General Travel Tips to Secure Your Data and Laptop
Travel is crucial to conducting and promoting business and research. When traveling for business, most employees and researchers find it necessary to carry a laptop to stay connected with their office, access the internet, and work on business documents.
Before traveling consider the following questions. Do the files on your laptop contain:
- student information such as grades, your comments on a student’s work, or any other non-directory information on a student?
- proprietary information, including unpublished research such as drafts of articles, in-progress projects, data sets, or third-party proprietary information?
- institute data that can not be recovered if your computer is lost or stolen?
- personal information such as tax returns, any social security numbers or health record information on you or a family member?
If you answered yes to any of the above questions, contact the Office of Legal Affairs at firstname.lastname@example.org.
Before Domestic Travel
- Back up your data and leave a copy of your files in a safe and secure location such as your office or a Georgia Tech fileserver.
- Ensure that your operating system has a strong password or passphrase when it boots up.
- Password-protect, encrypt, or remove all student, personal and proprietary information stored on your laptop.
- Turn off file-sharing and print-sharing.*
- Apply all software patches and updates.*
- Ensure that anti-virus, anti-spyware, and personal firewall software is installed on your laptop.*
- Install a Virtual Private Network (VPN) client on your laptop so that you can securely access GT resources such as Peoplesoft, Banner, Techworks, and BuzzPort while traveling. If your department does not have a VPN client, have your Computer Support Representative (CSR) install the GT VPN client on your laptop prior to travel.*
- Plan ahead and purchase a tracking application for your laptop in case it is lost or stolen.
- Plan ahead and consult with your CSR on how to securely access your department’s fileserver, mail server, or desktop when traveling.
*If you are not responsible for managing your laptop, consult with your CSR regarding this task.
International Travel Tips to Secure Your Data and Laptop
International travelers should take extra precautions. Certain information, technology, software, and equipment you take with you may be subject to U.S. export control laws. You must ensure that all the information and software on your laptop can be safely and legally transported to another country.
You may take a laptop on international travel if it does not contain any work or data involving projects with:
- Foreign National Restrictions: A grant/contract/project that contains a restriction on the use of foreign nationals.
Note: For export control regulation purposes, an individual is NOT a foreign national if he/she: Is a U.S. citizen; Is granted permanent residence (“green card”); or Is granted status as a protected person (political asylee)
- Publication Restrictions: A grant/contract/project that contains a restriction on the publication or disclosure of results to the public or unapproved parties
- Technology Control Plan (TCP): A TCP may be put in place on a grant/contract/project to control the dissemination of controlled information, data or defense service as defined in the International Traffic in Arms Regulation (ITAR) to foreign persons. Warning: While traveling outside the U.S. be sure not to send, access, or have anyone send you email regarding a project restricted by a TCP.
- Proprietary Information: A grant/contract/project that involves information that is not public knowledge (such as test results or trade secrets). The recipient is generally duty bound to desist from making unauthorized use of the proprietary information.
Before International Travel
- Complete all the steps noted in the section “Before Domestic Travel.”
- Fill out the GT Travel Authority Request (TAR) form carefully if you plan to travel with a laptop since you may be personally liable for violations of export control laws.
- If any responses to the international travel questions on the GT Travel Authority Request (TAR) are “Yes”, forward the complete form to the Office of Legal Affairs at email@example.com or fax it to 404.894.3120. Form should be submitted at least 30 days prior to travel.
- Visit the GT export control website at http://www.export.gatech.edu to familiarize yourself with the kinds of information, technology, software, and equipment that are export controlled.
- Remove all work from your laptop that contains proprietary information, export controlled information, involves a project with foreign national restrictions, publication restrictions and/or a Technology Control Plan (TCP). Export controlled information must not be accessed while visiting a foreign country, even via a VPN.
- When traveling abroad, you are required to keep mobile devices (laptop, PDA, cell phone, etc) in your control at all times. Read more at http://www.access.gpo.gov/bis/ear/pdf/740.pdf, section 740.9.
- Check the US Department of State’s website for up-to-date international travel advisories and warnings.
When You Should Contact the Office of Legal Affairs
- If any responses to the international travel questions on the GT Travel Authority Request (TAR) are “Yes”.
- If you’re traveling with specialized software and/or equipment, or if your laptop is encrypted, first contact the vendor/manufacturer or visit their website to obtain the Export Control Classification Number (ECCN). Once you obtain the classification number, provide it to the Office of Legal Affairs at firstname.lastname@example.org.
When You Should Contact the Office of Information Technology
- If you need to borrow a “clean” laptop for business travel.
- If your laptop is lost or stolen; or you suspect your laptop, PDA or other electronic equipment has been compromised; temporarily confiscated; tampered with; or if a suspicious incident and/or contact occurred during your travel, contact OIT immediately upon your return. GTRI employees should contact the GTRI Research Security Department.