Originally Posted by Milkman
I would suggest that if you haven't already, you provide the security exposures (as listed above) to your director. Make sure that he/she actually knows what can happen if a Blackberry is stolen, and at that point let him/her make the call.
Just another note, GET IT IN WRITING from the Director (or whomever the manager making the decision). This will CYOA/CYOB if you have evidence of the decision, in the event that data is lost/stolen and somehow hurts your bottom dollar. This is the purpose of our initial mandatory password requirement; the users are made aware of the risks, and if they choose to remove the password for convenience purposes, then it's on them.