you eventually blog the blackberry story !! 
-
"From the SEC Rule 17a, to NASD rules 3010 and 3110 and Sarbanes-Oxley, companies now have legal obligations to ensure they properly record and log ALL wireless corporate communications" !! Thats the sucker which you need to highlight..
My Take.. DONT TAKE ANY COMPANY EQUIPMENT !! PERIOD !!
You're not going to get sued if you don't do something stupid. Refusing to take company equipment is extreme. Instead, try exercising a little discretion. Don't send anything using company equipment that you wouldn't want to see on the front page of the New York Times.
CIBC could have saved themselves a lot of trouble if they'd had the BlackBerry server admin disable PIN messaging. You can disable voice calls, PIN messaging, and all kinds of stuff through a special config file uploaded to the device. It's not hard to do, and it can't be undone by the user without a complete device reset (which would also take it out of contact with the company's BES, temporarily).
Bottom line is, smart companies hire good administrators, and good admins know how to secure company assets to avoid these kinds of things. CIBC has lousy (or lazy) admins. =)
Thanks, guys, for your input.
I guess if you disconnect from the company system, it's a sure sign that you're up to no good.
But most of these guys could have bought additional Blackberry's to handle their covert operations. If they'd only known!
But then again, according to what Peter said, maybe Genuity is legally obligated to record its recruiting activities.
SOx has some pretty far-ranging implications that will eventually cause heavy lobbying south of the border.
The Crimson Permanent Assurance is of the opinion that their SOx obligation is to record and retain every e-mail ever transmitted via company servers, in perpetuity. So PD's right about that.
I think it will eventually cause a massive backlash from US corporations. The cost of maintaining an ever-ballooning digital warehouse of crap will start being a serious drag on reveneues within five to ten years, max.
As a company's IT structure changes over the years, they will face some tough decisions. Let's say they decide in ten years time to abandon "legacy systems" like Microsoft Outlook (or Lotus Notes) for some hot new e-mail infrastructure. What do they do with the ten years of old e-mail? Maintain a few ancient Exchange or Notes servers forever, so that the old data is still accessible? Migrate the whole mess to the new system? That would cost millions, and fo
oops.. and for what ROI? Nada. What good will it do to migrate ten years of e-mail, most of which is for people who no longer work for the company? But that's your SOx obligation.
SOx will spawn a whole new series of slap-suits, where disaffected employees start launching spurious claims just so they can get into a discovery process and sort through all the years of collected data, hunting for actionable policy violations, or inconsistencies in the application of policy. We're human, and you can pretty much guarantee that every company will at some point violate some minor detail of its own internal policies.
Sooner or later companies will get tired of warehousing these expensive, lawsuit-generating archives, and start fighting it through lobbysists and lawyers. That is when we'll see some reasonable limits put on the SOx framework.
FYI Marie the "technolgy specialist" wasn't ever accused with any emails. nothing she sent or received had anything suspicious. She she was only accused of copying information to a cd, not the grand 'conspiracy'
Commenting by HaloScan
