Laptop Formatted while returning after exit

Need help on the issue after employee left the company. He has been associated with us since 3 years. After last day, he returned company asset but after formatting the laptop which is not acceptable under ISO guidelines. What we can do for it?


1 Like

Hi Aprajita,

If your IT / Information Security & Management team is taking periodical back ups as per ISO controls, then you can retrieve the data.

If your data management controls are not in place, then it is a trouble if there are critical data loss / unauthorized destruction.

Bhuvana Anand

Thanks Bhuvana. Let me know if any legal action can be taken or we can HOLD his FNF by Law?

1 Like

There are a couple of things which you could take immediate action.

  1. This is a clear gap in the IT/IS process in place. The IT team was supposed to take periodical backups and also should have anticipated such risks.
  2. If no explicit clauses are referring to the return of company assets in good condition, reporting of system complaints and other issues in a proper manner, etc., and if not included such relevant clauses in policies and appointment orders, it is one of the next important tasks to immediately take up.
  3. If the conduct, discipline, and appeal rules are not set (like standing orders), it is also another task to schedule. For disciplinary action, organizations require such explicit written rule books.

If the appointment order and policies acknowledged (IT policy, NDA, etc.) contain relevant terms to safeguard the company assets and data, then there is a chance to seek an explanation from the employee and hold the F&F till satisfactory resolution of it. However there could be plenty of challenges - how do you prove the employee guilty? The employee can allege that it happened via transit or was committed by the HR/IT team. As the person is no more an employee (maybe not in office as well), it is hard to prove the intention and certainly the misconduct. You may require forensic experts’ assistance. So many further aspects require collective management decisions.

If the organization has incurred data loss, try to arrive at an approximate figure (amount of loss) and then hold the relieving till there is a consensus arrives.

Note: Irrespective of whether you take an action and recover the loss from the ex-employee, it is high time to put some serious effort to set the right policies and procedures. This is to avoid similar occurrences in the future.


Thanks for the details. We have put in NDA and have all corrective measure in place. This will help us to take action. Thanks again.