Recommendations for Securing Mobile Devices

Policy Type

Best Practice

The following recommendations apply to all mobile devices, including both personally and UCSF-owned mobile devices used for UCSF business.

Mobile devices include, but are not limited to:

  • Smartphones and tablets
  • Text pagers
  • Cell phones
  • Removable storage, such as USB memory sticks, CDs/DVDs/tapes, etc.
  1. Avoid storing confidential data on mobile devices entirely. Consider a more secure alternative method for storing confidential or protected health information.  UCSF-protected servers should be the first option for storage of confidential or electronic protected health information (ePHI).
  2. If you can't avoid using confidential data on a mobile device, store only the minimum amount of data necessary to do your work and remove it as quickly as possible
  3. Never leave mobile devices unattended or in vehicles. Maintain appropriate physical security for mobile devices. Use cable locks when possible.
  4. Only use PIN/password-protected encrypted devices.   
  5. Enable all security features the device may have.
  6. Report the loss or theft of a mobile device as soon as possible to the UCSF Police at 476-1414.

We recommend using UCSF devices to perform UCSF business.  If you must use a personally owned device for UCSF business, you must comply with the UCSF Minimum Security Standards (/policies/ucsf-minimum-security-standards-electronic-information-resources).

Among other requirements, you must encrypt your personal device.  For instructions on encrypting your personal device, visit this page /how_do/encrypt-my-personal-laptopdesktop-installation-guidelines.  

If you have questions or need additional information, please contact IT Customer Support at 415-514-4100.