Skip Maine state header navigation
Dept. of Administrative & Financial Services
Office of Information Technology
State custodians of electronic information will safeguard classified information stored on portable computer devices (common examples include laptops, pocket personal computers, hand-held devices, USB thumb drives, cell phones etc.) by properly classifying data, using encryption to prevent unauthorized access, and requiring written authority to copy data to portable devices.
To reduce the risk to the State if classified information is compromised, lost or stolen while on a portable device.
This standard applies to data custodian agencies within the
Executive Branch and semi-autonomous agencies of
“Set policies and standards for the implementation and use of information and telecommunications technologies, including privacy and security standards…”
1. Document Reference Number: 10.1
2. Category: Information and Data, and Security and Privacy
3. Adoption Date:
4. Effective Date:
5. Review Date:
6. Point of Contact: Mark Kemmerle, Enterprise Information Security Officer, Office of Information Technology, telephone: 207-624-8892.
7. Approved By: Richard B. Thompson, Chief Information Officer
8. Position Title(s) or Agency Responsible for Enforcement: Mark Kemmerle, Enterprise Information Security Officer, Office of Information Technology, telephone: 207-624-8892.
9. Legal Citation: 5 M.R.S.A. Chapter 163 § 1973. Responsibilities of the Chief Information Officer, paragraph 1B.
10. Waiver Process:
Appendix I SAMPLE
CONFIDENTIALITY AND NONDISCLOSURE AGREEMENT
It is essential and critical that all employees of Office of Information Technology having access to systems, files, data, or documents, provided by the Office of Information Technology, realize that many of these elements contain information relating to either Federal or State data, much of which is confidential in nature. For example, Maine Revenues Services, the Department of Human Services, Motor Vehicle, the Bureau of Employee Relations, to name only a few, are agencies regulated by Federal and/or State laws pertaining to disclosure of information.
Therefore, it is essential that all Office of Information Technology employees agree to recognize and conform to the following policies:
1. No employee shall disclose information relating to any data or information file accessed, viewed, provided by the Office of Information Technology or otherwise entrusted to their keeping.
2. No form of data - source documents, input, hard copy, magnetic tape or disk, or other media - shall be removed from Office of Information Technology immediate possession, by anyone or another State employee, without written authorization by either the Director or Deputy Director of the Office of Information Technology.
3. All data accessed, viewed or provided by the Office of Information Technology is the property of the Office of Information Technology. Requests for copies, extracted data, etc., can only be authorized by the department that originally supplied it. All authorizations granting copy, extracting, or other permission must be in writing prior to release of the information.
4. Office of Information Technology employees will make every reasonable effort to protect the integrity and the confidentiality of data accessed, residing or entrusted to them.
5. Each Office of Information Technology employee realizes and fully understands that unauthorized disclosure or removal of information in any form may result in disciplinary action, personal fines, imprisonment, or other action, resulting from due process of the law.
6. Any employee who suspects that the integrity or confidentiality of any information entrusted to them or the Office of Information Technology has been compromised is responsible for immediately notifying the Agency Information Technology Director, and Mark Kemmerle, Enterprise Information Security Director, and/or the Chief Information Officer.
ALL OFFICE OF INFORMATION TECHNOLOGY EMPLOYEES HAVING ACCESS TO INFORMATION SUPPLIED BY THE OFFICE OF INFORMATION TECHNOLOGY ARE REQUIRED TO READ AND SIGN A COPY OF THIS MEMO INDICATING ACKNOWLEDGMENT AND UNDERSTANDING OF THE ABOVE.
Employee Signature Date
 Best practice: The signed confidentiality forms, could be more specific than the provisions described in IV 1 a-d (e.g. authorizing access to particular applications’ screens) according to agency needs.