Your Responsibilities for Protecting Sensitive Data When Using Your Own Devices
If you work with sensitive college data from your own devices, you are expected to protect that data by meeting these responsibilities:
By Department
- Check with your department to verify that it allows you to use personal devices with sensitive data.
- You may not access or maintain sensitive business data using your own devices until or unless your department specifies that this is allowed.
- Comply with any additional department/unit restrictions.
General
- Comply with policies and regulations.
- Follow the college's responsible use, data security and data management policies, standards, and guidelines. Also, all legal and regulatory compliance requirements continue to apply.
In particular, Security of Personally Owned Devices that access or maintain sensitive business data requires you to appropriately manage and secure your own devices, such as smartphones and tablets, if you use them to access or maintain sensitive college information.
Data Management
- Access data only when needed.
Access or maintain sensitive college data using your personal devices only when necessary for the performance of company-related duties and activities.
- Separate personal and institutional data if possible.
You are strongly encouraged to create separate environments for college data and personal data on your personally owned devices.
- Delete or return data securely when no longer needed.
You must securely return or delete sensitive college data maintained on your own device when you are no longer an authorized user of that data.
Security Incidents & Investigations
- Report security incidents involving your devices.
Immediately report suspected or actual compromises of sensitive college data. This includes incidents that involve loss or theft of your device(s) used to store or maintain sensitive college data.
- Allow appropriate inspection of your devices.
You may be required, upon request, to make your personal device available for inspection by the college as part of an incident investigation conducted in accordance with Privacy and the Need to Monitor and Access Records.