Purpose

The use of mobile computing devices and mobile storage devices to store University information must be in compliance with this policy and other applicable University and Penn State Wilkes-Barre policies, including but not limited to:

  • AD19 – Use of Penn State Identification Number and Social Security Number
  • AD20 – Computer and Network Security
  • AD23 – Use of Institutional Data
  • AD53 – Privacy Statement
  • ADG02 – Computer Facility Security Guideline

Scope

This policy applies to all Penn State Wilkes-Barre full-time and part-time faculty and staff. This policy applies to all mobile devices used to store, process, transport, or transmit Penn State data used by Penn State Wilkes-Barre's full-time and part-time faculty, staff, and or students.

Definitions

Mobile Device – A mobile device (also known as a handheld device, handheld computer or simply handheld) is a small, hand-held computing device, typically having a display screen with touch input and/or a miniature keyboard.

ADG01 – Glossary of Computerized Data and System Terminology

Policy

Reasonable efforts, in accordance with University policies and procedures, should be made to protect the integrity of University information and information systems when using mobile devices of any kind. Management and use of systems must be in compliance with all University and Penn State Wilkes-Barre's policies, including but not limited to:

  • AD19 – Use of Penn State Identification Number and Social Security Number
  • AD20 – Computer and Network Security
  • AD23 – Use of Institutional Data
  • AD53 – Privacy Statement
  • ADG02 – Computer Facility Security Guideline and established industry ‘best practices’ identified by the University Security Operations and Services Senior Director

Guidelines

  1. All mobile devices used to store or transport Non-Public Penn State data must be appropriately secured to prevent sensitive or confidential data from being lost or compromised.
  2. Whenever possible, all mobile devices must be password or biometrically protected.
  3. Whenever possible, in accordance University password policies, complex passwords resistant to human and computer-assisted discovery and compromise should be created and used.
  4. Sensitive or confidential documents should be encrypted whenever possible.
  5. Penn State data must be removed from the mobile device before it is reassigned, returned, exchanged, or disposed.
  6. Whenever possible all mobile devices should enable screen locking and screen timeout functions.
  7. Individuals aware of any breach of information or network security, loss of mobile device, or compromise of mobile devices or University non-public information, must report such situations to a member of the Penn State Wilkes-Barre ITS office as soon as possible.