Your Responsibilities for Protecting Sensitive Data When Using Your Own Devices


If you work with sensitive company data from your own devices, you are expected to protect that data by meeting these responsibilities:

By Department

  • Check with your department to verify that it allows you to use personal devices with sensitive data.
  • You may not access or maintain sensitive business data using your own devices until or unless your department specifies that this is allowed.
  • Comply with any additional department/unit restrictions.

 

General

  • Comply with policies and regulations.
  • Follow your company's responsible use, data security and data management policies, standards, and guidelines. Also, all legal and regulatory compliance requirements continue to apply.


In particular, Security of Personally Owned Devices that access or maintain sensitive business data requires you to appropriately manage and secure your own devices, such as smartphones and tablets, if you use them to access or maintain sensitive company information.

Data Management

  • Access data only when needed.

Access or maintain sensitive company data using your personal devices only when necessary for the performance of company-related duties and activities.

  • Separate personal and institutional data if possible.

You are strongly encouraged to create separate environments for business data and personal data on your personally owned devices.

  • Delete or return data securely when no longer needed.

You must securely return or delete sensitive company data maintained on your own device when you are no longer an authorized user of that data.

 

Security Incidents & Investigations

  • Report security incidents involving your devices.

Immediately report suspected or actual compromises of sensitive company data. This includes incidents that involve loss or theft of your device(s) used to store or maintain sensitive company data.

  • Allow appropriate inspection of your devices.

You may be required, upon request, to make your personal device available for inspection by your business as part of an incident investigation conducted in accordance with Privacy and the Need to Monitor and Access Records.



RUN BUSINESS SOLUTIONS
PO BOX 51207 
Amarillo, Texas 
79159-1207

Great care has been taken in producing this compilation of resources. Citations are given as possible, but please know that this piece of work is from a collection of extraordinary minds.