Technology Guidance for International Travel
Best Practice When Traveling Abroad for University Purposes
In consultation with the Office of the General Counsel, the Office of Information Technology, and the Office of Internal Audits, the University of Minnesota recommends that travelers remove all existing University data from electronic media, such as laptop computers, tablets, USB flash drives, and smartphones, prior to international travel. The only University data files stored on the computer or media should be the minimal public data needed during the trip such as a presentation being given. Review Data Security Classifications by Type for examples of private-highly restricted, private-restricted, and public information. For most international travelers, a “clean” newly wiped and configured laptop is recommended. Any device taken out of the country should follow the process listed under Security Level High in the Media Sanitization Standard. Visit the Office of Information Technology Media Sanitization page for more information.
University private-highly restricted data should not leave the U.S. without the written approval of the Department Head, Dean, or equivalent administrator. If private-highly restricted data is necessary for University business, special arrangement involving remote access to the data on a server at the University will be necessary. Additional software may need to be installed and instruction on the use of the software may be needed prior to departure.
Furthermore, University travelers should be sure not to carry controlled technical data abroad except as authorized under the relevant export control regulations. For more information, please contact the University's Export Controls Officer, Pat Briscoe at firstname.lastname@example.org or 612-625-3860, or see the Sponsored Projects Administration’s Export Controls website.
Risk is avoided when confidential University information and private data is not stored on a laptop, USB flash drive, or smartphone. To ensure that no export controlled information is on electronic media and devices, all confidential and private information should be removed. University policy requires encryption of laptops and portable devices; however, encryption is not recommend when traveling abroad. To request an exception to the University policy requiring encryption, complete and submit the University Information Security Exception form.
Frequently Asked Questions
Why remove all data when only private-highly restricted data is a risk?
It is almost impossible for most people to remember the specifics of all the data stored on a computer, so it is likely something will be forgotten. The specifics of U.S. and foreign countries' import and export laws are complex, so we recommend removing all data from devices to avoid violating such laws.
What if my laptop is encrypted?
Encryption protects information on the laptop if it is lost or stolen. It does not address the laws of the country visited nor the U.S. laws. Officials of both the U.S. Customs upon re-entry to the U.S. and other countries may require access to the encrypted information. The University advises travelers NOT to take any sensitive information and NOT to take an encrypted laptop with them overseas under any circumstances.
What risks is this protecting me from?
Loss or theft of the electronic device is the biggest risk. But there are other risks such as non-compliance with the United States Export Administration Regulations (EAR), research data restrictions on export, and possible delays for U.S. customs service or other review of the data on the laptop upon re-entry. The worst case would be that an individual might be detained for breaking a U.S. or foreign law and/or confiscation of the device.
What if I need access to my research or other data
For most data that is not legally or contractually protected, a connection back to a University computer, such as Google Drive and departmental file server, is recommended. If the data is high risk and/or legally protected data, for example individual health information, social security numbers, export restricted and so forth, a special server and related software is available. Ask your departmental technology support person for information on use of this option.
Is there a tool available to securely wipe any browser cache and temporary files while I’m traveling?
Yes, for University owned computers, the R-Wipe toll has been licensed for faculty and staff use. Visit the link in the Resources below. There is a free trial version available for personal use at www.r-wipe.com/
When should the free U of M Virtual Private Network (VPN) software be used?
When accessing data at the University, use the University’s Virtual Private Network (VPN) software for encrypting data during transport. Use the VPN software when connecting wirelessly and when connecting via high-speed internet from a non-U of M controlled source, such as Comcast or Qwest .
Technology Tips for Traveling Abroad
Prior to Departure
- Remove all University private and sensitive data and information from your mobile devices, including a laptop, USB flash drive, and a smart phone.
- Leave all private information and sensitive data at home or work in the U.S.
- Create back-up files and store them in your departmental file server.
- Clear all internet browser history.
- Borrow a "clean" departmental laptop if at all possible. Do not take your University work station with you abroad.
- If you take your personally owned electronic devices abroad, know that storing University private data on them is prohibited by the University. See Information Security.
- Remove all files, browser caches, temporary files, recently used file listings, and previously deleted files that are in the computer's unallocated space. For Windows, free R-Wipe & Clean is available to faculty and staff.
- Install a Virtual Private Network (VPN) on all of your mobile devices including a smart phone and a tablet.
- Set up a new strong password for each account that you might use abroad.
- Purchase or rent a cheap local cell phone. Make sure to report the new phone number to the University of Minnesota departmental contact, on-site partners, and family and close friends in the U.S.
- Avoid taking an encrypted laptop overseas. Some countries ban encryption.
- Apply all software patches and updates.
- Install anti-virus, anti-spyware, and personal firewall software.
- Set up remote wipe of data on your mobile devices.
- Consult with the University of Minnesota's Export Control Officer what mobile devices, software, and information are export controlled.
Traveling to China
Accessing and using technology when in China can be challenging. Some University of Minnesota students, staff, and faculty have been unable to access their UMN email and even some University websites while in China. Travelers should also consider potential export control and data security issues.
It is recommended that you review the University's Technology Considerations When Traveling to China before leaving for China.
While Traveling Abroad
- Carry your mobile devices with you at all times. Never leave them unattended.
- If your phone or laptop is stolen, report it immediately to the local U.S. Embassy or Consulate. The Embassy can assist you in reporting the loss to the local police. Also, report the incident to your departmental IT support staff immediately.
- Do not trust public or free WiFi internet connections at hotels, restaurants, and airports.
- Use Eduroam where it is available.
- Avoid sending sensitive data or information via internet abroad.
- Always use the Virtual Private Network (VPN) while you are online abroad.
- Do not access information that is export controlled even via VPN.
- If you use a public computer or someone else's computer abroad, never access to or share the University private data or export-controlled information.
- Make sure to log out any programs that you use and sign out completely from your account.
- Do not post your travel plans on social media or public forums. Also, disable Geolocation on your mobile devices.
Upon Returning to the U.S.
- If the U.S. custom border protection or an official at custom abroad asks, you must cooperate with searches, answer questions, or turn over passwords.
- Return a borrowed mobile device and report any incidents to your IT support staff, especially when you suspect your mobile devices have been compromised, or if your mobile devices were temporarily confiscated or lost.
- Change your password for all accounts that you used abroad.
University of Minnesota Resources
- Cell Phone and Data Plan Business Expenses
- Data Security Classifications by Type
- Export Controls
- Export Controls FAQ
- Information Security
Office of Information Technology (OIT)
- Anti-virus Software
- Google Apps: Acceptable Use and Data Security
- Media Sanitization Standard
- R-Wipe & Clean
- Safe Computing
- University Information Security Exception Request
- Virtual Private Network (VPN)
Office of the Vice President for Research (OVPR): Sponsored Project Administration
- Export Administration Regulations (EAR)
- Export Controls
- Foreign Assets Control Regulations
- International Traffic in Arms Regulations (ITAR)
Academic Health Center