Protecting university data when using a mobile device
by Michelle Saport |
As mobile devices such as laptops, tablets and smart phones become more commonly used, it is important to understand your responsibility when using a mobile device to conduct University of Alaska business.
University employees and students using a laptop computer or mobile device (e.g., portable hard drives, USB flash drives, smartphones, tablets, etc.) are responsible for the university data stored, processed or transmitted via that computer or mobile device. That means you must employ proper safeguards and report to the university any loss or exposure of that data to unauthorized individuals.
In some instances, the university has a duty to report loss of information to affected individuals whose data was exposed, to state or federal authorities, to our insurance company and/or (in some cases) to law enforcement.
Therefore, in the event any university-owned or managed laptop computer or mobile device is lost or stolen, you should:
- Immediately report the theft or loss to the UAA Call Center and to the University Police Department or local law enforcement.
- Contact the Risk Management Office to file the appropriate report or claim.
In the event any computer equipment or mobile device containing non-public university information is lost or stolen-even if that equipment is not university-owned-or if passwords are stolen or disclosed (or are even suspected of being lost, stolen or disclosed), all users have a duty to notify the chief information security officer within the Statewide Office of Information Technology immediately.
University personnel and students carrying university-issued laptops or mobile devices while traveling abroad, whether on business or for pleasure, must comply with data protection measures in Board of Regents' regulation 02.07.066, with U.S. trade control laws, with University Regulation 10.07.035 - Export Control Licensing, and with the laws of the destination country.
These reporting requirements are not meant to be punitive, but minimize the risk to university personal, academic and financial data as well as intellectual property.
More information can be found in Board of Regents' Policy and Regulation 02.07.066 found at alaska.edu/bor.