I'm an Exchange Admin also responsible for the companies IT security. Our company is just getting the idea of writing policies (thanks to audits... I pretend to hate them, but secretly love 'em
). Blackberrys are going out and our policy is currently is to force an eight character password with no complexity and a 30 minute timeout. I've love to have that timeout at 15 minutes, but 30 is what they're settled on for the moment. However, with phone calls unhooked from timeouts I think I can win that one, at least it's setup to lock in holster. Attempts are ten, but I will get that down to five if I can.
I'd like complexity, but the nature of the keyboard makes this tricky and being a mobile device which will likely be locked and unlocked a lot, it's hard to pull off. Really the idea is just to have a password long enough that it resists breaking long enough that the device wipes itself due to the dead man's switch. Content restoration is so easy that I can live with accidental wipes since it call all be done OTA. However, without the ability to stop the use of dictionary words we'll probably be forced to at least introduce numerals at some point.
We don't use content protection yet, but if testing shows that unhooking the address book from this allows for voice activation WHILE locked, then it'll be a go, otherwise there's no way I can make that happen with a bluetooth armed mobile sales force. We'd probably use one of the higher levels of encryption since I didn't find it had a particularly negative hit on performance, just the odd lag when unlocking.