This content is viewable by Everyone

Device Encryption

Save

Audience: Affiliate, Faculty, Staff, Student, Technical Partner, Volunteer
Service Category: Security
Owner Team: IT Security
Service:
Dell Data Protection Encryption (DDPE)

What is encryption? Why do I need it?

Encryption is the process of encoding information so that only authorized persons can read it. It is used to protect confidential and legally protected data.

In this case, "legally protected" has real and serious meaning. If an unencrypted laptop, tablet, mobile phone or other device is lost or stolen, and if it contained legally protected information, you or the University might be held liable for damages, you could be sent to prison, or the University could take corrective action against you.

The UCSF Minimum Security Standards state, “Given the prevalence of restricted data in the UCSF environment, all endpoints (desktops, laptops and mobile devices, including smartphones and tablets) used for UCSF business must be encrypted." See UCSF Minimum Security Standards for Electronic Information Resources.

Question: What devices need to be encrypted?

Answer: Almost all devices used for UCSF business, research or studies.

This is true:

Whether or not they are owned by UCSF
Whether or not the device currently contains legally protected data
Whether or not the device is likely to contain legally protected data in the future

Question: What devices do not need to be encrypted?

Answer:

Devices that are never (which means NEVER) used for UCSF business, research or studies.
Devices that are used for UCSF business, research or studies that do not contain legally protected data and are incompatible with encryption solutions UCSF IT provides. These devices don’t need to be encrypted, but you must complete and submit the Request device encryption waiver for each one.

You must report lost or stolen devices.

You are legally obligated to report a lost or stolen device used for UCSF business, research or studies. This is true:

Whether or not UCSF owns it
Whether or not it contains legally protected data
Whether or not you know if it contains legally protected data
Whether or not it was encrypted

Devices include: desktop computers, laptop computers, tablet computers, mobile phones, CD-ROMs, DVD-ROMs, floppy disks and any other media that can store data.

Encrypting computers

To encrypt computers for Mac and Windows, including desktops and laptops, see:

How to Encrypt Your Computer

How To Determine Your Computer Encryption Status

Encrypting mobile phones and tablets

iPhone and iPad (iOS)

If you have an iPhone 3GS or later, your iPhone includes hardware encryption. If you use it for UCSF business, research or studies, complete the iPhone ActiveSync Email Configuration.
All iPads include hardware encryption. If you use yours for UCSF business, research or studies, complete the iPad Email Configuration.
iPhone 3G and earlier models may not be used for UCSF business, research or studies.

Android

Follow the instructions at ActiveSync Settings for Android for setting up your UCSF email on your Android phone; this will also ensure that your phone is encrypted.

Microsoft Windows Mobile and BlackBerry

If needed, contact the IT Service Desk (415-514-4100) for help.

Encrypting USB drives, CD-ROMs, DVD-ROMs, floppy disks, and other data-storing devices

First, copy the data to an encrypted device. Then securely remove the data from the original device.

1. Copy the data to an encrypted device

You can:

Copy the data to your encrypted desktop or laptop computer. You can use UCSF Box on an encrypted computer to store data securely and share it with UCSF collaborators.
Buy an encrypted portable storage device and copy the data to it. (See Recommended Security Products.)
Activate DDPE Removable Storage Encryption on a removable storage device and use it to store the data you've copied.

Once you've copied the data from the original drive to the encrypted device or drive, make sure the data was copied successfully before removing the data from the original device.

2. Destroy or securely remove the data from the original device

If you can securely erase the original device, you may use it for things other than UCSF business, research or studies.
If you cannot securely erase the original device, send it to be securely destroyed. See Drive, Tape and Data Destruction.