This FAQ is regarding the UF Mobile Computing and Storage Devices Policy and Standard.
Why do I have to comply? What does this mean to me?
The standard says that any mobile device that accesses, stores, processes or transmits UF Data, regardless of ownership, must be encrypted.
Who is responsible for complying with this? What happens if I don’t comply with this policy?
The mobile device custodian is responsible for complying with this policy. CLAS IT, and local department IT units, will facilitate encrypting UF owned mobile devices. It is the responsibility of the owner to encrypt personally owned devices that have UF data on them.
Please be aware of the UF Regulation, “Policies on Information Technology and Information Security,” which states:
“Failure to follow University’s IT and Information Security Policies may result in penalties and disciplinary action, including but not limited to termination of employment or student expulsion, revocation of user access or other legal sanctions..”
If I take an encrypted computer to an export controlled country, am I in violation of federal law?
There may be some concerns regarding travel to certain foreign countries with an encrypted mobile device. Prior to departure you should review Information on initiating international travel and follow the guidance there.
What about smartphones and tablets?
Smartphones and tablets are not exempted from this policy, and must also be encrypted
What prep work will I need to do before I encrypt my device?
Please make sure to do a complete backup of your device prior to encrypting it. If you are having your device encrypted by a third party service provider, please be sure to make the backup prior to bringing the device to them.
What is the purpose of the Mobile Computing and Storage Devices Policy?
The purpose is to protect the University of Florida in the event of theft/lost mobile devices.
Does this policy include my computer at home?
No. There currently is no requirement to encrypt desktop computers.
What about portable storage devices, such as external hard drives?
Portable devices, such as external hard drives and USB memory sticks, must be encrypted per the standard. There is an allowable exception in the event that encrypting the portable device would interfere with the function, and that there is no restricted data on the device. Please see the standard, under “1 Encryption of Data” item #D.
As of October 2014, we strongly recommend the Kingston Technologies 16gb DataTraveler Locker+G3 USB Thumb Drive, which can be purchased from Amazon for less than $20.
What is restricted data? What is sensitive data?
Restricted data is data that is protected by contract or law, examples include FERPA data (student records), social security numbers, and credit card numbers. Sensitive data are items that can be disclosed under a Sunshine Law (FOIA) request, but are typically not normally published for public consumption – for example, network topology maps and the president’s meeting schedule.
Who should I contact if I have questions concerning the Mobile Computing and Storage Devices Policy?
UF Office of Information Security and Compliance (security@ufl.edu)
UF Office of the General Counsel (www.generalcounsel.ufl.edu)
The UF Computing Help Desk (helpdesk@ufl.edu, 352-392-HELP).
UF Human Resources (hr.ufl.edu, 352-392-2477).
Last Revised: November 26, 2024.