Reply to: Left - client requesting personal laptop audit

Carrying two for those five minutes hardly seems like a hassle.

I tend to take mine home with me purely as the current client have a fairly flexible approach to WFH so if something came up and I needed to work at home the next day, bit buggered without the laptop as can't VPN into their corporate network without a domain-enabled machine.

Agree it's a slight pain but luckily it's a nice compact Dell and doesn't actually weigh much, plus it's a 5 minute walk to the car

Yeah, I totally agree here. Copy off your documents and personal stuff, secure wipe the free space, let them look at it. Don't give them a reason to withhold payment, however unfair/unreasonable it would be.

Oh, I never bother taking any client supplied ones anywhere!

Personally I find it a chore carrying two laptops around if I'm supplied with one by the client. I can access my personal email on my phone and usually via webmail (depending on client firewall policy) and I would rarely need anything from my laptop during business hours while on-site.

I can understand people having theirs with them, and usually I take mine for the first few days while I'm getting set up with equipment by the client to make sure I have something to use if they do operate a BYOD policy, but actually so far I've always been supplied with equipment by the client - probably to eliminate situation's like the OP's!

Me too, with clients that allow personal laptops on site. But there's no way my lovely Linux laptop is going on a clients network. It's for running my company, not theirs.

Ah is that why I can see a subscription to www.ibumdogs.com?

I always have my company laptop to hand, whether it be on the corporate network or not. It has all the tools and applications I need to work, a modern copy of Office, my e-mails, copies of media I use often and so on. I'd have thought it'd be standard practice for any consultant.

BYOD. Ugh.

Source code is sensitive data and usually contractors have source code if they're doing a project.

The question is this an arsey manager who's going to call him in and then carry out a scan whilst his subordinates are sniggering in the background or is this standard procedure.

When an employee leaves they go through a set of standard procedures and the manager will fill out a form and I suspect one of the questions on the form does the contractor have company data on a laptop or perhaps "did the contractor use a private laptop", which he probably does have i.e. source code then they probably demand it gets deleted. Of course they have a simplified policy that covers all sensitive data.

Of course the OP can refuse, and who knows what will happen.

If it was the bank I was working at, they would have hassled you.

I mean at the end of the day this really sounds like some compliance dept not an "arsey" manager having a "bit of fun".

It's the OP'S decision ....personally I'd go in.

You never know - I use my own equipment and I have access to the payroll and HR data for 80000 employees worldwide.

That's how I got Psychocandy's credit card number and pinned the blame on expertsexchange...

Fair enough, but if something is that sensitive (which I don't get the impression this is) they wouldn't let him use his own laptop.

How do I steal company data? and
How do I demonstrate contractually agreed compliance? are two very different questions.

Well they want to make sure that their sensitive data is not simply sitting on a laptop on the 17:15 to Clapham forgotten on a luggage rack. That's why they would like to make sure the data is deleted or there isn't any.

Can you imagine the stink for the security dept if someone stole his laptop and cost their company millions simply because they didn't make sure they had deleted all his data.

It's a security risk, it's part of the security policy and there are reasons for it.

Sensitive data will be interesting to any thief or criminal and should only be on laptops when it's necessary, but certainly not on a laptop from somone who no longer works there.

I have data on laptop.

I copy data to somewhere else

I delete data on laptop as requested

I hand over laptop

They verify I have deleted data from laptop

I still have data somewhere else.

All they have achieved is proving the data is not on the laptop. Them checking the laptop proves nothing, so is a total waste of time.

In fact, if he IS keeping the data when he is not supposed to, he would obviously wipe it from the laptop, and let them check it.

Right?