Re: Cell phone stipends and impact on securing confidential data

[Theresa Rowe <rowe () OAKLAND EDU>]

I have to say that this is an area that keeps me awake at night.  Our data
are going everywhere on all sorts of devices - laptops, thumb drives,
etc. People casually working from home and storing their work on their home
computers. And where it isn't casual data departure, everyone with access to
data now thinks they can contract with vendors to send data someplace (like
the coach that signed on with some sort of donation web service sending
player names ... and the story that I shouldn't put in email).

We simply cannot control a data perimeter any more at our institution; that
barn door opened a long time ago.  And yes, we do have a stipend for cell
phones.

Theresa




On 2/14/08, David, Elaine <elaine.david () uconn edu> wrote:
> At the University of Connecticut we are considering moving away from
> issuing University-owned cell phones/Smart phones/PDAs/ etc. and instead
> providing a stipend toward University usage of personal devices.
>
> For those institutions that have already made this change, I am
> wondering whether you find this to be in any way in conflict with
> security policies that you might have concerning access or storage of
> institutional confidential information on personally-owned devices.  I
> know that several institutions have, as part of their policies,
> requirements that only institutionally-owned devices may be used to
> access or store institutional data, or that certain security measures
> (e.g. use of passwords, encryption, etc.) be required of any device that
> accesses or stores institutional data (including personal devices).
>
> If you do have policies that cover personally-owned devices (including
> phones), do you have mechanisms in place to audit for compliance with
> those policies? Have you addressed what happens to the data that might
> be stored on these devices once the individual no longer is employed at
> the institution?
>
> I am interested in any comments that any of you might provide on this
> subject.
>
> Thank you.
>
> Elaine David
> Assistant Vice President for Information Services
> Director of Information Technology Security, Policy & Quality Assurance
> University of Connecticut
> Storrs, Connecticut 06269-3138
> Phone: (860) 486-1362
> Fax: (860) 486-5744
> Email: Elaine.David () uconn edu
>
>
>
> CONFIDENTIALITY NOTICE: If you have received this e-mail in error,
> please immediately notify the sender by e-mail at the address shown and
> delete all copies of this message. This e-mail transmission may contain
> information that is proprietary, privileged, confidential, or otherwise
> legally exempt from disclosure. If you are not the named addressee,
> please be aware that you are not authorized to open, read, print,
> retain, copy, or disseminate this message or any part of it. Thank you
> for your compliance.


--
Theresa Rowe
Chief Information Officer
rowe () oakland edu
Oakland University