk to complete the process of proving you have none of their data, then buy the new disk, format it, give it to them.
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #41 on: July 17, 2018, 02:50:53 am »
Swap in another hard drive, wipe it, hand over the laptop and let them verify it has been wiped, then take it home and put the original drive back in. Delete anything that doesn't belong to you and go on with life.
 

Offline @rt

  • Super Contributor
  • ***
  • Posts: 1051
Re: Turning over company files stored on personal laptop?
« Reply #42 on: July 17, 2018, 03:14:07 am »
Oh my God... Tell them you also have confidential files on it from the new company now,
and if they want to change the scribble in your colouring in book, the other kid wants to be present so they don’t see either of your scribble,
and you want to be present to guard your colouring in book.


 

Offline rstofer

  • Super Contributor
  • ***
  • Posts: 9886
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #43 on: July 17, 2018, 04:31:48 am »
Make a full backup on USB or whatever

Make sure you have the OS secret squirrel code

Run multiple secure erasures of the entire disk - let IT watch.  In fact, insist they watch.  You had a bootable drive, they saw it boot, now it's erased and they saw it happen.

Reinstall the OS - download an ISO from the Internet and provide the secret squirrel code from above.
Reinstall software and copy data files back.

The key is to securely erase the entire drive including the OS.
I don't suppose you could just get away with installing a new disk still blank.

Alternative:  Buy a new SSD.  Show IT your laptop boot, remove disk, drill hole through entire disk and leave it with them.  At home, install SSD and setup the machine with a new and faster drive.  I usually drill at least one 3/8" hole making sure to hit the platters.

 

Online PlainName

  • Super Contributor
  • ***
  • Posts: 6796
  • Country: va
Re: Turning over company files stored on personal laptop?
« Reply #44 on: July 17, 2018, 04:42:21 am »
Quote
Make a full backup on USB or whatever

And then delete it in their presence, right? Otherwise screwing up your entire system is pointless if you've got a backup. (Actually, it is pointless, costly and wasteful anyway, but let's play the game.)
 

Offline Ian.M

  • Super Contributor
  • ***
  • Posts: 12807
Re: Turning over company files stored on personal laptop?
« Reply #45 on: July 17, 2018, 06:38:41 am »
No.   After backing up and removing (and file level scrubbing) your own + 3rd party confidential data at home, allow the morons at the current (and soon to be previous) employer supervised access to the PC to do whatever magic chicken-waving makes them feel good, on the basis that they are responsible for the costs of returning the PC to fully working condition if they (as expected) FUBAR it.

Don't volunteer to help. Don't offer to scrub files, or suggest they do so or use DBAN etc.  Don't tell them you have previously removed all your own easily accessible confidential data. If you suffer from motor-mouth, bring a good book and STFU while they work, and finally don't sign anything that hasn't been checked by your lawyer.
 

Offline james_s

  • Super Contributor
  • ***
  • Posts: 21611
  • Country: us
Re: Turning over company files stored on personal laptop?
« Reply #46 on: July 17, 2018, 06:55:20 am »
Alternative:  Buy a new SSD.  Show IT your laptop boot, remove disk, drill hole through entire disk and leave it with them.  At home, install SSD and setup the machine with a new and faster drive.  I usually drill at least one 3/8" hole making sure to hit the platters.

I don't get why people go to such extreme measures as to destroy the drive. It's not difficult to securely erase a hard drive. I'd like to see someone extract the data from one of my older drives that I've repurposed, I would be absolutely shocked if anyone actually succeeded in extracting anything recognizable. Personally I think it's just paranoia.

Information leaks because people are careless and either don't delete the data at all, or simply delete it rather than using something to re-write over the data.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #47 on: July 17, 2018, 07:12:36 am »
Certainly not in Australia. You would be surprised how far reaching the rules and laws go, even in your country. I should however clarify, I meant to say "express consent", in that you don't necessarily need to sign a written agreement.

The organisation I work for has complete and lawful access to all my e-mails sent/received using my work e-mail, whether they are marked Unofficial/Unclassified or otherwise. Likewise, any photograph I take, diagram I draw or notes I make as part of my duties all belong to the organisation (even if it's using my private phone). If I so much as distribute anything without their permission, I'm in deep trouble. Even if I used social media and made a comment about work on my private account, that comment is not considered private. If I simply "liked" a questionable organisation/person/comment which goes against the values and policies of the organisation I work for, that too can be used in formal action against me.

Same as web history; they capture every site I visit and if defaults to HTTP (like this forum does), a lot of the unencrypted data I send/receive is captured as well. All perfectly legal.

A lot of people are under the assumption that your complete right to privacy remains intact even at the workplace, when in many cases it doesn't. If you don't want work knowing what you get up to, don't post it on social media and don't use company resources. Simple. I have a personal rule that I follow: If I wouldn't say it to my supervisor or if I wouldn't let my mother read what I've written, then don't say/write those things at all, anywhere.

Of course every country is different and even private vs. public sector has different policies and rules.

Anyway, drifting off-topic here. Just use DBAN and securely erase the entire drive.
I'm actually fairly acutely aware of the rules in various places and luckily workers are a lot more protected in a lot of countries around the world. In many places the law recognizes that there cannot be made a distinct divide between your personal and professional life and as such, workers do have an expectation of privacy in the workplace. Extensive all-inclusive monitoring tends to be prohibited. Monitoring typically has to be justifiable and done with reasonable restraint. This lack of complete separation works both ways, so statements made in your personal life can in many cases indeed impact your professional life.

Some of the other things you mention have to do with copyright, which is another matter.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9810
  • Country: 00
  • Display aficionado
Re: Turning over company files stored on personal laptop?
« Reply #48 on: July 17, 2018, 07:16:35 am »
I'm with Mike on this: if they quibble about whatever data of theirs you might have, tell them it is deleted. That's it. Erasing disks? 'Sanitising' stuff? Absolutely not. At most you could sign a letter that says you have deleted all of their data, but even then they cannot insist that you show them that. That's why you sign the letter, see, and as nearly everyone else has pointed out, if you were inclined to keep stuff you'd have it stashed somewhere else already.

If they are technically illiterate dorks and think seeing is believing (or MI6 hassling The Guardian for wikileaks files), tell them it will cost them the price of a disk to complete the process of proving you have none of their data, then buy the new disk, format it, give it to them.
I wouldn't sign anything. It only opens you up to nastiness later, because if you haven't and some data gets stolen it's on you. Just confirm the data has been treated as has been agreed upon when starting the job, which means nothing was agreed upon. They profited from OP by having him bring his own laptop and made their problem his. They shouldn't and can't make dealing with the consequences another problem for OP. I certainly wouldn't let anyone tinker with my own personal laptop with personal files on it. It's their problem.

Though again, they haven't actually asked for anything. I don't understand why you would be looking for trouble or would even worry about it.
« Last Edit: July 17, 2018, 07:18:37 am by Mr. Scram »
 

Online PlainName

  • Super Contributor
  • ***
  • Posts: 6796
  • Country: va
Re: Turning over company files stored on personal laptop?
« Reply #49 on: July 17, 2018, 07:54:47 am »
Quote
I wouldn't sign anything. It only opens you up to nastiness later

That's a fair point. I suggested it as Something Is Done that they can fixate on but which has minimal real impact. Of course, if one isn't going to really delete the data then that's bad form.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf