The URL can be used to link to this page

Home My WebLink AboutN-807 - Confidential Information on Mobile DevicesCITY OF PASCO ADMINISTRATIVE ORDERS Administrative Order No. 807 Information Services Subject: Confidential Information on Mobile Devices Initial Effective Date: January 27, 2014 Revised A roved I. PURPOSE: To establish guidelines for the creation, transmittal or storage of confidential information on city-owned Mobile Computing Devices. II. DEPARTMENTS AFFECTED: All III. DEFINITIONS: Mobile Computing Device: an electronic device, which is capable of storing electronic data, and can be operated offsite of city locations and networks. Encryption: the process of encoding electronic information in such a way that third parties cannot read it, but only authorized parties can. Information Holder: means a third party that to which city has provided Confidential Information. Confidential Information: means any of the following in the care, custody and control of the City or Information Holder for which the City or Information Holder is legally responsible: 1. Information from which an individual may be uniquely and reliably identified or contacted, including, without limitation, an individual's name, address, telephone number, social security number, account relationships, account numbers, account balances, account histories and passwords; 2. Information concerning an individual that would be considered "nonpublic personal information" within the meaning of Title V of the Gramm -Leach Bliley Act of 1999 (Public Law 106 -102, 113 Stat. 1338) (as amended) and its implementing regulations; Information concerning an individual that would be considered "protected health information" within Health hisurance Portability and Accountability Act of 1996 (as amended) and its implementing regulations; 4. Information used for authenticating customers for normal business transactions; 5. Any third party's trade secrets, data, designs, interpretations, forecasts, formulas, methods, practices, processes, records, reports or other item of information that is not available to the general public; 6. City network configuration (design, addressing, or architecture) or system, hardware, and software administrator usemames or passwords. IV. POLICY: All City -owned mobile computing devices containing confidential stored data must use an approved method of encryption to protect data. Approved methods will vary by device type and may include the following: 1. Portable Devices that are either used or travel offsite, but not remotely connected to city network resources must employ full disk encryption using operating system or device provided application. Current Solutions: Windows BitLocker Hard Drive Encryption for Microsoft Windows Devices, Apple Pin enable encryption for Tad devices, Android Pin enable file based encryption for Android devices. 2. Devices requiring remote network connectivity to city network resources must use a contracted third party software solution, which shall provide end to end encryption of data transfers via client server application or cloud based service. Current solutions: NetMotion for Windows based pc devices, Maas360 for tablet, smartphone, PDA devices using Apple, android, or Windows Mobile operating Systems 3. All keys used for encryption and decryption must meet complexity requirements described in the city's Password Protection Policy. 4. Loss or theft of any city owned mobile device must be immediately reported to Information Services, who will deactivate device and initiate a remote locate application if possible. Devices that are not found will be remotely erased of data if possible. 5. Personally -owned mobile computing devices will not store confidential data. Date j -211-K Administrative Order 807 - Confidential Information on Mobile Devices Page 2