back to article Ex-Harrods IT man cleared of stealing company issued laptop

The former Harrods IT worker accused of stealing a laptop from the luxury department store in the UK capital has been cleared of theft – but was fined for trying to remove it from the department store's domain. Pardeep Parmar, of Grove Road, Hitchin, Hertfordshire, previously pleaded guilty to causing a computer to perform a …

  1. Aqua Marina

    A complete waste of time and tax-payers money then.

    The number of people I've had over the years that have wanted me to remove their personal stuff from company owned laptops before they've handed them back. Now because of an over zealous prosecutor, it's established as being illegal. The shop that er, shopped him deserves to be social media shamed. Did they contact the police, or contact Harrods first?

    1. Jason Bloomberg Silver badge

      Now because of an over zealous prosecutor, it's established as being illegal.

      No; the case has simply confirmed that it was already illegal.

      Not sure why you feel we should be naming and shaming those who let the authorities know there has potentially been a crime committed. I think there would be a better argument for that if they were ignoring potential crimes.

      1. Aqua Marina

        According to FAST software piracy is a crime. Are you happy for your local IT shop to go scouring through your laptop for unlicenced software so they can report it.

        I'll clarify my point. I asked if the shop called Harrods or if they called the police. I would guess that most likely they called Harrods. If this is what they did, then this is a huge breach of privacy, and also illegal.

        1. Test Man

          But they didn't go scouring through his laptop, they inadvertently encountered proof that it wasn't his laptop to begin with when the big HARRODS logo appeared when they booted up. That, coupled with his request, would have made them suspicious enough. So not illegal.

          It's the same debate with Gary Glitter's laptop - could have been illegal but then again they stated that as part of their diagnostics (i.e. testing to make sure Windows was working again and files could be launched) they came across the dodgy images. There wouldn't have been a high-enough burden of proof to prove that they went further i.e. blatantly scoured through the HDD for things they could find.

          Same with this one.

          1. Mad Mike

            On the face of it, the employee was a bit silly about how he went about things. He should really have asked Harrods to erase the personal data for him (say in his presence), at which point he hands it back. As a data subject, he has the right for it to be deleted unless they can show a valid business reason for keeping it there, which sounds unlikely.

            Given they didn't know he had the laptop, that's a pretty poor state of affairs for Harrods as well. The shop was certainly being somewhat over zealous and actually acting wrongly. They suspected a criminal offence was being committed, which means they should have secured the laptop and contacted the police. That ensures the evidential chain. If they suspected something that wasn't criminal, they could contact Harrods. After all, the police investigate criminal matters and pass files to the DPP, not Harrods.

            You can quite easily ask a shop to perform actions on a laptop that isn't yours (say a company one). There's nothing wrong with that at all. After all, businesses need work done and sometimes local shops can be as good a route as anyone.

            The theft charge simply seems to be an extrapolation of the attempt to access, with the assumption being he wanted to retain use of the laptop and not just delete the personal data. That's one hell of an extrapolation unless there was additional evidence showing motivation. Having just been made redundant isn't evidence of this at all. So, no party really comes out of this well. The employee was somewhat stupid in his actions, Harrods have shown a lamentable grasp on who has their kit and the prosecutor seems to be into knee jerk overreactions.

            Hence, we end up wasting god knows how much time all round (police, DPP, courts etc.) for something really trivial. Guess it's easier than persuing real, personal crime though........

            1. Anonymous Coward
              Anonymous Coward

              "You can quite easily ask a shop to perform actions on a laptop that isn't yours"

              Without authorization? Are you kidding? And maybe give 'em the encrypted disk key so they can fix stuff and install you the latest cracked applications?

            2. Doctor Syntax Silver badge

              "He should really have asked Harrods to erase the personal data for him "

              Or he could simply have taken the hard disk out, overwritten the partition with random data, replaced it, restored the OS (I assume there was a recovery partition) and then handed the machine back..

          2. Anonymous Coward
            Anonymous Coward

            Paul Gadd

            If I remember rightly, the employee who found them also got fired as it was not his remit to look at users private files, only to repair the laptop / PC whatever.

        2. Chris King

          So, someone comes in off the street with a corporate laptop, and asks you to break in to it for them ? That's a potential case for "handling stolen goods" before you even get to any privacy or computer misuse offences.

          (The device was issued to him by an employer for work purposes, and they subsequently terminated his contract)

        3. Jason Bloomberg Silver badge

          I asked if the shop called Harrods or if they called the police. I would guess that most likely they called Harrods. If this is what they did, then this is a huge breach of privacy, and also illegal.

          If they acted illegally then let's hope they get prosecuted, but there is no evidence presented that they have, nor for your "most likely" claim.

          I think it is actually more likely they called the police, like Cash Converters and their ilk likely would (or should) when someone comes in wanting to exchange 'a mini van's worth of DJ gear' for cash. It's really not worth it for legitimate businesses to be seen as potential fences for stolen goods or facilitating crime.

          But all our company PCs and laptops do have a "please call our number if this ends up in your hands" sticker and pop-ups and I would like to think anyone who came into contact with anything potentially stolen from us would, rather than help some ejit gain access to what's on it.

          I think you would be hard pushed to say that was illegal when the kit itself is telling them to do that.

          When our home working staff have to take kit to a local repair shop they can either take evidence with them or ask the staff to call us up and we'll say it's okay, legitimate. It hasn't happened but, if a repair shop ever did call the police and it led to an investigation, it would be easy to resolve that.

        4. Ian Johnston Silver badge

          "then this is a huge breach of privacy, and also illegal."

          Someone goes into a computer repair place and asks them to get into a computer which displays the logo of a well-known company on startup. The repair places calls the company and says "is this legit"? What "huge breach of privacy" do you think has been committed? What law do you think has been broken?

          A couple of weeks ago I bought an audiobook on eBay. When it arrived, it had a library bar code on it and nothing to say it had been withdrawn. I contacted the library to ask if they wanted it back. Was I committing a huge breach of privacy? Was I breaking the law?

    2. Adam 52 Silver badge

      "Now because of an over zealous prosecutor, it's established as being illegal."

      No it hasn't. Two reasons. First it's Magistrates court and therefore non-precedent setting. Second he pled guilty so no legal arguments were heard let alone settled.

      1. MyffyW Silver badge

        Waste of Money

        I took my partner and our kids for a cup of tea and a sticky bun in Harrods a couple of years ago and it cost 35 quid .... now that was a waste of money.

        1. steviebuk Silver badge

          Re: Waste of Money

          What did you expect, it's Harrods. Of cause it was going to be expensive.

    3. Alan Brown Silver badge

      "The number of people I've had over the years that have wanted me to remove their personal stuff from company owned laptops before they've handed them back"

      Shows how many people are stupid enough to put that information on a computer they don't own in the first place.

      1. Anonymous Coward
        Anonymous Coward

        When I did it, A Ltd. was bought by B Inc. Company X was a customer of A and a competitor of B. X did not want their data getting into the hands of B. B was American and didn't give a stuff about UK data protection laws.

      2. Allan George Dyer
        Big Brother

        @Alan Brown - "Shows how many people are stupid enough to put that information on a computer they don't own in the first place."

        We already knew that - haven't you heard of The Cloud?

  2. Mr Dogshit
    WTF?

    Eh?

    "it has his National Insurance number on it"

    So friggin' what? As if that's any more secret than his mother's maiden name. Was he concerned Harrods would get hold of his National Insurance number? Cos guess what, they already had it.

    And what kind of "IT worker" can't even figure out how to wipe a hard disk?

    Quite a lot of this story doesn't make sense.

    1. Mephistro

      Re: Eh?

      "And what kind of "IT worker" can't even figure out how to wipe a hard disk?"

      A salesperson?

      And regarding "it has his National Insurance number on it", in the same paragraph the article refers to "personal files". Such personal files could include scans of his passport/driving license, list of passwords used in several sites, bank account data, list of favourite porn sites, "naughty pictures" pictures of his wife, "naughty pictures" of his sister in law or any other thing you can think of that could cause him to have his identity stolen, suffer emotional stress, suffer a traumatic divorce or...

      In normal conditions, he could have talked to a friendly Harrods IT guy, asked him to erase or recover the files and fix the issue easily and legally. Unless, of course, the working environment was very "toxic", or the IT support was outsourced to some Third or Second World country where Privacy Protection laws are not all they should be. If any of this was the case, asking the Harrods IT bod would be like walking nude at 3 A.M. in a marginal neighbourhood with a big bullseye painted in the arse*.

      *:Can't end well! 8^)

      1. Anonymous Coward
        Anonymous Coward

        Re: Eh?

        Sorry to be a killjoy but I would place a decent wedge of cash that any use of a company laptop for storing pics of his wife, viewing porn etc. Etc would be against corporate IT policy.

        Nothing a short sharp shock to the hard disk if it had one wouldn't fix.

      2. Doctor Syntax Silver badge

        Re: Eh?

        "In normal conditions, he could have talked to a friendly Harrods IT guy"

        He'd been fired. That opportunity might not have been open to him short of threatening to take it up with the ICO.

      3. Anonymous Coward
        Anonymous Coward

        Re: Eh?

        "And what kind of "IT worker" can't even figure out how to wipe a hard disk?"

        And every company policy on issued phones, laptops or whatever say's

        "any information put on this device becomes subject to the DPA that this company follows"

        In other words, their property as it's on their property

        Simple for us IT people to understand, like a company issued car is not "your car"

    2. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble?
      Trollface

      Re: Eh?

      <quote>And what kind of "IT worker" can't even figure out how to wipe a hard disk?</quote>

      The kind which gets fired, clearly!

      1. Mephistro
        Coffee/keyboard

        Re: Eh?

        ROFLMAO

    3. macjules

      Re: Eh?

      That was my feeling as well. What kind of IT worker:

      1) Stores his personal data on a work laptop?

      2) Has to go to a third party in order to remove said data?

      3) Has 2 company laptops yet returns only 1, with the knowledge of what will entail from that?

      1. Anonymous Coward
        Anonymous Coward

        Re: Eh?

        That was my feeling as well. What kind of IT worker:

        1) Stores his personal data on a work laptop?

        I did at one point. Of course, it was just after our house fire so I didn't have a machine (or place to set it up). But I always had backups.

        These days I'm very thorough about keeping everything separate, even so far as to avoid personal web browsing and such (ephemeral activities that wouldn't require recovering/deleting files) on company kit. Just as I won't do any of their work on my own (sort of having documentation on my tablet for convenience sake).

    4. M. Poolman

      Re: Eh? "it has his National Insurance number on it"

      Erm, I think you'll find that HR and/or payroll very likely know your NI number already (how else does your NI get paid?).

    5. Mark York 3 Silver badge
      Paris Hilton

      Re: Eh?

      The thing I don't get is, as you can log onto any machine using cached credentials if you are not on the domain\connected to the network (& can recall the PW used last time) & this machine was at his home, therefore presumably OFF the corporate network why was he not able to log into it as a IT Tech Guy (or did he just believe his access to it was revoked & didn't bother trying).

      & why no copy of Hirens or DBAN to solve either of his two issues as a IT worker?

  3. Andy france Silver badge

    IT worker?

    I'm surprised that an "IT worker" took his laptop to a computer shop rather than just booting Linux from a USB drive and accessing the hard drive to remove his personal information.

    1. Anonymous Coward
      Anonymous Coward

      Re: IT worker?

      I'm surprised that an "IT worker" took his laptop to a computer shop rather than just booting Linux from a USB drive and accessing the hard drive to remove his personal information.

      That was *exactly* my first thought, but then I started wondering if Harrods actually did the right thing and used full disk encryption or a boot inhibitor. Given their customer base they should, but let's just say that I deem that less likely than user ineptitude.

      Depending on the age of the laptop it could even have been possible to take the HDD out and hook it up to another machine - all the fun stuff you can no longer do with machines that are glued together and use SSD chips rather than disks.

      However, the correct process is to let that data be extracted by the employer and have it signed off. That's just safer for all involved. As for his NI number, the employer already has that :).

      1. Chris King

        Re: IT worker?

        "However, the correct process is to let that data be extracted by the employer and have it signed off. That's just safer for all involved".

        Or even safer, not putting any personal stuff on a work-supplied device in the first place. If you don't control the device, you've no idea where your data could end up, assuming someone doesn't accidentally remote-wipe the kit with a fat-fingered typo.

        1. Hans 1
          Trollface

          Re: IT worker?

          If you don't control the device, you've no idea where your data could end up

          I assume that since the device was running Windows (it was hooked up to the domain), you do not control the device or where the data ends up?

        2. Anonymous Coward
          Anonymous Coward

          Re: IT worker?

          Or even safer, not putting any personal stuff on a work-supplied device in the first place.

          Sure, but depending on the kind of work you do, that machine may be the only link between home and where you work because few people I know will carry along two separate laptops for long. It's not that easy sometimes, which is why I always ensure that personal use is covered and protected in contracts and work instruction.

          The price you pay for that is that it may not be that private because the company controls the device.

        3. MrBanana

          Re: IT worker?

          It's not always possible to separate personal stuff from work. If you get asked to travel abroad by your company then you may have to submit all sorts of personal data regarding you and your family to get a travel visa. Many companies will force you to use a visa processing agency and at some point you will have all that information on your company hard drive. Some people won't care about it at all, some will know how to delete it so it cannot be recovered, some will decide that they need external help to delete it.

    2. Prst. V.Jeltz Silver badge

      Re: IT worker?

      "I'm surprised that an "IT worker" took his laptop to a computer shop rather than just booting Linux from a USB drive and accessing the hard drive to remove his personal information."

      I'm surprised you think that would work as all Laptop hard drives are encrypted now. Well, most . Those whose's I.T. depts are competant , which we dont know thats the case here.

      The best the shop could do was wipe it for him

    3. Marty McFly Silver badge
      Big Brother

      Re: IT worker?

      Totally explains why he was RIF'd - not too smart.

      Yeah, grab a Ghost image so you can go back later to retrieve any files. Then wipe the disk (not just FDISK). Hand it back completely sanitized.

      At the end of the day physical security is still king. As long as he had physical control of the system he could do what he wanted to it.

      As for an encrypted hard disk.... As long as he didn't put it on a network, the machine has no idea the access was revoked and should have let him in with his existing cached credentials.

  4. LewisRage

    I assume IT Worker here means...

    ...a project manager/business analyst/scrum master who understands fuck all about IT and yet makes the IT decisions.

    Clearly anyone who's used a computer for more than Excel and Project and actually works in IT would have just wiped the HD from a live CD if they were genuinely worried about the stored data, or swapped in a fresh SSD if they just wanted to steal the thing.

    1. Joe Werner Silver badge

      Re: I assume IT Worker here means...

      Boot from a CD? Right. Because work laptops totally allow this if the IT department is not made up by a bunch of imbeciles...

    2. Chris King
      Coat

      Re: I assume IT Worker here means...

      "...a project manager/business analyst/scrum master"

      Or as one colleague once said of another "So you said she's a Scrum Five or something ?"

    3. Anonymous Coward
      Anonymous Coward

      Re: I assume IT Worker here means...

      That's why in some environments you're no longer allowed to touch your PC before even knowing you were fired...

  5. Anonymous Coward
    Anonymous Coward

    What a pillock.

  6. Duffaboy
    FAIL

    Why

    Does anyone keep personal stuff on a work Laptop

    1. John 110

      Re: Why

      Because it doesn't matter how often you tell people that it's a work laptop, they still think it's theirs, just like my work desktop is "mine".

      Generally though, people think that they're going to have time to clear it down before they have to hand it back.

      They're not always right...

      1. Anonymous Coward
        Anonymous Coward

        Re: Why

        Generally though, people think that they're going to have time to clear it down before they have to hand it back.

        They're not always right...

        Years before full-disk encryption was a thing (or even HDD passwords) I had set up my work machine (DR-DOS & MSWin 3.11) with a boot password, so when I inevitably left that shithole, no one would be able to access the drive. Yeah, years later I found it was simple to circumvent, but none of the dimwits there would have been able to do it even if the information had been available.

  7. Wolfclaw

    The illegal part was trying to access the laptop, when obviously his network access was removed.

    Theft charge was a dodgy one, as they would have to prove he had no entention of returning the laptop at any time.

    He should have returned it to Harrods IT and just nicely ask if somebody could login and then delete his personal information, save it to a USB or email it.

    1. Aqua Marina

      I've found over the years that when someone is in the process of being fired, asking nicely gets completely ignored and laptops are examined with a fine tooth comb over for evidence of anything that will support the firing.

      I think all this will change with the introduction of the GDPR laws next year where privacy trumps everything. A user returning a laptop should also in writing inform the company that the laptop contains personal information, and that by denying him the access to remove the data, they have become the defacto guardian of said data and have a legal responsibility to treat it in complete confidence. Going further to that if my reading of the law is correct, he could further insist that they delete, and provide evidence of the deletion of such data. And they would have to comply.

      1. Anonymous Coward
        Anonymous Coward

        I think all this will change with the introduction of the GDPR laws next year where privacy trumps everything.

        I don't think that will make a difference. It has already been long established that an employee has no right on privacy on a company resource if (and only if) he has been notified of that at the time of joining and it's in the contract of employment. Companies who do NOT explicitly stipulate this up front must be very careful, because then the member of staff is indeed entitled to the privacy of their information, even though they use a corporate laptop.

        That battle was fought and decided a long time ago in a manner I actually find quite reasonable.

        1. Anonymous Coward
          Anonymous Coward

          I am afraid you are wrong. Post 25/5/18 the company will have to treat the data securely and the employee will be able to contact his employer and ask for ALL personally identifiable data (which include NI numbers) that they hold about him, hard and soft copy, and then ask for proof that all of this information be deleted shd he request this course of action. And they have 30 days to comply.

          1. graeme leggett Silver badge

            The company will not have to delete any information that they are required to keep by law.

            So records of the hypothetical employee's pay and national insurance including the NI number, employee roll number will all be retained for quite a while longer than 30 days

          2. barbara.hudson

            Prove it? How?

            Just how is anyone supposed to prove that they've deleted the data off of said laptop, short of mailing it back to him and letting him browse through it after fixing it so he can log onto it without accessing the company network?

            Or inviting him in to delete it himself (a sticky and potentially unpleasant situation for all involved when dealing with a fired employee)?

            Others have pointed out that the company already has his personal information, but that's irrelevant. The laptop will probably be re-assigned to someone who won't have the right to that information, and it's not like every company re-images every computer before handing it out to the next user.

          3. Cederic Silver badge

            they have 30 days to comply

            Nah. They'll point out that they're legally obliged to retain payroll records, which include his NI number, and that means that whether he likes it or not, under GDPR they have a legitimate business reason to hold that data and will not delete it.

  8. ukgnome

    The first thing that anyone with a work laptop should be told is - Any data on this device is ours.

    1. Chris King

      "The first thing that anyone with a work laptop should be told is - Any data on this device is ours"

      Or just say "No personal use whatsoever" from the get-go.

      Allowing personal usage without establishing any sort of boundaries can be a real nightmare in situations like this, or where an employee dies in service and there's personal stuff on the device.

      1. Anonymous Coward
        Anonymous Coward

        "No personal use whatsoever"

        It would be possible for someone to have their personal credit card details accessible on a company PC for booking hotels etc on company business. Most hotels that I have booked online recently want an authenticated credit card assurance up front as security - even if you actually pay at reception later.

        At my last company small purchases under about £100 were also expected to be handled by the employee and claimed back on expenses with a receipt. Purchase orders were reserved for expensive things as the overheads of raising them was seen as unnecessary expense and delay. Company credit cards were as rare as hens teeth.

        1. Doctor Syntax Silver badge

          "It would be possible for someone to have their personal credit card details accessible on a company PC for booking hotels etc on company business."

          That's one category of information I don't have to keep on a PC. It lives in my wallet.

          If, however, there's stuff that I think should be kept private it can go into something like Keepass. Even if the disk is encrypted on a company laptop having a separate encrypted file to which the company has no access would have solved the problem. It would also solve the problem of the company backing up the laptop onto their own servers.

          1. Aqua Marina

            It never ceases to amaze me just how many british commentards that post here have the belief that an employment contract can remove your statutory rights as a UK citizen. Seriously I'm sure you guys must be being walked all over by your employers, or you are school age, and watch a lot of american TV shows.

            Let's take it slowly so you understand it.

            A company has a policy that says "No personal use or data on company resources, or else *(except in an emergency)." This is perfectly legal, and if an employee breaks the policy they quite rightly and legally are able to be disciplined.

            What the company cannot say is "if you break this policy, you are entitled to no privacy and we can do what we want with your data". This would be illegal. The right to privacy is enshrined in law. Any personal information the company comes across, even when a written policy was established forbidding it, is still subject to the Data Protection Act, and next year will be subject to the even more stringent GDPR. A company must by law treat personal information with confidence regardless of policy. Law > Employment Contract.

            *already established by case law

            1. Anonymous Coward
              Anonymous Coward

              You don't live here do you?

              AC because this is a work laptop.

      2. Alan Brown Silver badge

        "where an employee dies in service and there's personal stuff on the device."

        Privacy laws don't apply to dead people, so that's actually a non-problem.

        1. Anonymous Coward
          Anonymous Coward

          Privacy laws don't apply to dead people, so that's actually a non-problem.

          Besides, getting haunted is interesting :p

  9. Mark M.

    Erasing content company laptops

    If you have personal data you want deleted from a company laptop and the laptop is a cheap-ass PoS with spinning rust for storage, just leave a big-ass electromagnet on it for a few hours before tossing it back.

    Any company doing IT support correctly would just re-image the laptop from the latest core build and removing any "customisation" the previous owner may have had which could include elevated privileges to internal systems stored in non-core application installs or support documentation.

  10. Spudley

    In any competent IT department, if a computer is returned for whatever reason (employee leaves, gets an upgrade, etc), the first thing the IT department should do is wipe the disk and re-install the OS.

    This is standard practice and protects the company as well as both the original holder of the equipment and the next person who gets it.

    I would definitely agree that you really shouldn't ever store personal data on a company computer, but it does happen. Wiping the system as standard should mitigate any danger from that, but I can understand the anxiety of this guy if he didn't know that would happen, or didn't trust the IT department.

    1. Anonymous Coward
      Anonymous Coward

      Spudley: "In any competent IT department, if a computer is returned for whatever reason (employee leaves, gets an upgrade, etc), the first thing the IT department should do is wipe the disk and re-install the OS."

      Nope. The first thing they should do is take an image of the disk. Then wipe and reinstall.

      The backed up image saved a lot of problems at one company when HMRC came sniffing after some suspicious financial activity. It turns out the former CFO and CEO had been misusing funds and the backups provided evidence of their culpability, meaning HMRC went after them personally rather than the company itself.

    2. Mark 85

      In any competent IT department, if a computer is returned for whatever reason (employee leaves, gets an upgrade, etc), the first thing the IT department should do is wipe the disk and re-install the OS.

      Policy where I worked was "all computers from terminated employees will be held for 30 day prior to re-imaging and re-issue.". This was "just in case" there were legal issues or personal data which we helped get back to the employee. Usually, most folks were smart enough to email any personal data to their home. We did have our share of "legal issues" so this 30 day hold was wise. Holding the whole computer also helped with "chain of evidence" as an image wasn't considered "original".

  11. webly

    Surely he could have just logged in without internet connection and deleted what he needed (or put it on a USB stick etc etc)

    He may have been removed from the domain at work but he was using the computer at home, I've never had a system which was rendered a complete brick by being offline

    1. Roland6 Silver badge

      > I've never had a system which was rendered a complete brick by being offline

      This was the bit that got me to.

      I suppose Harrods could be using advanced security and the laptop has a built in GSM security device, so as part of his departure, IT denies systems access which automatically sends an SMS to all devices on the system registered to him...

      1. Mark 85

        Seems strange here also... why brick a laptop that's off line? I thought that's why folks were issued laptops to work mobility and even when there was no connection.

    2. 2Nick3

      "I've never had a system which was rendered a complete brick by being offline"

      AD will let you see where a user is logged in, push a logout to that device, and revoke their ability to login. Add a VPN connection so the machine is on the network, and you just prevented the user from getting back into it (with their AD credentials, at least).

      Which means Herrod's has a procedure when an employee separates, and they follow it.

      1. Anonymous Coward
        Anonymous Coward

        Which means Herrod's has a procedure when an employee separates, and they follow it.

        At least *someone* doing it right. I'd almost given up on that.

      2. Roland6 Silver badge

        >AD will let you see where a user is logged in...

        After I posted I remembered one company where the laptop had to be periodically connected to the corporate domain (not sure if it was tied to password expiry or not). Obviously if this happened when working offsite, it meant connecting the laptop to a network (LAN or modem), establishing a VPN and allowing AD to do it's stuff. However, for this to happen you had to be in possession of your company issued security access pin generator... I think also I had to visit an office 1~2 times a year and connect the laptop to the wired LAN and reboot, so that various other AD controlled stuff got updated.

        I assume therefore that at some time someone in Harrods IT knew a thing or two about security to set this up and to implement HDD encryption (and BIOS password). Obviously, once such an offline system has decided a user password has expired and the user no longer has access to the corporate network and AD, it is effectively a brick - unless the user performs a motherboard jumper reset, HDD reformat etc.

        Otherwise, I suspect the guy simply got the password wrong too many times and Windows barred access. Requiring the laptop to be taken to IT who would use their AD/admin access permissions to re-enable the account...

        Either way, it would be interesting to know, just what security measures were in place to brick the laptop.

      3. Doctor Syntax Silver badge

        "Which means Herrod's has a procedure when an employee separates, and they follow it."

        Herrod? Think of the children.

  12. Anonymous Coward
    Anonymous Coward

    Obviously not IT competent, Computer Shop workers do not have secret apps/hardware to access laptops. If you cannot login normally the laptop needs to be bootable by usb/cd or HDD to be removable to access the data or to wipe it if encrypted. I may have asked the shopworkers what they would do to access a non removable, non usb/cd bootable laptop but would not leave it with them to tinker with.

  13. Anonymous Coward
    Anonymous Coward

    It's a shame this wasn't a civil case then he could have been asked are you being served?

    If anyone can beat that for being crap with an even more tenuous link then you win a pair a rubber gloves to do with as you please.

    1. Chris King
      Trollface

      This was Harrods, so not "Open All Hours".

      You can keep the gloves, I've got a box of latex ones handy for those "special" cases.

  14. Joe Montana

    IT worker

    So this guy supposedly worked in IT, and yet he wasn't aware of the various ways in which he could have accessed or erased the machine?

    Sounds like Harrods was right to make him redundant, he clearly wasn't competent at the job he was supposed to be doing.

  15. chivo243 Silver badge
    Facepalm

    This is one of those stories

    That proves the stupidity in our fellow man, dare I say fellow IT practitioner?

    I got this feeling there is a wee bit more to this story than has been told...

    1. Doctor Syntax Silver badge

      Re: This is one of those stories

      "I got this feeling there is a wee bit more to this story than has been told."

      It's a given of court cases that (a) there's more then you're being told and (b) you're being told more than there is, at least by one side.

  16. Dave 32
    Flame

    Erasing a laptop

    He could have erased the information from the machine with an axe. I'm told that Thermite also works quite well.

    Dave

    1. Anonymous Coward
      Anonymous Coward

      Re: Erasing a laptop

      "I'm afraid I can't let you do that, Dave"

      Sorry, it was stronger than myself :)

  17. adam payne

    Storing personal information on a company laptop is just asking for trouble. I don't store any personal information on my work laptop and never would.

  18. Anonymous Coward
    Anonymous Coward

    A lot of self righteous types in today

    I take it none of you have ever used Amazon, personal email, social media or any other personal information while at work?

    And if you never have, I would find you more suspicious than this guy, TBH...

    1. DropBear

      Re: A lot of self righteous types in today

      Now that you mention it - I prefer to avoid shopping from work, so no Amazon, yes. My personal mail I can access any time through my smartphone, but if I use the laptop, it's a webmail interface, and the browser is always set to permanently incognito browsing; I just need to close it. Social media I just flat out don't do. To be fair though, there IS some personal information on that laptop, considering Dropbox keeps a local copy on everything that ever tries to sync with it. Then again, all of it is encrypted with EncFS, which I manually start and enter the password into whenever needed - soooo... given the chance I'd prefer to wipe that cache and de-auth the sync client but ultimately I don't really care who looks at that gibberish, either from work or from the cloud.

    2. adam payne

      Re: A lot of self righteous types in today

      Going on Amazon / personal email is just history and cookies. It's a little different then putting scans of your ID on a laptop.

    3. katrinab Silver badge

      Re: A lot of self righteous types in today

      To access social media at work, I need to use Putty to tunnel to a proxy server at home, access a browser over Remote Desktop via a Remote Desktop Gateway at home, or use my phone.

  19. steviebuk Silver badge

    IT worker?

    People can't say "He shouldn't of had personal stuff on the laptop". Everyone does it eventually. You'll end up with some personal documents on there at some point. However, if he's an "IT worker" surely he should know that upon returning the device it would of been wiped, so claiming he was doing it because he wanted the data wiped seems a bit of an odd argument. However, it's possible he knew someone in the department would snoop. But the next question is, why did he take it to a computer shop? Was he not an IT engineer then? As if he knew what he was doing he'd have been able to get into it himself, then no one would of know and no court case would of happened.

    Seems odd, unless he was just a manager for IT but wasn't really IT savvy (I know some IT managers who know fuck all about IT).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon