Before You Go
No device can be protected at all times. Your data or device may be lost, stolen, or hacked while you are travelling, or it could be subject to seizure by authorities.
When you are travelling outside of Canada, there are different laws and requirements related to the use of technological devices and information. The expectation of privacy also varies dependent upon the country you are visiting.
Every country has its own expectations with respect to importing and exporting technology, information protection and privacy, legal and illegal content, and freedom of speech. It is highly recommended that you make yourself aware of the local laws with respect to devices and data for the countries to which you are travelling.
Travellers should expect their devices (phones, laptops, tablets, etc.) to be openly examined and scrutinized by immigration officials and perhaps local law enforcement. You may be expected to give officials your password to unlock your devices or decrypt your data and failure to do so could result in your device being confiscated and possible detention or expulsion from the country.
You are encouraged to contact Research Security (researchsecurity@ucalgary.ca) to inquire about a Security briefing, in advance of your departure.
This is the online version of Cybersecurity Tips for International Travellers. Download a copy of the documentation for your use.
For more tips on how to keep your systems and data secure, please review the UCalgary IT security website.
Check out their new YouTube video as well.
No device can be protected at all times. Your data or device may be lost, stolen, or hacked while you are travelling, or it could be subject to seizure by authorities.
Data and devices that are legal in Canada may be illegal in other countries. Check the Global Affairs Canada Travel Advice and Advisories for the country you will be travelling to. Choose the Laws and Culture tab. It will usually include a section on imports and exports that may indicate if a particular type of technology is illegal for import.
Use unique passwords for accounts you will use during your travel. When returning from travel, change the password as soon as possible after you return. Be aware that all of your passwords are at risk of being detected and recorded.
If you are carrying departmental data on your device, ensure that you have authorization to take the data off‐site.
Consider a temporary email account, where possible, to avoid your UCalgary or personal email history and content being copied or monitored.
Only take the data you will need to access while travelling. Consider previously deleted information on your device, as it is not automatically removed from a hard disk or storage environment.
If possible, travel with clean formatted loaner technology rather than your day‐to‐day working devices. If you are a UCalgary employee using a university owned device, contact the IT Support Centre for assistance.
Do not carry materials or information perceived to be linked to sensitive topics in that country.
Keep your data on an encrypted/password protected USB device instead of your computer.
Encrypt sensitive information at all times and ensure that you understand the classification of data that you are carrying when you travel. If you are carrying university owned or research data, see the Information Security Classification Standard. If your data includes Level 3 (Confidential) or Level 4 (Restricted) information, contact your IT partner prior to travelling with this information.
Consider setting up additional security measures if it is necessary to connect to the university’s network. For example, you may want to move data you need while travelling to OneDrive so you can access it securely online and avoid syncing data on any mobile device you may be carrying with you, or you could set up multi‐factor authentication to increase webmail security.
For example, remove your gmail account from your device (with all your email and contacts) prior to going through immigration and security. Once you have passed through those points, you can add it back on to your device. This will allow you to comply with any immigration or security requests to view your device information. You may also consider doing this with any banking information that you have on your device.
If you are asked by an immigration or other law enforcement official to unlock or decrypt your device for their perusal, accede to their request in accordance with local legal requirements.
If your device or data is stolen while you are abroad and it is university owned equipment or university data, report it to the university’s IT Security Department as well as Campus Security.
Excercise caution before sending documents or information abroad that would fall under the coverage of that country’s secrets laws.
Public infrastructure is easily modified to detect and record anything that is typed to them including account identifiers and credentials.
Consider that all network connections, including encrypted connections, are being monitored.
Be aware of websites that may push inappropriate content or malware without your authorization
Do not install software from an unknown source or software that is delivered through an unknown channel.
Lock all unattended technology to prevent unauthorized access, do not allow anyone to use or access your device.
If your device has been compromised unknowingly during travel, it is a risk to all systems that the device connects to. If it is university owned equipment, do not use the technology upon return without it being wiped and refreshed by the IT Support Centre.
The content, not the medium, determines the treatment of the data. Protect notebooks and paper documents with the same diligence as electronic information.