I. T. Services strongly recommends individuals who purchase and use USB flash drives to use devices with embedded encryption. While at the present time this is a recommendation, a future version of this directive may make this a requirement, potentially enforceable on Windows-based computers via a group policy.
This strong recommendation is two-fold.
First, much information in a collegiate environment is protected by Federal law, such as FERPA, and contains personally identifiable information. Per West Virginia state law (§46A-2A-101 et seq.), the theft, loss, or accidental exposure of this information constitutes a data breach and we are required to notify the potential victims of the data breach. This does not apply to data which have been encrypted.
Second, the portable nature of the devices means that the probability of having them be lost or stolen is much higher than for laptop or desktop computers. Therefore, requiring more stringent encryption and security requirements for thumb drives is prudent.