RIM CIO: We Record Employee BlackBerry Calls and It’s No Privacy Violation

UPDATE: Shortly after I posted this entry, RIM contacted me to say that it does NOT record any of its employees’ BlackBerry phone calls. The company claims ZDNet Australia took CIO Robin Bienfait’s comments out of context. Read, “RIM: We Don’t Record ANY Staff BlackBerry Phone Calls” for more clarification.

It should come as no surprise to corporate BlackBerry users that organizations often retain records of all users’ smartphone messaging and web surfing habits. But Research In Motion’s (RIM) CIO Robin Bienfait yesterday shared some particularly interesting details about the BlackBerry-maker’s own corporate-handheld usage-tracking practices: The Canadian company not only keeps all of its BlackBerry-equipped staffers’ messaging and Internet records, it logs users’ voice calls, as well.

“Everything,” Bienfait told ZDNet Australia. “I record everything.”

As someone who closely covers RIM, the BlackBerry and the corporate space, this news isn’t exactly surprising to me. In fact, I frequently remind new BlackBerry users that corporate-issued devices really do belong to the companies that deploy them, and as such, just about anything you do with a corporate-BlackBerry could be monitored, recorded and tracked back to you, if necessary.

Honestly though, I wouldn’t have predicted that RIM was one of the organizations that also records all its staffers’ voice transmissions.

I was aware that the technology to do so existed well before Bienfait let this particular feline out of the sack—though I believe you need some sort of third-party offering—but I’ve only heard of it being used by organizations with extremely strict security policies, like the military, pharmaceutical or financial services companies.

In RIM’s case, Bienfait says it’s necessary to keep all records of employee BlackBerry voice and data transmissions to protect the company’s intellectual property, i.e., unannounced/unreleased devices and software offerings. RIM’s CIO notes that potential issues with pre-release devices being lost, stolen or sold could be resolved using such records.

“We go take a look at whatever the breach or the leak is and we track it back to who or whatever caused it and we take whatever necessary action,” Bienfait told ZDNet.

Bienfait justified RIM’s extensive record keeping by explaining there’s no invasion of user privacy because all of its staffers with corporate-issued smartphones are aware that their activities, voice, data or otherwise, are being recorded. And she’s right. After all, RIM pays for the devices and wireless service and owns the corporate networks those handhelds connect to.

But I wonder how clearly and how often companies make the level to which they’re monitoring and recording BlackBerry usage known to employees. In fact, a written “contract” or agreement that plainly explains these facts to employees upon acceptance of corporate devices sounds like a good idea to me, yet I don’t know of a single company that uses anything like that—beyond the typical company confidentiality and usage agreements made when new staffers are hired. Those agreements may even clearly state that any all and BlackBerry use will be recorded, but corporate BlackBerrys aren’t always distributed immediately when new staffers are hired, and employees don’t always read all the fine print.

Furthermore, should companies record all corporate communications via BlackBerry simply because they can? I’m reminded of the old saying, “Better safe than sorry.” Using that reasoning, companies should absolutely monitor both voice and data, assuming they can afford the necessary products to do so. But if you’re not Pfizer, the CIA or CSIS, and therefore don’t answer to the same regulatory bodies, is it really necessary to record ALL transmissions? If

not, where do you draw the line and say it’s okay not to create and store certain records?

AS

FREE CIO BlackBerry Newsletter

Get better use out of your BlackBerry and keep up-to-date on the latest developments. Sign-up ť