Sidebar
Table of Contents
Governing Policy
Questions?
Please use the contact section in the governing policy.
The University defines Personal Information Technology (IT) Resources as any personally-owned IT Resources that were not purchased using any University funding. See Administrative Policy: Acceptable Use of Information Technology Resources for the full definition of IT Resources.
University employees should understand that any records they create related to University business - including text messages, voicemail messages, emails, photos, and other electronic communications - are University records. These records therefore (1) should be managed according to University records retention policies, and (2) may be subject to disclosure under the Minnesota Government Data Practices Act if someone requests them.
The following general rules are intended to help manage University Records within Personal IT Resources:
- Keep University Records that require retention on University IT Resources whenever possible.
- Delete University records in accordance with the appropriate retention schedule(s). Business records not requiring retention should be deleted at the earliest opportunity.
- See Administrative Policy: Managing University Records and Information
These rules apply to all IT Resources used to transmit and store University-related information, regardless of who owns, purchased, or manages the asset.
See Administrative Policy: Information Security for additional information security requirements.
Protect Your Resources
Secure personal IT resources to prevent unauthorized access. Don't allow anybody to obtain your device and access Private University data. See Administrative Policy: Data Security Classification
- Properly secure your devices when you are not present.
- Enable auto lock (screen lock) on your device.
- Use a strong password/passphrase/PIN, biometric authentication, or a combination of these on your devices and user accounts.
- Where possible, make use of multifactor authentication (MFA). For more information: see Choosing Strong Passwords & Keep Them Safe.
- Apply system updates in a timely manner and enable automatic updates whenever possible. For more information: see Update Your Device Regularly.
- If you want to use your personal mobile device (including smartphones and tablets) to access the University systems and you are part of the University Health Care Components, see the related Appendix to Administrative Policy: Acceptable Use of Information Technology Resources - Use of Personal Mobile Devices for University Health Care Components.
Protect Your Data
Take steps to protect University and private data on Personal IT Resources.
- Use data encryption to prevent unauthorized access to University information stored within personal IT resources.
- If your device has other programs on it, such as Microsoft Office products, and you are using these programs for business-related purposes, save those records in a University approved storage solution. See the IT@UMN Storage Selection Tool. Make sure they don't exist only within your Personal IT Resources.
- Delete University data from your Personal IT Resources as soon as possible.
- Do not use personal or University-provided devices to take, transmit, download, upload, print or copy photos or videos of University employees or students without their permission, unless otherwise permissible. For more information, see University Relations Filming and Photography on Campus.
For more information on the Minnesota Government Data Practices Act (DPA) and public records, see the Public Records: Guidelines for Electronic Communications appendix.
For more information on general security best practices: see Information Technology Secure U.