News archives 2010-2021

Safeguard mobile devices and university data

May 2, 2017

University Relations

 

From the Office of Information Technology

As mobile devices such as laptops, tablets and smart phones become more commonly used, it is important to understand your responsibility when using a mobile device to conduct University of Alaska business.

University employees and students using a laptop computer or mobile device  (e.g., portable hard drives, USB flash drives, smartphones, tablets) are responsible for the university data stored, processed or transmitted via that computer or mobile device.  That means you must employ proper safeguards and report to the university any loss or exposure of that data to unauthorized individuals.

In some instances, the university has a duty to report loss of information to affected individuals whose data was exposed, to state or federal authorities, to our insurance company and/or in some cases to law enforcement.

Therefore, in the event any university-owned or -managed laptop computer or mobile device is lost or stolen, you should:

1.         Immediately report the theft or loss to the UAF Police Department.

2.         Contact the OIT Service Desk to report the incident and provide details to the chief information security officer to facilitate a risk assessment.

3.         Contact the UAF Environmental, Health, Safety and Risk Management Office to file the appropriate report or claim.

In the event any computer equipment or mobile device containing university nonpublic information is lost or stolen — even if that equipment is not university-owned — or if passwords are stolen or disclosed, or are even suspected of being lost, stolen or disclosed, all users have a duty to notify the chief information security officer within the statewide Office of Information Technology immediately.

University personnel and students carrying university-issued laptops or mobile devices while traveling abroad, whether on business or for pleasure, must comply with data protection measures in Board of Regents’ regulation 02.07.066, with U.S. trade control laws, with University Regulation 10.07.035 – Export Control Licensing, and with the laws of the destination country.

These reporting requirements are meant not to be punitive but to minimize the risk to university personal, academic and financial data and intellectual property.

More information can be found in Board of Regents’ Policy and Regulation 02.07.066 found at www.alaska.edu/bor.

Thank you.