Specifications

Item Description
IT policy IT policy that is associated with your organization
Device transport key References to the device transport key, which prevents the tablet from
communicating with the BlackBerry Device Service
Work data Work data that is associated with work apps on the tablet
Wi-Fi and VPN profiles Wi-Fi and VPN profiles that the user configures on the tablet
You can also use the BlackBerry Device Service service to send the "Delete all device data and remove device" IT
administration command to the tablet to delete all data from the entire tablet. For more information about sending the
"Delete all data and remove device" IT administration command to devices, see the BlackBerry Device Service Advanced
Administration Guide.
Deleting all data from the work space on a BlackBerry PlayBook tablet
When you or a user deletes all data from the work space on a BlackBerry PlayBook tablet, the BlackBerry PlayBook OS
instructs the file system to delete all directories and files in the work file system.
Any files that persist in the work file system remain encrypted. The decryption key is not accessible to the file system.
How a BlackBerry PlayBook tablet protects
personal data
The BlackBerry PlayBook tablet allows the encryption of personal data on the tablet.
You can use the "Personal Space Data Encryption" IT policy rule to turn on encryption for the personal space of a tablet. If
this rule is set to Yes, the personal space of the tablet is encrypted. If this rule is set to No, users can choose to encrypt the
personal space using the Encryption option in the Security settings on the tablet.
If encryption is turned on for the personal space of the tablet, the tablet encrypts data that is stored in the personal file
system using XTS-AES-256 encryption. Each file in the personal file system is encrypted with a randomly generated key.
The keys are then encrypted by a series of encryption keys that chain to a key that is embedded in the processor when the
processor is manufactured.
If you set the "Personal Space Data Encryption" IT policy rule to Yes, you should also set the "Apply Work Space Password
to Full Device" IT policy rule to Yes so that the password applies to the entire tablet. If you set the "Personal Space Data
Encryption" IT policy rule to No and the user chooses to encrypt personal data, the tablet prompts the user to enter a new
password if the tablet does not already have a password.
Related information
Device passwords, 92
How BlackBerry PlayBook tablets protect work data, 64
Security Technical
Overview
Using BlackBerry Balance to secure BlackBerry PlayBook tablets in your organization’s environment
for work use
67