CBP Officers pay tribute to fellow fallen officers during a Law Enforcement memorial service in Washington D.C.

Sensitive data must be wiped from devices prior to overseas travel

The word "security" and a pointing finger icon appear on a computer screen.

Miami University employees who plan to travel outside the U.S. should carefully consider data security issues. Employees must not transport sensitive university data out of the country. Such information includes, but is not limited to, data subject to HIPAA, FERPA, Export Administration Regulations, International Traffic in Arms Regulations, or other state or federal statutes, as well as any information received from an external party that is subject to a non-disclosure or confidentiality agreement.

Anecdotal reports from other institutions of higher education — primarily ones located in California — indicate that some of their faculty and staff are currently being subjected to additional scrutiny by Customs and Border Protection (CBP) upon re-entering the U.S. from overseas . Specifically, CBP officers are reportedly searching computers, phones, and other electronic devices, and, at least in some cases, may be copying data from those devices.

In some cases, CBP officers may be checking a traveler’s device for evidence of data theft the traveler may not even be aware occurred. This type of data theft can be accomplished by surreptitious access to the traveler’s electronic devices while they are traveling in foreign countries.

According to Miami University General Counsel Robin Parker, the broad authority of CBP to search individuals and their possessions at ports of entry has been repeatedly upheld by federal courts.

Because CBP agents may legally seize electronic devices and hold them for inspection, all sensitive data should be secured and wiped from any device a Miami employee plans to take out of the country, prior to exiting the U.S. Faculty and staff who need to access sensitive data while abroad should consult with Joe Bazeley, Miami University Information Security Officer, to determine the best approach for accessing the data upon arrival at their overseas destination.

Finally, Miami University employees are advised not to refuse CBP officers access to any university-owned device because doing so puts the device at risk of being seized.

Photo of Customs and Border Protection officers by Gerald Nino, U.S. Customs and Border Protection via Wikimedia Commons, public domain. Information security image by Pixabay via Pexels, used under Creative Commons license.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.