Volume 20, Number 4
Parting Is Such Dangerous Sorrow: What to Do When Employees Leave
By David L. Masters
David L. Masters practices law in Montrose, Colorado, and can be reached at firstname.lastname@example.org.
The digitization of the law office presents unique challenges when employees leave, whether at their own volition or at the direction of the employer. No longer are account numbers and client information stored in a little black book locked in the owner's desk. Confidential information in digital form can be sabotaged or misappropriated with great ease; its portability, while beneficial, may also come with a hefty price. This article can help you lower that price as it relates to departing employees.
Employees leave jobs for many reasons: poor performance, illegal activities, conflicts with co-workers, clashes with firm culture, higher pay, lack of career development, illness, and so on. When separation involves a valued employee in whom considerable training or other investments have been made, the loss can be traumatic, particularly in a firm that is leanly staffed. On the other hand, the loss of a marginal performer who has resisted improvement strategies might be the most practical solution. Separation, whether friendly or threatening, voluntary or involuntary, should be a step-by-step process that covers issues that might be important if a lawsuit threatens. (See sidebar "The Form Goodbye," page 57, for an outline of what the steps might cover.)
Apart from the negative effects on productivity and general organizational effectiveness, employees who leave, especially under hostile circumstances, can pose numerous threats. When employees leave your firm, whether voluntarily or otherwise, you need to change the locks on both physical and virtual doors.
One of the first-and, in some ways, simplest-areas to protect is your physical space. On the final day of employment, be sure employees return items allowing entrance to the premises (keys, access cards), official IDs if any, and hardware the employees share with the firm (cell phone, laptop, personal digital assistant). Some companies prohibit dismissed employees from further access to their work area, particularly computer files and e-mail, and require they be accompanied by an authorized human resources representative or security guard even to retrieve a purse or briefcase. Drawing up a checklist specific to your firm's practices is the safest way to be certain that all property was returned.
In the virtual world of codes and access numbers for every piece of office equipment, keeping track of individual items could be difficult. Again, a master list of resources can help ensure that the employee will not be able to use (or abuse) them in the future. Here is a partial list of services that may need attention:
-Internet service provider user name and password
-Building security code
-In-house computer passwords (particularly if a common password used)
-Application passwords (particularly if firmwide)
-Voice mail system access and password
-Firm website FTP password
-E-mail system access and password
-Firm credit cards and account access
-Online banking access or physical account numbers
-Vendor account numbers and charge authority
-Electronic court filing user status
-Online services passwords (Westlaw, Lexis, etc.)
-Backup tapes (password protect and physically inventory the media)
Client list. Of course, you don't want departing employees to leave with a list of your former and current clients. Many practitioners and firms today maintain digital versions of client lists, in a personal information management (PIM) application or a specialized time and billing or practice management program. Exporting the client list is relatively easy, and transferring it to a disk or e-mail attachment could easily go unnoticed. You can prevent this by configuring applications to limit employee access. PCLaw, for example, lets the administrator (you) limit access to certain tasks-time and billing, say-and specifically designate client lists, checking accounts, and similar items off limits. Similarly, Time Matters security features can limit each user's ability to create, change, or delete specific types of records (including matters and contacts).
Master access list. Do you maintain a readily available list of all account numbers and passwords-an aid to basic sanity-as a file document or an entry in your PIM? This is an understandable convenience, but it may come at a huge price. Ideally, transfer this info to a secure location accessible only by yourself and your most trusted surrogate. If you can't protect the location with a secure password, at least protect the document itself.
Research materials. Like most attorneys you likely have built an impressive virtual library of research memos, briefs, contract clauses, and forms covering everything from adoptions to zoning matters. Perhaps you invested a substantial amount of time developing a document automation or assembly system. When employees leave, you certainly don't want this valuable work product to go with them. However, preventing loss of these materials is difficult because employees need access to these resources to efficiently perform their jobs; password protection, data encryption, and protected folders are not viable. In cases where you have legitimate notice or indications of malcontent, you may want to temporarily restrict access to these files. (See sidebar "Tracking Security Breaches," page 56, for instructions.)
Many lawyers in solo and small firm settings are moving fairly effortlessly toward the paperless office, scanning and storing information in digital format on a file server. The sheer volume of data stored in this manner alone might deter misappropriation-it's difficult to abscond with ten gigabytes of data using floppy and zip disks or even CD-ROMs. However, backup copies-which are a necessity with digital files-represent a golden opportunity for a departing employee. To reduce the risk associated with portable backup media, know and limit the number of copies in circulation and password-protect the program and the individual backup media.
In addition to backup media, don't overlook the risk posed by allowing employees to take laptop computers out of the office. A laptop computer connected to the firm network can copy files and spirit them out of the office at any time. Copying may use features included in the operating system or sophisticated third-party applications, but once they're out the door in digital format, they can be replicated elsewhere with little difficulty (i.e., on the employee's home computer). The new breed of portable hard-disk drives have the capacity to accept tens of gigabytes of data at USB 2.0 transfer rates of 400 megabytes per second. When it comes to this issue, therefore, we may be at the point where employees simply must be trusted.
In short, the unexpected departure of an employee may find you trying to close the barn door after the horses are gone. Don't let this happen to you.
Tracking Security Breaches
Windows 2000 allows users to restrict access to files on your network. Permissions and auditing can be set up by viewing the security properties of files, folders, shared folders, and printers and specifying the access level for different groups and users. For example, one user may be allowed only to read the contents of a file while another can make changes to it. You can prevent all other users from even accessing the file. You can set similar permissions on printers so that certain users, for example, can configure the printer but others can only print from it.
The auditing setup detects and records security violations-even a user's attempts to access a confidential file or folder. When a user accesses a file or folder, notice goes to the security log. You determine which files and folders the system should audit, as well as which employees and exactly what types of actions. This way you can track who accesses certain files and analyze security breaches.
For detailed instructions, look up "file permissions" or "folder permissions" in Windows Help.
The Form Goodbye
Most situations involving employees who leave your business happen under friendly-or at least cordial-circumstances. Because they conform to established business practices, it can be fairly simple to keep a thorough record of exit procedures. You may want to put together a master list of issues and actions to cover by the time of the final day.
1.Notice of separation. Firm policies may require that employees give advance notice (typically, two weeks) of their intent to quit. Similarly, when practical and appropriate, you should give employees advance notice of impending termination. If circumstances do not allow for advance notice, consider severance pay to "cover" the appropriate period.
2. Inform employees of their eligibility for continued coverage of health care plans, insurance coverage, retirement funds, etc.
3. Arrange for the return of firm property: credit cards, building or access cards, books and other research materials, cell phone, PDA, laptop computer, etc.
4. Explain whether and how references will be provided to prospective employers. Be certain you and the departing employee have a clear understanding of what the reference will cover.
5. Check that proper notice of the leave has been given to clients or other business entities where appropriate and that projects have some measure of closure.
6. Is the articulated reason for the separation the "real" reason?
7. Have you made every effort to make the separation as humane as possible?
8.Render the final paycheck, being sure that vacation pay, severance pay, and reimbursable expenses have been taken into account.
9. Terminate third-party benefits (social and civic dues, private club memberships, etc.).
10. Remind the departing employee of the continuing duty to maintain client confidences.
11. Remove the employee's name from routing slips, e-mail listings, and legal and telephone directories.
12. Cancel the employee's access to parking facilities provided by the firm.