Enron Mail |
My back office suggestion is that the master user id and password be held by
the back office. The master user has the ability to open and close sub-user (i.e. individual trader) user ids and passwords. So if a trader leaves, the back office master user can immediately turn off the user id for that trader. They can react much more quickly than we can and certainly faster than 5 days. I suppose the remaining risk there is that the back office person is the disgruntled employee. Leslie Hansen 07/20/2000 02:23 PM To: Mark Taylor/HOU/ECT@ECT cc: Subject: Re: Kennecott ETA I agree that it's their responsibility for dealing with rogues. However, Kennecott's position is that all they can do is notify us and rely on us to cut off access once they terminate an employee. They cannot ensure that the employee doesn't write the password on his or her palm to take it with them. Apparently, they have had some bad experiences with disgruntled traders. Thus, their proposal that their notice must be by certified mail and the proviso that we have 5 days to act on the notice. I have a question regarding the back office suggestion -- are you suggesting that no individual trader be given an id but rather you give the id to someone in the back office and the trader has to call that individual to actually submit a trade. If that's not what you intend, even if the back office or control group holds the password, if the trader knows the password to get into EOL, what's to stop him or her from continuing to access EOL after leaving the company. The back office can notify EOL that the password should be cancelled, but if we don't act on the notice, what is left for the CP to do. Who should be my EOL contact on this issue and other ETA issues? Leslie Mark Taylor 07/20/2000 01:55 PM To: Leslie Hansen/HOU/ECT@ECT cc: Subject: Re: Kennecott ETA You're right, we have not agreed to the final sentence with any of our other counterparties. I doubt that the EOL people will let us do it (though we can always ask). I have sometimes gotten counterparties comfortable with this issue by suggesting that the master user id and password should be held by someone in the back office, the control group or even the legal department so that when a trader leaves the master user can immediately shut them off. It seems to me that this puts the risk and responsibility for dealing with rogues where it belongs - why should we be at risk if one of their traders decides to damage the company? Having said that, I think that even without the last sentence requested we are probably in that position - if we have actually received the notice and request for termination of the password and don't do it, it would be very hard to defend if we kept doing trades and they can show they weren't authorized. Leslie Hansen 07/20/2000 12:25 PM To: Mark Taylor/HOU/ECT@ECT cc: Subject: Kennecott ETA Mark: As I mentioned in my voice mail, Kennecott Coal Sales has requested the following modification to the ETA: Section 6(a) shall be revised to provide that Enron shall use reasonable efforts to cancel CP's master user password and/or user IDs upon receipt of notice from CP. Notwithstanding anything in Section 6(e) to the contrary, all such notices must be sent by certified mail to Enron at the following address: [TO COME], or such other address as may be specified by Enron from time to time. The notice shall be deemed effective five (5) days after its receipt by Enron. After the effective date of the notice, the Counterparty shall have no liability to Enron for any Transaction initiated with the use of the master user password and/or user ID identified in the notice. Please advise. Leslie
|