| York St John University | University in the Heart of York | Search | Site Map |

We use cookies on our website to provide you with the best possible user experience. Disabling these cookies may prevent our site from working efficiently. To find out more about our cookies read our privacy policy.

Guidance on Data Encryption

Guidance on Data Encryption and the use of TrueCrypt Encryption Software

When should data be encrypted?

Confidential or sensitive data such as personal information that is stored and transmitted on portable devices such as laptops should be secured against unauthorised access.

Historically, passwords have been considered sufficient to protect portable devices. However, it is now recommended by the Information Commissioner to “encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen”.

ICT Services staff will install and configure encryption software on university laptops on request.   If you are unsure if the data you need to store or transmit using a portable device should be encrypted in addition to the use of passwords, please contact ICT Services and the Data Protection Officer for further advice.

 

What encryption software is used?

ICT Services have selected TrueCrypt as the university’s encryption tool.  It is open source software and can be used on Windows, Mac and Unix.  It can be used to encrypt folders, USB flash drives as well as internal hard drives.

Mac users may wish to use the built-in ‘FileVault’ encryption utility as an alternative to TrueCrypt.

 

Essential Information about the use of Encryption and TrueCrypt

  • You should keep a master copy of any encrypted data on the university network.
  • The TrueCrypt password must not be written down and kept with the portable device as this would be deemed as negligent as not having the data encrypted.
  • You should only take confidential or sensitive data off-site where it is essential.
  • TrueCrypt does not have a password recovery feature. If the password is lost or forgotten it will not be possible to decrypt the data.  ICT Services will keep a copy of the initial TrueCrypt password for a device on file for end-users of University devices but if the password is subsequently changed and ICT are not informed they will not be able to decrypt the data.

 

How do I arrange for my laptop to be encrypted?

University laptops

All newly issued laptops from March 1 2011 will have TrueCrypt installed and it will be configured in liaison with the laptop user.  If you have a laptop issued prior to March 1 2011, please contact ICT Services to arrange installation and configuration.

 

Privately owned laptops / computers

If university data is stored on non-university owned devices, then the owner is responsible for the security of that data.  It should be protected by all appropriate security software and mechanisms for that device to ensure minimise the risk of a data breach.  If you wish to install TrueCrypt encryption software (at your own risk) then information on installation and configuration can be found at http://www.truecrypt.org/.

ICT Services are available to offer advice and guidance if required.