On Mon, 10 Nov 2008, Kate Harris wrote: > 2008/11/10 John Jasen <[EMAIL PROTECTED]>: >> Kate Harris wrote: >>>> You then use the corporate legal policy to create an IT policy that >>>> 'conforms', i.e., personal data will not be tolerated (or backed up and >>>> restored) on company laptops. >>> I'm not sure I want to go so hard on personal data, but... if the >>> policy exists it doesn't have to be fully enforced all of the time, >>> just if needed. >> It has to be enforced consistently, or else it can be held to be >> unenforceable. You can't fire user X over doing un-allowed-activity-A, >> where users Y and Z do it and get away with it. > > Oh indeed. Once the seal is broken on severe punishments for > transgressions consistency must be applied. But there are degrees of > transgression in this case - a letter to a solicitor accidentally > saved to a laptop and forgotten about vs. GBs of copyright material > which was not legally purchased.
you are assuming that the 40GB of copyrighted material was not legally obtained. unless you have specific security needs (like in banking, in which case you should have the laptops tightly locked down, no local admin, etc) wy do you care if they have 40G of 'stuff' on their system? if they have a 50G drive it could cause you problems in installing upgrades, but if they have a 120G drive on the machine (common nowdays), 40G isn't enough to matter. legitmate reasons to care are (in my opinion): 1. no space to install stuff that they need 2. you are backing up more stuff and it's costing you. 3. you are worried that they have illegal things on there and that you will get in trouble over it. for these #1 if there isn't space for the nessasary stuff, the user will make space (or was it really nessasary after all?) #2 stop backing up their laptops (other than known config files that would be useful for re-creating a replacement) the hardest one to deal with is #3, and here you do need to talk to your legal department. but I suspect that documentation stating that the company provides and supports only software on the official list, and that the user is liable for anything else on their system would probably be enough. if they start storing this stuff on servers to share it you have a different problem (companies _have_ lost money for allowing this), but on laptops that are really as much under the users control as under yours it can be a different story. it's also possible to have something in the middle, where you don't allow them to install software on the machines (on the basis that it may be malware and infect the rest of your network, and since you don't know what it is you won't be patching it), but don't worry much about data files (just keep anti-virii signatures up to date). this entire thing should be a cost-benifit analysis. yes, it costs your IT team some effort to deal with these things, but the benifit is happier users, who are less likely to quit (if you have your personal and professional stuff mixed the thought of quitting and loosing all that stuff is daunting ;-) even if you end up finding that it costs you one extra body for every 100 users you are supporing, your management may decide to go ahead and tell you to do this (more user satisfaction from getting this support then from giving those 100 people a 1% raise). David Lang _______________________________________________ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
