NOV.-DEC. 2016 |
If you’re planning to travel out of the country for a conference, research, study abroad or any other Purdue business matter, one of your first priorities should be getting your laptop ready to take the trip. Here are five questions to consider:
- Should I carry my laptop the whole time?
Keep your laptop with you at all times or store it in a secure location when not in use. Do not leave your mobile devices unattended in public locations. Do not check them with luggage or leave them in a car, and think twice before leaving them in your hotel room.
- Can I store Purdue data on my laptop while I’m abroad?
It depends on the data classification, but the best advice is that anything considered sensitive or restricted should not be stored on your laptop. You could be violating export control or national security regulations, or Purdue’s own data handling policies, if certain data is on your laptop.
- What if I need to access Purdue’s network while traveling?
Use Purdue’s Virtual Private Network (VPN) service. A VPN provides users who are not on the internal network secure access to resources inside it. If you’re working on a project on your laptop abroad, you can securely access files at Purdue using the VPN, rather than storing them unsecurely on your hard drive.
- And what about email?
Purdue’s guidelines on electronic communications are as follows: If it’s public, there are no special requirements. If it’s sensitive, encryption is suggested. If it’s restricted, encryption is required. The best advice, however, is to never send restricted, or even sensitive, data via email.
- What’s the best and worst case scenario if my laptop is lost or stolen?
Worst case: Your laptop was stolen with sensitive or restricted data stored on it without encryption. The university would be at risk for monetary fines in the event of a breach. Best case: You encrypted your laptop with help from ITaP or your departmental IT support, so if it’s stolen, no one has access to the data on it.
Keep these data classifications used by Purdue in mind:
- Public data may or must be open to the general public. It is defined as information with no existing local, national or international legal restrictions on access. Example: Purdue’s course catalog.
- Sensitive data must be guarded due to proprietary, ethical or privacy considerations, even though there may not be a law specifically governing its protection. Examples: Date of birth, gender classification or Purdue ID.
- Restricted data must be protected because of policies, regulations or statutes. This level also covers information, generally of a personal nature, that someone has the right to restrict and has done so. Examples: Health information; student data such as social security numbers, grades, grade point average and transcripts; financial account information; government classified or export-controlled research data; or third-party confidential or proprietary information.
– Kirsten Gibson, ITaP technology writer, firstname.lastname@example.org