@Jack: Just to clear out misunderstandings before I do something silly (again) because I have a misconception about the infrastructure:
Is she using an agent who removes and creates the file encryption of the phone log and calendar everytime she uses it, or how exactly does it work? The file cannot be changed (or read) by any means as long as it's protected. Since she'll use the calendar and log function, I assume that she will be used to regular alarms, but I don't want to count on that as long as I'm not sure we understood the line "A protected file cannot be read, changed, deleted, or copied until the protection is broken" the same way. Until now, I comprehended it that way that there is no exception: If there would be something like an authentication, I could access the file via having a mark on it. File protection, as I understood it, is for files that are kept safe, and not in regular use. If someone accesses it, the owner will get a notification.
Please correct me if I'm wrong. Your understanding of rules is usually better than mine.