Deleting only work data from a device
To help secure your organization's data on a personal BlackBerry® device, you can permit your organization to delete work data from a device when a user no longer works at your organization. You can use the BlackBerry Administration Service to require that a personal device remove only work data when the device receives the Delete only the organization data and remove device IT administrative command over the wireless network. All personal data remains on the device. A BlackBerry device user cannot use the device or make emergency calls while the device deletes the work data.
The device permanently deletes the following work data:
Process flow: Deleting only work data from a device
When you delete only work data from a BlackBerry® device using the Delete all organizational device data IT administration command, the device performs the following actions:
- Adds a Corporate Device
Under Attack flag to the NV store
If a user removes the battery or the battery power drops to zero before the device deletes all work data, when the user replaces the battery, the process continues because the Corporate Device Under Attack flag is still present.
- Displays a notification that
the device will begin deleting work data in 2 minutes
If a user removes the battery or the battery power drops to zero before the process ends, when the user replaces the battery, the process of deleting work data continues but the device does not display a notification that the device will begin deleting work data.
- Turns off the wireless transceiver
- Notifies any applications on
the device (for example, the Messages
application, and registered third-party applications) that manage work data
that they must delete the work data that they are responsible for from the
device. The applications then delete the work data that they manage on the device.
Any applications on the device that manage work data must register with the device to receive a notification from the device when they must delete the work data that they are responsible for. If applications on the device that manage work data do not register with the device, the work data that they are responsible for may not be deleted.
- Deletes all device transport keys
- Sends an acknowledgement to the BlackBerry® Enterprise Server that the work data was successfully deleted from the device
- Displays a notification that the device successfully removed work data from the device and that the device is going to restart
- Deletes the IT policy public
key from the NV store to remove the binding between the device and the
BlackBerry Enterprise Server which terminates its connection with the
BlackBerry Enterprise Server
The device can bind to another BlackBerry Enterprise Server at a later time. The device does not use the memory-scrub process to overwrite the IT policy public key because it is not a protected value or hidden value.
- Deletes the Corporate Device Under Attack flag from the NV store
- Sends an IT policy change notification to all applications so that applications that depend on the IT policy can make changes if required