Encryption software
No personal or confidential University data should be stored on unencrypted laptops, computers, memory sticks or other portable devices.
Overview
Encryption is the process of transforming information to make it unreadable to anyone who does not have some special knowledge (usually a passphrase), to make the encrypted information readable again.
Information stored on the hard-disks of desktops and laptops and stored on USB sticks and other portable media can be encrypted to protect it in the event of the device being lost or stolen. Due to their portability and widespread use, two of the biggest risks to information security come from unencrypted laptops and USB sticks.
Desktop encryption
Person-identifying data or confidential information should not be stored on desktop machines, but should be kept on the University's secure network drives. At the present time, the focus is on encrypting laptops as they are much more likely to be lost or stolen. Requests to encrypt desktops will be considered on a case by case basis through a risk assessment carried out by Faculty IT staff.
Personal data
Data Protection legislation gives a precise definition; it is best to assume that all information about a living, identifiable individual is personal data. This may include:
- factual information about an individual such as date of birth, national insurance number, bank account, name and address;
- sensitive information such as health, sexuality, criminal record, ethnicity, religion;
- opinions expressed, for example in staff development reviews or email comments.