Security Technical Overview

Local Navigation

How a device classifies what data and applications are for work use or personal use

To control what happens to your organization’s data and applications on a BlackBerry® device, you can configure a device to distinguish between data and applications that are for personal use and data and applications that are for work use. You must set the Enable Separation of Work Content IT policy rule to Yes before the device can distinguish between work data and personal data.

By default, after you configure the Enable Separation of Work Content IT policy rule, core applications can access work data, personal data, or both. For example, the email application can access both work data and personal data because a BlackBerry device user can use the email application to manage the work email account and personal email accounts. To determine whether a third-party application or an add-on application developed by Research In Motion® can access work data, you must configure the "Is access to the corporate data API allowed" application control policy rule. The device checks this rule to determine which applications can access work data.

After you configure the Enable Separation of Work Content IT policy rule, the following events can occur:
  • the device and BlackBerry® Enterprise Server do not synchronize personal organizer data
  • an application can determine whether it can access work data
  • after applications that can access work data register with the device, the applications can delete work data without deleting personal data when the device notifies the applications that they must delete work data

To help a device determine which data is work data, you can provide the device with domain information for your organization. You can specify a list of domain names, email address domains, and certificate server domains that are specific to your organization in the Work Domains IT policy rule. For example, if a user sends an email message to a contact that is not in the contact list on the device, the device can use the domain information in the Work Domains IT policy rule to determine whether the contact is a work contact.

Data and applications that a device classifies for work use

A BlackBerry® device classifies the following data and applications for work use:
  • email messages and attachments that are sent to the BlackBerry device user's work email account and the email messages and attachments that the user sends from the work email account
  • draft email messages that the user creates using their work email account
  • calendar entries that the user creates using their work calendar
  • contacts that the BlackBerry® Enterprise Server synchronizes with the user's work email account
  • organizer data, such as tasks and memos
  • applications that you send to the device from a BlackBerry Enterprise Server, and that have the "Is access to the corporate data API allowed" application control policy rule set to Allow
  • files that the user accesses and downloads from your organization's network using the Files application
  • files on media cards that are created by applications that can access work data (except for media applications)

The BlackBerry device classifies email addresses in the user's contact list as work email addresses using the domains that you specify in the Work Domains IT policy rule.

After the device classifies data for work use, the user cannot reclassify the data for personal use. For example, if a user selects a work email account in the Send Using field of a draft email message and starts typing a message in the body, the user cannot change the selected work email account to a personal email account. However, the user can reclassify personal data as work data. For example, if the user selects a personal email account in the Send Using field of a draft email message, the user can change the selected personal email account to a work email account even after they start typing a message in the body of the email.

Back To Top

Data and applications that a device classifies for personal use

A BlackBerry® device classifies the following data and applications for personal use:
  • email messages and attachments that a BlackBerry device user sends from any email account (for example, a personal email account) except for the work email account
  • contacts that the device synchronizes with personal email accounts (for example, Google Mail™ contacts)
  • phone data (phone data is considered to be personal data but the call history and call logs are deleted when you delete work data)
  • instant messages that a user sends or receives using BlackBerry® Messenger
  • text messages that a user sends or receives using PIN messaging, SMS text messaging, or MMS messaging
  • applications that have the "Is access to the corporate data API allowed" application control policy rule set to Deny
  • content that is stored for the BlackBerry® Browser (the BlackBerry Browser is a personal application but the cache is deleted when you delete work data)
  • maps
  • media application data (for example, the camera, video, music, or voice recorder)
  • passwords that the Password Keeper encrypts
Back To Top

Was this information helpful? Send us your comments.