4

I'm leaving my company soon.

Only one person in the whole company has admin-rights on client machines and does the reinstalls. To save time only the old userprofile gets deactivated and a new one generated.

This leads to data lying around rather easy to access.

Should I wipe my device, even if I'm not explicitally allowed to do so?

All passwords of the company are safed on the network, same for files.

As I had to use this laptop also for private reasons I'd rather have my data removed completely. I wouldn't mind if they put the machine in quarantine for two weeks and then wipe it, but just adding a new userprofile seems rather weak to me.

(and btw there are severe driver issues on the machines. Couldn't solve them in all the years without adminrights)

guest
  • 41
  • 2
  • Wiping the entire device is NOT OK. You don't have the rights to destroy the data that belongs to the company. On the other hand, it should be fine to delete your personal data which you have stored in the device. It's a good practice not to have personal data on our work computers, but we all fail at some point ;) – Ebenezar John Paul Jun 26 '17 at 12:57

2 Answers2

6

The short answer is no, but...

The problem here is that you don't own the machine and your company may have a policy that forbids you to do such a thing.

Here's what I would do:

  • Talk to my CTO about my concerns and explain my plan of action
  • Ask them if there is any reason they would prefer to keep the data intact
  • Come up with 2 or 3 Other proposals that they might find agreeable (i.e. "how about you guys keep the laptop as is for a week or two to get anything you want from it or to go through your decommission policy, then we do a wipe on the drive so it addresses my concerns as well").
  • See if an amicable agreement can be made.

Ultimately the problem is a legal one, I'm no lawyer, but if you wipe the drive and they explicitly tell you not to, you might be liable in some way. I would avoid it if at all possible.

I would always want to wipe my drives, even work ones. But my strategy is to work with them in finding a way we are both happy with the result. Doing things unilaterally will at best put a sour note on your relationship with that company and possibly affect you in unintended ways in the future (think job references), and at worst might lead to grievances from the company, something you never want to be a part of.

I would advise strongly you talk to your managers and your technical department, have a sit down and plead your case and your reasoning. I'm sure you both can come to some sort of understanding, that way no one leaves feeling betrayed.

Nalaurien
  • 1,654
  • 10
  • 16
1

It is common to have a mix of professional and private data on a professional computer because:

  • you may have received/sent private mails on your professional address
  • you may have used the computer to write private documents
  • you may want to have a picture of you wife/children/pet on your screen

This is generally allowed provided you correctly do your job.

You should only remove personal (non professional) data from the computer before leaving the company. The professional data is owned by the company, and you should not destroy it from the machines you used unless you were explicitely allowed to.

Serge Ballesta
  • 26,693
  • 4
  • 44
  • 89