On Fri, Nov 11, 2011 at 03:11:17PM -0500, Sam R spake thusly: > The problem comes if he, like so many people, reused the laptop > password somewhere else and says, "Um, no. Sorry." because that > would give us access to more than just the home directory. The
IMHO the data is gone. The company should have had policies in place to get it backed up. What if the HD had died? You would be in the same boat minus the perceived legal ambiguity. Alternatively, there are encryption solutions which provide for multiple decryption keys, one of which the company could have held. Or you could have had the employee escrow the decryption key/passphrase with you beforehand with the agreement that it not be changed. > Company CEO is of the opinion that this is company property, the > password is part of the property, to ex-user has to divulge it. A Most companies with any sensitivity to security have it as part of company policy that passwords are never to be divulged and ensure that the company always has other ways to access such data (such as via root/administrator passwords, backups, etc). So it could be a policy violation for the employee to give it to you or even the CEO. Of course, this is now shades of Terry Childs... > Is this kind of password demand at all common? Not in my experience. You need to have a backup agent on these things and make sure they get backed up regularly (have monitoring for this) or one of the other solutions mentioned above. Typically, once the employee is cut loose by "The Bobs" he's done with you unless there is some remaining contractual obligation. -- Tracy Reed
pgp3yRjswJurc.pgp
Description: PGP signature
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
