When people change jobs, highly sensitive information is particularly vulnerable. The study showed often employees have no qualms about taking highly confidential or sensitive documents with them when they leave - and most believe they're doing nothing wrong.
The survey discovered that half (51%) of European office workers who take information from their current employer when they switch jobs - 44% of those in the UK - are helping themselves to confidential customer databases, despite data protection laws forbidding them to do so.
Along with databases, employees who take information are walking out the door armed with presentations (46%), company proposals (21%), strategic plans (18%) and product/service roadmaps (18%) - all of which represent highly sensitive and valuable information, critical to a company's competitive advantage, brand reputation and customer trust.
The study found that employees who resign don't generally take information out of malice; they do so because they feel a sense of ownership or believe it will be useful in their next role. Two thirds said they had taken or would take information they had been involved in creating, and 72% said they believed the information would be helpful in their new job.
But the picture changes when employees lose their job. The study revealed that as many as one in three office workers (31%) would deliberately remove and share confidential information if they were fired.
Patrick Keddy, senior VP at Iron Mountain, said: "As businesses across Europe rush to tighten up their data protection policies in advance of new EU legislation, it is extremely worrying to see that employees are leaving jobs with highly sensitive information. Companies concerned about information security tend to focus on building a fortress around their digital data and then forget about the paper and the people.
"This study provides a fascinating insight into what people feel they have ownership of and why. The findings highlight the need for information management policies to be developed closely with Human Resources as part of a Corporate Information Responsibility programme. Firms of all sizes, across all business sectors, need to ensure that employee-exit procedures are robust and compassionate, and that guidelines recognise that how people feel directly influences their behaviour and actions."
The study suggested that a lack of appropriate information management policies or their ineffective implementation could be a powerful factor in information loss. More than half (57%) of respondents said it was always clear when information was confidential, and a third said they were not aware of any company guidelines regarding what information could or could not be removed from the office.
The Iron Mountain study surveyed 2000 office workers of all ages and across all business sectors in France, Germany, Spain and the UK.