Data Encryption

Purpose

To establish the requirements for the application of encryption to data and equipment as a means of protecting the confidentiality, integrity and availability of the University’s information assets.

Scope

This Policy applies to all devices, physical or virtual where university data is classified as confidential or highly sensitive.

Policy

University classified information shall normally be created and stored within a University managed secured system, as per the University’s Data Storage Policy. However, when University classified information is transmitted outside such a secure system, it shall be encrypted in transit. Encryption in transit may include encrypting a file sent via email, encrypting a portable hard disk being used to transfer data or the use of encrypted transmission protocols such as SSL.

The individual handling University Information takes full responsibility for the application of the required security controls and for ensuring that the information is secure throughout its lifecycle, which will include ensuring the device is securely wiped of sensitive Information before disposal.

TRANSMISSION

In order to protect the confidentiality and integrity of the University's sensitive data; any data classified as confidential data, and having a required need for confidentiality and/or integrity, shall be transmitted via encrypted communication to ensure that it is protected and does not traverse communication channels in clear text. Refer to University Data Classification Guidelines for further clarification on the classification of university data. If transmission is to occur via email, please refer to How to use Secure Email.

STORAGE

In order to protect the confidentiality and integrity of university assets all instances of data must comply with the University Data Storage Policy.

Contact the IT Service Desk for support with email and device encryption protocols.

COMPLIANCE

THE UNIVERSITY CONSIDERS ANY VIOLATION OF THE DIRECTIVES OUTLINED WITHIN THIS DOCUMENT TO BE AN OBJECTIONABLE OFFENSE. FAILURE TO COMPLY MAY SUBJECT THE VIOLATOR TO DISCIPLINARY ACTION BY THE UNIVERSITY.

EXCEPTIONS

ANY EXCEPTIONS TO DIRECTIVES OUTLINED WITHIN THIS DOCUMENT ARE TO BE REVIEWED AND APPROVED BY THE SECURITY MANAGEMENT TEAM, AS NEEDED.

 

 

Last reviewed 1/16/2024