> From: [email protected] [mailto:discuss- > [email protected]] On Behalf Of Sam R > > The problem comes if he, like so many people, reused the laptop password > somewhere else and says, "Um, no. Sorry." because that would give us > access to more than just the home directory. The Company CEO is of the > opinion that this is company property, the password is part of the > property, to ex-user has to divulge it. A nice legal theory, I just don't > know if it holds up to common practice[2].
Most companies, in the employment contract or confidentiality agreement, say something like "no expectation of privacy," and declare that they own everything on the laptop etc. It's a condition of employment. So most likely the CEO is correct, from a legal standpoint, but that doesn't necessarily mean the user will give up the password without a fight. I have encountered this situation before, and I've never failed to get the user to unlock whatever it was. Even when the user was terminated on bad terms, if you offer something in exchange ... For example, offer to extract their personal information onto something like a DVD and mail it to them or whatever they want. Certainly be agreeable if they ask you how to solve their home wifi problem or whatever. I have done this before, in order for the user to unlock an encrypted directory - over the phone for like 30-45 minutes with an ex-employee, avoid any sticky subjects, offer sympathy and references, offer personal information shipped on DVD or whatever, ask him to unlock directory, and while we're waiting for it, help him with something else. Certainly be human. Sometimes you simply have to show caution and respect that the *password* itself might be the private information the user doesn't want to give up. Because it's the most secure password they've ever used, and they used it to lock their home laptop too, etc. So offer the option of them remotely typing in the password themselves, or unlocking it one time so you can extract the actual data out of there, etc. But for sure, you have to call the ex-user, and play the role of negotiator. In the future - I will recommend standardizing on some WDE solutions, where the user has keys and you also have keys, and hopefully there's even a backup strategy so you have additional copies, even if some sort of tragedy strikes the user, you should be able to recover the data. I am currently deploying bitlocker for windows, filevault for OSX Lion... Both of which, I'm able to unlock as well as the user... We don't have anybody using linux as their primary desktop, but hopefully something similar exists. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
