Note Taking Device Guidelines and Agreement

Note Taking Device Guidelines and Agreement

Purpose of the Policy    

This policy applies to faculty and staff who wish to utilize one or more of the following tablet examples, or devices of similar nature:

• reMarkable Paper Tablets

• Supernotes

The objectives of these guidelines are to promote responsible usage, protect college resources, and ensure the privacy of sensitive student information.

Our research found that popular paper tablets currently lack proper encryption at rest, strong password capabilities, or the ability to be managed by GRCC. Therefore, if your device contained sensitive data and was lost or stolen, it would need to be reported.
 

User Responsibilities Highlighted   

Acceptable Use: When using a tablet for GRCC work purposes, the Acceptable Use Agreement (AUA) must be adhered to as it would be with any other device you use. 

GRCC’s Acceptable Use Agreement

Acceptable uses for the tablets include but are not limited to: general note taking and reading documents that do not contain regulated data - you should NOT use them if you are working with sensitive information such as, or related to student data, PII, FERPA, HIPAA, etc.  

Syncing Features:

• When connecting the tablet to your GRCC laptop or using any desktop application, please ensure that you are not syncing to GRCC Google Drive or other GRCC resources that may contain sensitive data.

• At this moment SuperNote and reMarkable applications are allowed to be used with non-sensitive data. The important thing to remember is that it is NOT approved to have sensitive data on the tablet or within the supporting applications.

• Syncing email accounts to these devices is also prohibited because sensitive data can often be found in emails.

Security Best Practices     

• Password Protection: Your tablet must implement a screen lock passcode/pin for any time it is not in use. If a pin is the only option, it's important to make it as strong and as difficult to figure out as possible. 

• Software Updates: Ensure that regular updates occur for the operating system and applications in order to prevent vulnerabilities on the device. We recommend turning on “Automatic Updates” when the option is available.

• Lost or Stolen Devices: If a device is lost or stolen and it may have contained prohibited sensitive data or synced to GRCC resources where sensitive GRCC data is stored, it is important you report it immediately using the Report Lost or Stolen Device page.

Software and Applications    

• Approval for Software and Applications: College-owned tablets should only have software and applications that are approved by the IT Department. If you are uncertain if a certain software or application has been approved, please submit a ticket to IT Support.

• License Compliance: Be aware that you are using software and applications within licensing agreements and copyright laws as outlined in the Terms & Conditions when using the software and applications on the tablet device. 

Compliance with Laws and College Policies    

• Data Privacy: Ensure you are complying with data protection laws (e.g., FERPA) and college data privacy policies.
   

Conclusion

These devices can be a benefit to use for note taking purposes but they also pose a risk when sensitive data is involved. If you use one of these devices, it is your responsibility to ensure sensitive data is not stored on the device nor synced to it. If you have any questions regarding this, do not hesitate to reach out to IT Security at ITSecurity@grcc.edu

Review and Updates    

This is a living document. Items are subject to change at any time.