I. T. Services strongly recommends that individuals who purchase and
use USB flash drives use devices with embedded encryption. While at the present time this is a
recommendation, a future version of this directive may make this a requirement, potentially
enforceable on Windows-based computers via a group policy.
Rationale
The rationale for this strong recommendation is two-fold.
First, much information in a collegiate environment is protected by Federal law, such as FERPA,
and contains personally identifiable information. Per West Virginia state law (§46A-2A-101 et seq.),
the theft, loss, or accidental exposure of this information constitutes a data breach and we are
required to notify the potential victims of the data breach. This does not apply to data which have
been encrypted.
Second, the portable nature of the devices means that the probability of having them be lost or stolen
is much higher than for laptop or desktop computers. Therefore, requiring more stringent encryption and
security requirements for thumb drives is prudent.
|
