Safeguard mobile devices and university data
May 2, 2017
From the Office of Information Technology
As mobile devices such as laptops, tablets and smart phones become more commonly used,
it is important to understand your responsibility when using a mobile device to conduct
University of Alaska business.
University employees and students using a laptop computer or mobile device (e.g.,
portable hard drives, USB flash drives, smartphones, tablets) are responsible for
the university data stored, processed or transmitted via that computer or mobile device.
That means you must employ proper safeguards and report to the university any loss
or exposure of that data to unauthorized individuals.
In some instances, the university has a duty to report loss of information to affected
individuals whose data was exposed, to state or federal authorities, to our insurance
company and/or in some cases to law enforcement.
Therefore, in the event any university-owned or -managed laptop computer or mobile
device is lost or stolen, you should:
1. Immediately report the theft or loss to the UAF Police Department.
2. Contact the OIT Service Desk to report the incident and provide details to the chief information security officer
to facilitate a risk assessment.
3. Contact the UAF Environmental, Health, Safety and Risk Management Office to file the appropriate report or claim.
In the event any computer equipment or mobile device containing university nonpublic
information is lost or stolen — even if that equipment is not university-owned — or
if passwords are stolen or disclosed, or are even suspected of being lost, stolen
or disclosed, all users have a duty to notify the chief information security officer
within the statewide Office of Information Technology immediately.
University personnel and students carrying university-issued laptops or mobile devices
while traveling abroad, whether on business or for pleasure, must comply with data
protection measures in Board of Regents’ regulation 02.07.066, with U.S. trade control
laws, with University Regulation 10.07.035 – Export Control Licensing, and with the
laws of the destination country.
These reporting requirements are meant not to be punitive but to minimize the risk
to university personal, academic and financial data and intellectual property.
More information can be found in Board of Regents’ Policy and Regulation 02.07.066
found at www.alaska.edu/bor.
Thank you.