Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Cell phone stipends and impact on securing confidential data

From: "David, Elaine" <elaine.david () UCONN EDU>
Date: Thu, 14 Feb 2008 15:44:25 -0500
At the University of Connecticut we are considering moving away from
issuing University-owned cell phones/Smart phones/PDAs/ etc. and instead
providing a stipend toward University usage of personal devices.

For those institutions that have already made this change, I am
wondering whether you find this to be in any way in conflict with
security policies that you might have concerning access or storage of
institutional confidential information on personally-owned devices.  I
know that several institutions have, as part of their policies,
requirements that only institutionally-owned devices may be used to
access or store institutional data, or that certain security measures
(e.g. use of passwords, encryption, etc.) be required of any device that
accesses or stores institutional data (including personal devices). 

If you do have policies that cover personally-owned devices (including
phones), do you have mechanisms in place to audit for compliance with
those policies? Have you addressed what happens to the data that might
be stored on these devices once the individual no longer is employed at
the institution?

I am interested in any comments that any of you might provide on this
subject. 

Thank you.

Elaine David
Assistant Vice President for Information Services
Director of Information Technology Security, Policy & Quality Assurance
University of Connecticut
Storrs, Connecticut 06269-3138 
Phone: (860) 486-1362
Fax: (860) 486-5744
Email: Elaine.David () uconn edu

 

CONFIDENTIALITY NOTICE: If you have received this e-mail in error,
please immediately notify the sender by e-mail at the address shown and
delete all copies of this message. This e-mail transmission may contain
information that is proprietary, privileged, confidential, or otherwise
legally exempt from disclosure. If you are not the named addressee,
please be aware that you are not authorized to open, read, print,
retain, copy, or disseminate this message or any part of it. Thank you
for your compliance.
Previous By Date Next
Previous By Thread Next

Current thread: