I walked off my last job as a sysadmin with a full list of passwords, and left a backdoor into the network as well. Just as well, as I had spent eight years putting that system in place, and my successor had a fortnight to learn it all. If she hadn't been able to ask me back in to sort out some issues, her job would have been almost impossible.

Not everyone who leaves with company data does so with malign intentions.

How is this shocking to anybody but the Suits? Ask almost anyone who works in retail whether they care about "shrinkage" of stock - if the corporation is basically regarded as a necessary enemy to whom one must swallow one's pride and suck up to in order to survive, of course they're going to shank the corporation in the back at the first opportunity. And tightening your controls over the survivors isn't going to make them want to do that any less... quite the opposite.

If your insiders regard you as a bigger enemy than they regard your competitors, you have a problem. Perhaps you shouldn't be taking Dilbert cartoons as some sort of instruction manual?

All those laid-off assembly workers at GM had gobs of data on--what? The GM dealership structure? The specs of the Chevy Suburban? And I bet the laid-off construction workers are hauling just GBs of confidential data away.

Yes, it's a good idea to keep your data from walking out the door. But do three of five employees have access to sensitive data? It seems unlikely to me.

A) Super classy guys. I'd never CONSIDER walking off with confidential data. The golden rule applies -- would you want some guy to walk off with YOUR data? I did not think so.

B) Not too surprised. Many US companies just treat people like replaceable cogs rather than people. Employees know when they are not valued but treated as cogs, and react accordingly -- by swiping whatever they can on the way out.

CDs, DVDs, USB Drives, amateurs!

Pros use a parakeet trained in Navajo and binary, if you are going to do it, do it with style, eye patch and crutch optional.

And, it seems, the majority of such leaks could be avoided just by treating the employees right. But of course that'll never come up as a potential solution.

Seems to me that the employees are just following the lead of their management in most cases. The concept of "corporate ethics" is a joke that is followed more in the breach.

I also wonder if they're also counting employees copying the data so they can keep in touch with the people who actually gave a damn about them - their customers - rather than actually intending to use the data for so-called "nefarious" ends.

All in all, sounds like another press release by a company trying to sell me something.

Took a cut of my teams source code home with me on USB stick before I left. Nothing nefarious in mind however. My memory is like a sieve, and if I want a quick way to do X, I don't want to 'reinvent the wheel' and have it come out as a square. I wanna quick squiz at the old code and and go 'ah yes, that's right!' and continue on happily.

Now obviously the 'real' developers out there have their own personal utils libraries to call on, ones they'd developed over the years in their spare time, beavering away in their dark rooms after getting home from work, generally ignoring life around them etc etc. Those people will scoffing at me I'm sure. Scoff away.

""The survey's findings should sound the alarm across all industries: "

No, the surveys findings just go to show what has been known since the dawn of man. "Fuck with me and I'll fuck with you"

What a stupid survey. We are all a bunch of thieving bitches - we just don't like to admit it.

Anyway - what is the difference, tell me, between taking a day to copy info from the yellow pages or simply taking a file from a companies PC? NONE if you ask me, just saves effort.

Go on little man, take the pointy stick, go forth and multiply (insert cloned stick man here)

All hail the inventive businessman/entrepreneur :-)

Pah.

"Ponemon Institute"

I admit I first read this as "Pokemon Institute".

I need my brain scrubbed and washed.

No conflict of interest THERE then.

This isn't news, it's a sales pitch.

Just like that nice man from PGP magically appearing every time a laptop goes walkies.

You cannot take back information.

I've worked on a load of projects where the requirements demanded otherwise, but "I want doesn't get", as any five year old knows.

It's a people issue, so deal with it in the time honoured fashion - Threats and Intimidation (or Legal and HR as they like to be called).

In any case, "corporate knowledge" ages badly, and once your ex-employees stop drinking from your water cooler they'll probably realise it was all bollocks anyway.

great commenting as per usual folks.

my perspective on this is a simple one. never take what does not belong to you. what goes around comes around..

all these people with all this information, and unless a.) they're staring their own related business, or b.) has/will have an unethical employer who wants that info, the data is generally useless. if they're caught with it, then what?

if they told a potential employer they have this information, they would never be hired (unless specifically to get that information), because the interviewer would immediately realize that this potential employee will most likely steal their data.

whatever happened to simple honesty and trustworthiness?

it doesn't matter if you have been mistreated. that doesn't give the right to mistreat in return. nobody ever said that life was fair, so don't expect it to be.

when you fight fire with fire, what do you get?

And that my son is why you will never be CEO of a large multinational company,

How are you going to justify your large bonuses and those of the other self-gratifying board members, if you havent shat over all your staff?

Argggh

Now I am reading it a pokemon :(

I love stories that draw scads of, "If-they-would-only-treat-their-employees-right-then-this-wouldn't-happen." comments.

Utter bolleaux. Most employees who utter such phrases are, in my experience, whining, money-for-nothing-seeking, juvenile twerps who wouldn't think they were being "treated right" if their employers gave them seven-hour lunchbreaks and a free pass to the local house of ill-repute.

Nicking the company's christmas-card list has naff-all to do with how the employer treated the employee and all to do with how the employee perceives the value of the information to a buyer or in his or her next job.

"In only they treated the employees right." What a laugh!

.. employs (both perm and contract) a LOT of people who have access to a LOT (pretty much EVERYONES, all in all, "Private" too, so not just the serfs) personal medical information (history, pharma requirements, ailments, lifestyle) as stored on, ahem, "super high security clinical systems" ( which they only get access to by, er, asking for the login details of a friendly doc, or practice manager...that's if it's not just commonly %systemname% / %blank% or similar).

I can see why the PCTs may want to retain as many of their IT staff as possible, and as Alacrity suggests, treat em well - certainly those who work on clinical systems day in day out, as many do. Or at least make any parting of ways amicable, if at all possible.

One could envision a situation where the disgruntled tech might be inclined to siphon off and sell that information to less scrupulous...oh hang on, I mean, insurance companies, just for example. Or worse (arguably) to criminal organisations (other than insurance companies and governments), who could punt cheap drugs at them, blackmail, extortion etc. Still, if the Gov'ts get their way with all their supergay uber databases, ( Spine, National CRS etc ), I'm quite sure the `big boys` will get all the unfettered access they desire anyway. "Secure".... Meh. : /