Fort Hays State University > About FHSU > Academic Divisions > Office of the Provost > Faculty and Unclassified Handbook > Ch 1 Mobile Computing
Office of the Provost
The University’s information is a highly important asset. The purpose of this Mobile Computing Security Policy is to protect this asset. Each employee has a responsibility to do his or her part in protecting private University information. The portability of Mobile Computing increases the possibility of compromising the integrity of our information. This policy addresses responsibilities in safeguarding this information and other issues targeted to mobile computing.
II. Individual Responsibilities
When we power up our PCs, tablets, and laptops whether from home or from our desk to access the student system, IFAS, Lotus Notes, Blackboard, or other university resources, we open up a window to university information. Accessing this information brings with it the responsibility of keeping that information secure. We all should minimize the chance that others will misuse our connection to this information.
Keep in mind that some of this information may reside on our tablets and laptops when we take them home, on USB flash drives, on CDs, on SmartPhones, on iPods, on office file servers, or on other servers.
III. Protect Personal Information
There are a variety of laws that prohibit disclosing personally identifiable, non-public academic, financial or health information without permission. The Family Educational Rights and Privacy Act (FERPA) specifically targets practices of educational institutions. The Health Insurance Portability and Accountability Act (HIPAA) protects personal health-related information. These and other regulations govern the use of personal identifiers, especially the use of Social Security Numbers. The improper use of Social Security Numbers exposes individuals to identify theft, financial loss, and improper use of personal information. The Social Security Administration considers the SSN to be confidential.
The University is required to collect Social Security numbers for a number of federal purposes, and the University is allowed to use Social Security numbers for other core departmental activities which cannot be immediately facilitated by other means. However, using a spreadsheet, web site, other postings with grades, financial or medical information linked to social security numbers would violate the above laws. Personal, non-public information should not be stored on mobile devices. Whenever possible, centrally administered systems should be used to process personal non-public information. The Department of Education has ruled that using the last four digits of SSN for grade postings violates FERPA.
If you do have sensitive, non-public information (such as SSNs, grades, health information) on your portable storage media, it must be encrypted. If you transmit sensitive, non-public information over the airways or the network, it must be encrypted. Use the FHSU VPN when connecting while on the road or from home when transmitting sensitive information.
IV. Levels of Security
Accessing administrative systems from on or off campus opens university information to certain risks of exposure. Various software applications and types of connection provide access at varying levels of security. The following methods of connection and use of applications illustrate these levels.
V. Reporting Requirements
Should you have reason to believe that any personal information in your possession relating to any person has been, or may be intentionally or unintentionally disclosed to anyone without legitimate justification or the consent of the person to whom such information relates, you should report this circumstance as soon as possible to your immediate supervisor.
Adopted by President’s Cabinet 04-04-07
Back to Chapter 1