All
   At my last company, it (and is) standard practice to back up the user data on the workstation or laptop of a departing employee and then wipe the machine's drive and reinstall the OS and apps for the next user of it. At my current company, I've been told it is a waste of time and that we shouldn't bother with such things. So naturally, I thought it worth raising on tek-tips: where do your thoughts and/or your company's policies fall on the matter?

 

In my world it would come down to how much contact the user has with parties outside the company.

If in sales for example, the user might have invaluable information regarding existing or potential customers that might not be stored anywhere else. The difficulty of finding said information might be more bother than it's worth however.

On the flip side, if the user were clerical support and only dealing with internal company documentation then the exercise might well be pointless.

*******************************************************
Occam's Razor - All things being equal, the simplest solution is the right one.

It also depends on the circumstances surrounding the departure.

If, for example, an employee was terminated for doing illegal things (such as surfing child pornography on the company computer), not backing up the information may surmount to tampering with evidence.

 

Just my 2¢

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg  http://parallel.tzo.com
 

>such as surfing child pornography on the company computer

Wouldn't backing that up constitute an offence of copying / distributing?

>...terminated...

Under that sort of circumstance - consult the company's legal department.

Personally, I'd get the request to not bother with backing up documented and in the CYA file.

 

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

I think it would be a good idea to back up the data, at least to a temporary backup.  You do not know if they had critical files, such as product design drawings, on there that were not committed to secure storage.  This could occur by accident, honest oversight, or even malicious intent.

At the same time, securely wiping the system is prudent.  I would recommend a wipe that prevents data recovery.  You never know who is going to get that machine next.  This would also be a good move to prevent the spread of malware.

On the flip side, if I were a departing employee I would also securely remove any form of personal files or information that may be on there.  Personal information could be things like pay stub copies, or scanned documents that were used for insurance or relocation purposes, etc.  These files are work related and may legitimately be on a company computer, but you do not want some unknown entity to gain access to this information and that includes any IT person assigned to backup and wipe the system, nor do you want it in an archived backup.

In any case, I agree with the suggestion that regardless of the action, be sure you get a written copy of your instructions and requirements and keep in in the CYA file.  A copy of your companies record retentions policy may be in order too.  If the company has such a policy you would be well advised to adhere to it should there be a conflict between it and any supervisor directives.

 

I agree with Noway2 right down line.  It's prudent to fully backup the system, at a minimum to a temporary area, until you can ensure that no company data or files will be lost by deletion.  It's also prudent to securely wipe the system because you don't know what the user has installed and what may be lurking behind.  While neither may be necessary for the majority of the time, it's a small price to pay for insurance.

I would be willing to bet that the one who says it's a waste of time hasn't been burned.  Nevertheless, if that becomes the company policy, get it in writing, signed, and always, always make sure you keep a copy.  If a worst case scenario does come to pass, that document may be your only defense against a subpoena for company records that can't be located.
 

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886: How can I maximize my chances of getting an answer?
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

Depending on the geographic area and type of business, various compliance laws may be applicable too.  Do you have a compliance / audit department?

Take Care

Matt
I have always wished that my computer would be as easy to use as my telephone.
My wish has come true. I no longer know how to use my telephone.

It is amazing how many decisions etc are stored in emails, it is a good practice to not only back up the .pst files (Outlook) but to provide them to the person who will be handling the departing person's work.

Do store any backups in non-public folders. I happened on my eval and that of other emplyees one time in the public folder where they stored the backup of my boss's computer when he left.

"NOTHING is more important in a database than integrity." ESquared
 

Another consideration is customisation.  Depending on how much control you have granted your users over their PCs, the departing employee may have installed, replaced or removed some software on the machine according to their preferences and working style.  They may also have changed preferences in some applications that don't maintain per-user configurations.

This of course may not suit the new arrival, and the new person may have no idea that their machine is not the same as everyone elses, resulting in unnecessary misunderstandings and time-wasting desktop support problems.

Annihilannic.

Surely it even just looks more 'professional' to the new employee to have a cleanly installed machine rather than someone elses preferences etc. I for one have no icons on my desktop - Now most other people won't be wanting that will they?

Fee

"The cure for anything is salt water – sweat, tears, or the sea." Isak Dinesen

Thanks everyone for the helpful and thoughtful responses.

One clarification, the user-specific data is being backed up whether the machine is wiped or not (or rather, it should be, but I'm not confident that that is happening with any regularity). It is a relatively small company, under thirty total employees with me just having arrived a few months ago, and only one other network engineer having been here from the beginning - no other real IT staff to speak of.

There appears to be no consensus here beyond "do it if it is worthwhile to do so", with valid justification both ways, and that is a good answer to my OP question.

Steve,

I believe it is very worthwhile to do this - not least because it shows a higher level of professionalism of your IT team in doing so. By this, I mean that new employees would hopefully begin by seeing that you had given them the 'best' bit of kit you could possibly have done.

Fee

"The cure for anything is salt water – sweat, tears, or the sea." Isak Dinesen

Also, if you do backup the old systems, you could just use one computer system for backing up the old ones to whatever image file format you choose.

So, you could have a system called "MrBackup" or something.  Then whenever someone leaves, immediately pull the drive out, possibly popping it into a hard drive dock, for instance, and creating an image of it as it stands.. storing on MrBackup.

Then create some sort of policy that says something like - if after 3 years, no one has needed anything off this image, delete it, unless perhaps it's someone like a VP or some other high-ranking member.  I'd want to look at my specific industry, and see if there are any particular laws or regulations that have a set time frame.  

Whatever you do, it'd be VERY beneficial to get it in writing - get a signed, written document as the company statement of practice.  Then abide by that.

Also from a cost perspective, a HDD dock is very cheap, and of course hard drives are pretty cheap, so long as you're dealing with SATA - not SAS drives.

Along the same lines, you may also have a time frame which it may be legally in your best interest to wipe the data for good.  For instance, where I work, we now have a "data retention policy" that basically says how long we HAVE to keep what types of data, and at what point we need to get rid of it.  What that is will depend upon your industry, for sure.

 

During my career, I have given departing employees this line: "If there is anything on that computer that you don't want anybody to find, get it off now."

I think that wiping and re-installing is a very good idea, no matter who it is. Wiping and re-installing gives new users a fresh computer when they arrive--one that doesn't have someone else's customizations and such.

The other thing is that the occasional re-install will fix problems. It cleans up the computer. There is no better time to do this than in between employees.

Here are a few cases in which a re-install might not be called for. There is some type of legal action involved.
Computer is configured in a special way that will be very difficult to reconfigure in a clean install. Computer has software installed, and the original install media for the software are missing or lost.

Wiping and reinstalling is always a best practice.  I would do this without question because it reduces support calls down the line.

As far as the "final backup" goes, it depends.  In smaller shop like yours were any given user is likely to play a key role in the organization then it's probably a good idea to take a backup to CYA.  In larger organizations it tends to be less of an issue since knowledge tends to be more distributed among people in the various teams.  Larger organizations also tend to have legal departments who prefer that less data and communication be retained.  After all, if you keep it around then it can be subpoenaed when someone sues you.

If there were anything shady involved or the employee was leaving on bad terms I'd make doubly sure to get a backup, preferably before they left.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator

When a new user (outside of IT) gets a previously-used laptop, we re-image it.

Not sure about backups - not my department - but we do have extensive monitoring of computer and internet usage - all that's needed to keep the auditors happy.

-- Francis
Et cognoscetis veritatem, et veritas liberabit vos.

Wipe and Image.

At one company we leased machines and everytime mine was supposed to be refreshed, one of the 'higherlings' would take my refresh and give me their's as a hand-me-down--twice in one year. I guess in Freudian terms it would be called Pentium Envy. Early the next year, someone tried it again. I simply advised that the last hand-me-down was so full of porn that based on policies on inappropriate use and possible termination, I wouldn't be responsible for anything on it--ever. The practice stopped.  

KE407122
'Who is this guy named Lo Cel and why does he keep paging me?'

Abolsutely no backups. If you have critical information on a PC of someone that is leaving the company, you have a problem, but an organizational one, and that cannot be solved with a plain backup.

Cheers,
Dian

I am currently in that "in between" employer periods with yesterday being my first "unemployed" day before I start my new job.  The company apparently doesn't perform routine backups of employee PCs and I admit that it was fun at the end watching managers and fellow employees all asking me where "stuff" is both on that PC and where, if anywhere, I placed on the server drives.

As I said before we re-image PCs.

When I inherited this laptop, I used the XP File and Settings Transfer Wizard (FAST) to save all of my bookmarks and shortcuts to my network file share. When I logged in to the new laptop, I restored the same settings. It made the transition a lot easier, and I didn't have to spend as much time re-configuring stuff.

-- Francis
Et cognoscetis veritatem, et veritas liberabit vos.

Important data should be on the network, first and foremost. But you never know what users are going to do. I backup data and the user's e-mail as well. Of course, you should make two backups.

If illegal activity is involved, then do whatever your lawyer says.

It's always nice to give a new employee a fresh system if you can't give them a new one.

Unfortunately, I have heard of at least one case of a user having a program on their computer and then being unable to find the install media. In the case, leaving the computer alone was the only way to maintain use of the program.
 

Wow.

I've never given out the install media to anyone.

I have all install media centrally and can install it remotely when required.

Fee

"The cure for anything is salt water – sweat, tears, or the sea." Isak Dinesen