Encryption advice

All members of the university must act in accordance with the relevant laws and University Information Security Policies.

Encryption is a means of preventing anyone other than those who have a key from accessing data, be it in an email, on a computer or on a storage device. In all cases you need to consider the security of the encryption key(s) and it is recommend that you lodge these securely with a trusted third party (who, preferably doesn't have access to the files) so as to ensure their availability in the event of key loss.

The Information Commissioner has made it clear that personal data subject to the Data Protection Act must be encrypted whenever it is "transported" or "conveyed". This includes data stored on physical media (laptops, CD/DVDs, USB drives, etc.) as well as data transmitted electronically (University email, OneDrive, Sharepoint etc.). Failure to do so could result in action being taken against the University in the event of data loss. Encryption of data using UOB-approved software and/or devices is one method of protecting against breaching the data protection principles and should further be used if transporting or conveying restricted UOB data.

For specific guidelines see:

Flow chart showing when data should be encrypted
Screenshot: flow chart showing when data should be encrypted.

For further information see: