March 28, 2017
I just read an interesting article about safeguarding your private data when traveling abroad. We all know it makes sense to safeguard our personal confidential data, such as social security and financial account numbers. Stories of fraud and identity theft abound and are enough to chill the blood.
However, the risks only multiply when traveling abroad. Such risks include not only vulnerability to scammers and thieves, but also vulnerability to border-crossing agents and other government officials. Further, for various reasons, foreign (and domestic) governments may have a special interest in more than just personal financial and identity-related information, and may be interested in other information, including email and social media usernames and passwords. They may also be interested in your organization’s sensitive information and data.
Your organization’s confidential information likely is at risk.
Now more than ever, people routinely carry one or more electronic devices with them wherever they go. Think smartphones, tablets, laptop computers, etc. Also now more than ever, people use these devices not only for personal reasons, but also for organizational business. As a result, these devices often store confidential organizational communications and sensitive business information. They are also commonly linked to organizational information systems, and may store usernames and passwords. If persons are tempted to be lax when it comes to protecting their own personal confidential data, what is the risk they will also be lax (or ignorant) about security risks to sensitive organizational data? Thus, absent affirmative precautions, when persons travel abroad, they often put an entire organization’s confidential data at risk. The damage that can result from unauthorized access to this confidential information and data can be enormous.
Protecting your organization’s confidential information and data.
Organizations need to have well-thought-out policies and procedures to protect their confidential information when their personnel travel. Such policies and procedures can include a requirement that all devices with organizational communications or data stored on them (or used to access organizational systems), be encrypted. In appropriate circumstances, they might mandate that such devices be wiped of all organizational data before travel or left at home in favor of cheap “burner” devices. They also might include requirements that fingerprint readers be disabled, passwords be changed and stored only in password manager apps accessed securely in the cloud, and multi-factor authentication be used to access devices or cloud-based systems or information.
Of course, every organization’s circumstances differ. Thus, each organization’s policies and procedures should differ accordingly. You should also keep in mind that, depending on the countries involved, either or both the United States and the other countries might restrict or make it illegal to travel with an encrypted device.
So, what are your organization’s policies and procedures for protecting confidential information and data during travel?
Mark A. Wagner concentrates his practice in employment law, homeowners association law, and health care law, and serves as Chair of the firm’s Employment and Labor Practice Group.