These mobile device and remote storage policies apply to any external or portable media (e.g. external hard drives, laptop computers, thumb/flash drives, smartphones, tablets, etc.) on which university data is stored or transported. They also apply to any cloud or hosted service (e.g. Google Apps for Education, PeopleAdmin) in which university data is used or stored.
3.7.1 Mobile Devices
All mobile devices, whether university- or personally-owned, must be used in compliance with PLU policies for appropriate use of computing, including the individual responsibility, network registry, and up-to-date software requirements of section 3.3.3, above.
Mobile devices may not be used to store or transport restricted data unless both
- encrypted, adhering to an encryption standard or using encryption software approved by I&TS; and
- authorized by a vice president or provost.
Mobile devices may not be used to access internal or restricted data unless the user is authenticated at the time of each access. Authentication information, such as username and password, may not be stored on a mobile device or in a web browser for automatic access to systems or services containing restricted information unless encrypted behind reliable password protection.
Lost or stolen devices containing restricted data must be reported immediately in accordance with 3.8, below.
3.7.2 Remote Storage of Restricted Data
Restricted data may not be used or stored in a hosted (cloud) environment unless both
- by contractual arrangement reviewed and endorsed by the I&TS Directors and the office of the Division of Administrative Services, and
- signed by the Senior Vice President and Chief Administrative Officer for Administrative Services.