Skip to main content

To: Business Managers

From: Karol Kain Gray, Vice Chancellor for Finance and Administration
Chris Kielt, Vice Chancellor for Information Technology and CIO
Chief Jeff B. McCracken, Director of Public Safety
Date: September 6, 2013

Electronic portable devices such as smart phones, USB drives, laptops, etc., carry with them an increased risk of being lost or stolen. As stewards of the University’s digital information, it is important that each of us exercise care and sound judgment in our use of University and/or personally-owned electronic portable devices that are used to conduct University business. Previously, the risk associated with a lost or stolen device was the monetary value of the unit; however, now the value lies in the personal and business information that is embedded in or accessible through use of the device.

To ensure that University information is properly secure and in order to maintain the public trust, each of us is obligated to report lost or stolen electronic portable devices. As stewards of University information, we have an obligation that extends beyond property owned by the University, to include any personally-owned devices that have been used to view, access or store sensitive, University-owned data. The report of loss or theft of such a device should be considered an “incident” under the University’s Incident Management Policy and must be reported in the same manner as any other event involving risk to sensitive, University-owned data.

If you experience the loss or theft of personal or state property that has been used to view, access or store sensitive University-owned data;

  1. Call the Information Technology Services (ITS) Help Desk at 919-962-HELP.
  2. Ask to submit a “critical” Remedy ticket to the ITS-Security group regarding a security incident.
  3. Do not provide additional detail until you are communicating with an incident handler from the UNC-Chapel Hill Information Security Office.
  4. Provide a telephone number at which you can be reached shortly thereafter.
  5. In addition, if you experience the loss or theft of any state property you are also required to file a report with the UNC-Chapel Hill Department of Public Safety at 919-962-8100.

State law (NC General Statute § 114‑15.1.) requires that a University employee report the loss or theft of state property “… as soon as possible, but not later than three days from receipt of the information or evidence of the lost or theft…” NC General Statute § 114 15.1, in turn, requires a state agency to report misuse, loss or theft of state property within 10 days.

The ITS Information Security Office maintains a number of documents, cited below, that clarify sensitive, University-owned data:

In addition to good stewardship of University information, there are legal requirements (e.g., HIPAA, NC Identity Theft Protection Act and others) that impose an obligation to report the unauthorized release of certain types of sensitive data that might accompany the loss or theft of a device.

Your involvement is an important component of the protection of University digital information. For additional information, please contact ITS-Information Security or the UNC Department of Public Safety.

Thank you for your cooperation in this matter.

Note: This memo is also being sent to Deans, Directors, and Department Chairs as well as all University Staff. An electronic version of this memo can be viewed at:

Comments are closed.