This content is viewable by Everyone
Device Encryption
- Audience: Affiliate, Faculty, Staff, Student, Technical Partner, Volunteer
- Service Category: Security
- Owner Team: IT Security
What is encryption? Why do I need it?
Encryption is the process of encoding information so that only authorized persons can read it. It is used to protect confidential and legally protected data.
In this case, "legally protected" has real and serious meaning. If an unencrypted laptop, tablet, mobile phone or other device is lost or stolen, and if it contained legally protected information, you or the University might be held liable for damages, you could be sent to prison, or the University could take corrective action against you.
The UCSF Minimum Security Standards state, “Given the prevalence of restricted data in the UCSF environment, all endpoints (desktops, laptops and mobile devices, including smartphones and tablets) used for UCSF business must be encrypted." See UCSF Minimum Security Standards for Electronic Information Resources.
Question: What devices need to be encrypted?
Answer: Almost all devices used for UCSF business, research or studies.
This is true:
- Whether or not they are owned by UCSF
- Whether or not the device currently contains legally protected data
- Whether or not the device is likely to contain legally protected data in the future
Question: What devices do not need to be encrypted?
Answer:
- Devices that are never (which means NEVER) used for UCSF business, research or studies.
- Devices that are used for UCSF business, research or studies that do not contain legally protected data and are incompatible with encryption solutions UCSF IT provides. These devices don’t need to be encrypted, but you must complete and submit the Request device encryption waiver for each one.
You must report lost or stolen devices.
You are legally obligated to report a lost or stolen device used for UCSF business, research or studies. This is true:
- Whether or not UCSF owns it
- Whether or not it contains legally protected data
- Whether or not you know if it contains legally protected data
- Whether or not it was encrypted
Devices include: desktop computers, laptop computers, tablet computers, mobile phones, CD-ROMs, DVD-ROMs, floppy disks and any other media that can store data.
Encrypting computers
To encrypt computers for Mac and Windows, including desktops and laptops, see:
How To Determine Your Computer Encryption Status
Encrypting mobile phones and tablets
iPhone and iPad (iOS)
- If you have an iPhone 3GS or later, your iPhone includes hardware encryption. If you use it for UCSF business, research or studies, complete the iPhone ActiveSync Email Configuration.
- All iPads include hardware encryption. If you use yours for UCSF business, research or studies, complete the iPad Email Configuration.
- iPhone 3G and earlier models may not be used for UCSF business, research or studies.
Android
Follow the instructions at ActiveSync Settings for Android for setting up your UCSF email on your Android phone; this will also ensure that your phone is encrypted.
Microsoft Windows Mobile and BlackBerry
If needed, contact the IT Service Desk (415-514-4100) for help.
Encrypting USB drives, CD-ROMs, DVD-ROMs, floppy disks, and other data-storing devices
First, copy the data to an encrypted device. Then securely remove the data from the original device.
1. Copy the data to an encrypted device
You can:
- Copy the data to your encrypted desktop or laptop computer. You can use UCSF Box on an encrypted computer to store data securely and share it with UCSF collaborators.
- Buy an encrypted portable storage device and copy the data to it. (See Recommended Security Products.)
- Activate DDPE Removable Storage Encryption on a removable storage device and use it to store the data you've copied.
Once you've copied the data from the original drive to the encrypted device or drive, make sure the data was copied successfully before removing the data from the original device.
2. Destroy or securely remove the data from the original device
- If you can securely erase the original device, you may use it for things other than UCSF business, research or studies.
- If you cannot securely erase the original device, send it to be securely destroyed. See Drive, Tape and Data Destruction.
Additional useful encryption links
How To Determine Your Computer Encryption Status
Dell Data Protection Encryption (DDPE)
DDPE Frequently Asked Questions (FAQs)
DDPE Removable Storage Encryption
DDPE Removable Storage Encryption FAQs
Get help
Contact the IT Service Desk (415-514-4100).