An employee have uploaded some data into company mail id. Data is some kind of standard templates. It was just saved in the drafts. However data is not sent to any external mail ids / not even downloaded. It was permanently deleted from outlook. Backend team is working on this security incident..!!
 - So, What action can company take for this security incident ??
 - Will the employee get terminated and  blacklisted in this company ?
 - Any effect in his/her relieving letter ??
 - Can he/she work for another company in future with this experience ?
Please reply on this...
From India, Hyderabad
Acknowledge(0)
Amend(0)
 - So, What action can company take for this security incident ??
 - Will the employee get terminated and  blacklisted in this company ?
 - Any effect in his/her relieving letter ??
 - Can he/she work for another company in future with this experience ?
Please reply on this...
From India, Hyderabad
Acknowledge(0)Amend(0)
Dear Sm312860,
At this stage, the company may conduct an inquiry to investigate the motive of the employee for uploading some templates and saving them in the draft folder. Since the data transfer did not cross the boundaries of the employee's company, no breach of security has happened per se. However, the quantum of punishment would depend on the outcome of the inquiry or the employee's motive.
Secondly, have the authorizations for these templates been defined? Was the employee authorized to access those templates? If not, then why was access provided? Apart from punitive measures against the defaulting employee, the incident may call for an overhaul of the data security guidelines.
Are you the one involved in this and have referred to yourself as a third person in this post? Your queries in the post create doubt in the mind. Anyway, that is a different matter.
Thanks,
Dinesh Divekar
From India, Bangalore
Acknowledge(0)Amend(0)
8219At this stage, the company may conduct an inquiry to investigate the motive of the employee for uploading some templates and saving them in the draft folder. Since the data transfer did not cross the boundaries of the employee's company, no breach of security has happened per se. However, the quantum of punishment would depend on the outcome of the inquiry or the employee's motive.
Secondly, have the authorizations for these templates been defined? Was the employee authorized to access those templates? If not, then why was access provided? Apart from punitive measures against the defaulting employee, the incident may call for an overhaul of the data security guidelines.
Are you the one involved in this and have referred to yourself as a third person in this post? Your queries in the post create doubt in the mind. Anyway, that is a different matter.
Thanks,
Dinesh Divekar
From India, Bangalore
Acknowledge(0)Amend(0)
Hi Dinesh,
Thanks for your reply. It seems employees have access to the templates for project purposes, and some of the templates are confidential as per the company. One of my colleagues is involved in this security incident.
Please let me know if you need any further information or assistance.
Thank you.
From India, Hyderabad
Acknowledge(0)Amend(0)
Thanks for your reply. It seems employees have access to the templates for project purposes, and some of the templates are confidential as per the company. One of my colleagues is involved in this security incident.
Please let me know if you need any further information or assistance.
Thank you.
From India, Hyderabad
Acknowledge(0)Amend(0)
The question will depend on whom your friend was sending the mail to and why. I assume that it was not for internal purposes. He/she was trying to send the templates to a friend of a competitor company. The company can definitely terminate him/her after giving an appropriate opportunity to defend himself/herself in a domestic inquiry. If they are convinced she was making an inadvertent error, they will only give her a warning. If they terminate her, then naturally, it will be stated in her relieving letter, and it will be difficult for her to get another job in a large company for some time.
From India, Mumbai
Acknowledge(0)Amend(0)
From India, Mumbai
Acknowledge(0)Amend(0)
Hi Saswata Banerjee,
Thank you for your reply. It is clearly mentioned in the first post that the data was neither sent to anyone nor downloaded. It was uploaded in the drafts and has been permanently deleted.
From India, Hyderabad
Acknowledge(0)Amend(0)
Thank you for your reply. It is clearly mentioned in the first post that the data was neither sent to anyone nor downloaded. It was uploaded in the drafts and has been permanently deleted.
From India, Hyderabad
Acknowledge(0)Amend(0)
Dear Mr. Saswata Banerjee,
You have written, "If they terminate her, then naturally it will be stated in her relieving letter and it will be difficult for her to get another job in a large company for some time."
What you have written is just a possibility. It is not the norm per se. If the employee is charged with any misconduct and is terminated, then termination itself is the highest form of punishment. Subsequently, issuing a relieving letter with negative comments about the separation is nothing but the destruction of the employee's career. This is a far more serious punishment than termination itself. Therefore, even after termination, many companies remain neutral and issue the relieving letter without positive or negative remarks. Nevertheless, a separate list of such ex-employees is maintained for their internal record purposes.
I have written this clarifying post for the benefit of the originator of this post, i.e., Sm312860. As he/she has been concerned about the career of his/her friend, let him/her not worry further.
Thanks,
Dinesh Divekar
From India, Bangalore
Acknowledge(0)Amend(0)
You have written, "If they terminate her, then naturally it will be stated in her relieving letter and it will be difficult for her to get another job in a large company for some time."
What you have written is just a possibility. It is not the norm per se. If the employee is charged with any misconduct and is terminated, then termination itself is the highest form of punishment. Subsequently, issuing a relieving letter with negative comments about the separation is nothing but the destruction of the employee's career. This is a far more serious punishment than termination itself. Therefore, even after termination, many companies remain neutral and issue the relieving letter without positive or negative remarks. Nevertheless, a separate list of such ex-employees is maintained for their internal record purposes.
I have written this clarifying post for the benefit of the originator of this post, i.e., Sm312860. As he/she has been concerned about the career of his/her friend, let him/her not worry further.
Thanks,
Dinesh Divekar
From India, Bangalore
Acknowledge(0)Amend(0)
Dear Guidance Seeker,
Your Queries Paraphrased:
i) An employee uploaded some data into the company mail id;
ii) Data - standard templates - were saved in drafts;
iii) The data saved was not shared nor even downloaded;
iv) Data was deleted from Outlook;
v) The back-end team is ascertaining a security incident;
vi) What disciplinary action can be taken for this security incident;
vii) Will the employee get terminated from the company and blacklisted;
viii) Is there any endorsement in his/her Relieving Letter; and
ix) Can he/she be eligible for employment elsewhere in the future.
Guidance from Team Kritarth:
1. Please adhere to the Service Rules adopted by your company (Commercial Establishment or Industrial Establishment as the case may be) and applicable to employees and others. In case no Service Rules (codified or otherwise exist), then refer to the Model Orders set in the Acts applicable to your establishment.
2. The Honorable Supreme Court of India has pronounced "Misconduct" as Any Act Unworthy of Employment. That is an eye-opener. You may act accordingly. Holding a properly conducted Preliminary Inquiry to ascertain prima facie facts will certainly help.
3. Any employee ought to be discharged from the Muster Roll of an establishment only after he/she is informed of the act of misconduct alleged against him/her and on the receipt of an explanation. Only after conducting a proper inquiry in accordance with the Principles of Natural Justice and then based on the Inquiry Report submitted with the Findings to the effect that the allegation was established, his/her employment may be terminated. Keeping in view that the punishment be proportionate and not arbitrary.
4. It is the employer's privilege/prerogative to enter in the Relieving Letter whether service during employment was satisfactory or not satisfactory. To err is human and the sole aim of any law in our land is correction, not mutilation. Scruple be the guiding light.
5. Eligibility for employment consists of multiple factors such as academic achievements, hands-on relevant work experience, and other suitability. Let compassion perpetuate.
Team Kritarth welcomes all those who seek and wish to secure serenity.
Team Kritarth
info@kritarth.in / hksharan@kritarth.in / shakti@kritarth.in
Bengaluru Knowledge & Know-How Sharing Center,
25 March 2016
From India, Delhi
Acknowledge(0)Amend(0)
Your Queries Paraphrased:
i) An employee uploaded some data into the company mail id;
ii) Data - standard templates - were saved in drafts;
iii) The data saved was not shared nor even downloaded;
iv) Data was deleted from Outlook;
v) The back-end team is ascertaining a security incident;
vi) What disciplinary action can be taken for this security incident;
vii) Will the employee get terminated from the company and blacklisted;
viii) Is there any endorsement in his/her Relieving Letter; and
ix) Can he/she be eligible for employment elsewhere in the future.
Guidance from Team Kritarth:
1. Please adhere to the Service Rules adopted by your company (Commercial Establishment or Industrial Establishment as the case may be) and applicable to employees and others. In case no Service Rules (codified or otherwise exist), then refer to the Model Orders set in the Acts applicable to your establishment.
2. The Honorable Supreme Court of India has pronounced "Misconduct" as Any Act Unworthy of Employment. That is an eye-opener. You may act accordingly. Holding a properly conducted Preliminary Inquiry to ascertain prima facie facts will certainly help.
3. Any employee ought to be discharged from the Muster Roll of an establishment only after he/she is informed of the act of misconduct alleged against him/her and on the receipt of an explanation. Only after conducting a proper inquiry in accordance with the Principles of Natural Justice and then based on the Inquiry Report submitted with the Findings to the effect that the allegation was established, his/her employment may be terminated. Keeping in view that the punishment be proportionate and not arbitrary.
4. It is the employer's privilege/prerogative to enter in the Relieving Letter whether service during employment was satisfactory or not satisfactory. To err is human and the sole aim of any law in our land is correction, not mutilation. Scruple be the guiding light.
5. Eligibility for employment consists of multiple factors such as academic achievements, hands-on relevant work experience, and other suitability. Let compassion perpetuate.
Team Kritarth welcomes all those who seek and wish to secure serenity.
Team Kritarth
info@kritarth.in / hksharan@kritarth.in / shakti@kritarth.in
Bengaluru Knowledge & Know-How Sharing Center,
25 March 2016
From India, Delhi
Acknowledge(0)Amend(0)
What are your company's security policies regarding data? Have they been published in a formal manner, and have employees been required to read, understand, and sign to acknowledge their awareness of company policies?
The investigation needs to determine why the employee did what they did, and if it was unintentional, the company can decide on the appropriate course of action. If the action was intentional, the company will proceed according to the company code of conduct.
From India, Pune
Acknowledge(0)Amend(0)
The investigation needs to determine why the employee did what they did, and if it was unintentional, the company can decide on the appropriate course of action. If the action was intentional, the company will proceed according to the company code of conduct.
From India, Pune
Acknowledge(0)Amend(0)
Dear Divekar, I gave the possibility, not what will necessarily happen. You have given the alternate scenarios. Neither of us can be sure what the company will do as we don't know who they are, what exactly the work is, or why the incident happened. There is a lot of unknown factors hidden by the post. If this is a high-security financial BPO or similar, then they are paranoid about security. One such American company just got fined US$ 3 million yesterday for failing to stop an employee from sharing certain confidential information. This also may be a case of industrial espionage or whistleblowing (from the company's point of view, at least). If any of these cases are true, the company will definitely include these things in the relieving letter. They will happily destroy the career of such a person. Coming to think of it, HR in most companies look for ways to destroy the career of a person who is leaving. I think they derive vicarious pleasure from such activities.
From India, Mumbai
Acknowledge(0)Amend(0)
From India, Mumbai
Acknowledge(0)Amend(0)
Dear Poster,
It was not sent.
True.
But why was it put in the mail in the first place? If the intent was to send it internally for official purposes, then I don't think you would be asking this question. And I don't think your company or its security team thinks that was the purpose. Companies with sensitive data will not wait for a breach to take place. They have systems that are designed for preventing a breach, and they would take very tight steps with anyone who even looks like they are thinking of a breach, forget planning one.
As I said in the previous post to Divekar, we are not privy to a lot of aspects of the investigation. So we can speculate about what possible outcomes will be. Maybe the company will find nothing wrong happened, give a warning, and let things go. If so, good for your friend.
Quote:
"Hi Saswata Banerjee,
Thanks for your reply.
It's clearly mentioned in the first post that data is neither sent to anyone nor downloaded. It was uploaded in the drafts and has been deleted permanently.
Posted Yesterday"
---
I have corrected the spelling, grammar, and punctuation errors in the text and ensured proper paragraph formatting. The original meaning and tone of the message have been preserved.
From India, Mumbai
Acknowledge(0)Amend(0)
It was not sent.
True.
But why was it put in the mail in the first place? If the intent was to send it internally for official purposes, then I don't think you would be asking this question. And I don't think your company or its security team thinks that was the purpose. Companies with sensitive data will not wait for a breach to take place. They have systems that are designed for preventing a breach, and they would take very tight steps with anyone who even looks like they are thinking of a breach, forget planning one.
As I said in the previous post to Divekar, we are not privy to a lot of aspects of the investigation. So we can speculate about what possible outcomes will be. Maybe the company will find nothing wrong happened, give a warning, and let things go. If so, good for your friend.
Quote:
"Hi Saswata Banerjee,
Thanks for your reply.
It's clearly mentioned in the first post that data is neither sent to anyone nor downloaded. It was uploaded in the drafts and has been deleted permanently.
Posted Yesterday"
---
I have corrected the spelling, grammar, and punctuation errors in the text and ensured proper paragraph formatting. The original meaning and tone of the message have been preserved.
From India, Mumbai
Acknowledge(0)Amend(0)Engage with peers to discuss and resolve work and business challenges collaboratively - share and document your knowledge. Our AI-powered platform, features real-time fact-checking, peer reviews, and an extensive historical knowledge base. - Join & Be Part Of Our Community.
Company Profile.ppt
Dispciplinary Action.doc