Institutional Compliance

Providing independent oversight of the University's Compliance Program

Encryption: The Key to Data Security

Submitted by Information Security Office  3/31/14

In today’s rapidly changing technological environment, computers are becoming more mobile while data storage devices (e.g. smart phones, flash drives, iPads, and external drives) are not only getting smaller but also holding more data. Due to the portability and ease of access to such devices, the need to understand data sensitivity and protection is increasing. At the University, much of the data that is stored is considered sensitive and falls under some form of regulation. A data security requirement common to all of these regulations is to encrypt sensitive data when it is stored on any computing device. What is encryption? Encryption is a procedure that codes or prevents visibility of data making it unrecognizable or inaccessible to unauthorized users or systems.
In order to comply with data protection rules outlined in many regulations and contracts, the University has created a policy requiring that all sensitive University data such as credit card, patient, student and certain research data must be encrypted. As the owner, custodian or user of sensitive data, it is your responsibility to be aware of and to comply with the appropriate data protection requirements. Please familiarize yourself with the University’s Data Encryption policy.

Not sure if this applies to you? Below are some questions to help determine if your computer, tablet, smart phone, flash drive, server or device should be encrypted:

  • Does the device contain sensitive information that falls under regulations such as, but not limited to, HIPAA, FERPA, and/or PCI-DSS?
  • Does my research grant contract state that all research data gathered for the project or for a 3rd party must be encrypted?
  • Does my device contain sensitive data such as employee personal or University proprietary information that if compromised would cause the University or employees harm?
  • Do I receive and store emails, texts, or audio-visual content containing sensitive information to my smart phone or tablet computer?

The University of Louisville has a solution when it comes to protecting sensitive data! The University provides an encryption solution to ensure the protection of sensitive University data and it is available for FREE from the iTechXpress store. For additional information on the University’s encryption solution please visit the IT website at: http://louisville.edu/it/departments/enterprise-security/information/pgp-encryption-information.

Encryption solutions and installations may vary depending on the operating system, device, and user preference. For help on what encryption option would work best for you, please contact your Tier I, the IT Helpdesk or the Information Security Office at isopol@louisville.edu .