We have several officers that are using Blackberries and iPhones for bank business. These are provided by the bank. I am aware that these employees receive emails on these devices and I am concerned about protecting customer information. I would like to have a discussion about this with management. Can someone educate me about the security of these devices and what we should implement as a policy to protect customer information?

Enable the lock control/password feature if it hasn't already been done.

At some point someone in IT in conjunction with someone in compliance should have done a risk assessment on these devices before implementing them. I can't tell from your posting if you are the person in compliance, or an auditor, or simply a concerned bank employee. But start first with whatever risk assessment was performed to find out what controls are already in place.

Software companies have created some programs that will automatically encrypt emails/messages that contain this information and protect you and your bank...with this feature it becomes more safe to send this type of information back and forth and is a bit more pragmatic than a total ban on the use of these systems for business.

Your concern is well placed...the solution needs to allow business to move forward while protecting your bank and clients.