Re: Corporate policy question - Personal Laptops

["guiness.stout" <guinness.stout () gmail com>]

What will you do if the terminated employee has an excellent memory?

On Fri, Sep 12, 2008 at 8:20 AM, Rivest, Philippe <PRivest () transforce ca> wrote:
> I don't think it is your "right" or "business" to go into the laptop and even
> just read some of his files to see if theres work related. It is a personnal
> laptop and as such not own by the company. At this point, how far will you
> go? I mean would you log in his personnal computer and lunch his MSN to see
> if you can connect to his hotmail and then delete work stuff?
>
> Seriously your NDA should be your protection against the laptop and the
> employe. He would be respectfully "obliged" to not disclose any information
> he had been in touch with while working with your corporation. Also all his
> applications and files (now useless to him) would be deleted at one point.
>
> If at one point you allow in your corporate policy that employe can bring
> there own laptop at work, there USB key or even connect home (or bring there
> job laptop home) then you already have open MANY doors by which you have no
> option beside "let it go".
>
> (Btw, if I was that employe and you had my laptop, if you erased the content
> of it, I would make sure that if I had any loss of information (personnal or
> work related with another corporation) send you a letter from an attorney.
> That's JUST if you wipe my drive, if you fire me b4 I might not even be shy
> to do this)
>
> Merci / Thanks
> Philippe Rivest, CEH, Network+, Server+, A+
> Vérificateur interne en sécurité de l'information
> Courriel: Privest () transforce ca
> Téléphone: (514) 331-4417
> www.transforce.ca
>
> Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long.
> You could print this email, but it does takes a long time to grow trees.
> "Everything that can fail, will fail. If something can't fail, it will fail
> anyway" - Murphy
>
> -----Message d'origine-----
> De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la
> part de Tom Yarrish
> Envoyé : 11 septembre 2008 13:54
> À : security-basics () securityfocus com
> Objet : Corporate policy question - Personal Laptops
>
> Hey all,
> Needed some advice on a corporate policy issue.  If an employee has a
> personal laptop in the office, and that employee is terminated in the process
> of a merger, can the company wipe the hard drive of the personal computer
> before it's returned to that employee?  Here's the
> scenario:
>
> Our company is going through a merger, and through the rounds of
> "integration" of the two companies, employees that are let go from the IT
> department are escorted out of the building immediately, and not allowed to
> return. Their manager packs up their personal affects and ships it to them.
> In one case, the employee had some personal laptops in their office, and
> wants them back (obviously).  Are we allowed to wipe the hard drive of that
> personal laptop before giving it back to the employee?
>
> I'm trying to determine if this is even legal or not, so I'm not sure where
> to look for advice.
>
> Thanks ahead of time....