What is encryption?
Encryption is a way of protecting your data by converting it to a format that is unreadable by anyone except those with a special key. When using your computer, encryption software is as invisible as antivirus software. The technology has come a long way to ensure that you are not slowed down nor affected by its presence as you work. The peace of mind that your data is protected is well worth the twenty minutes it takes to install it!
Why is encryption important?
Encryption reduces your risk of exposure of sensitive and confidential information to unauthorized individuals, so that only those who should access your information can.
What types of data need to be encrypted?
By University policy, if a computer or mobile device stores any of the following information, that information must be stored on the device’s hard drive in an encrypted manner using a product approved by the University’s IT Security Officer:
- Information protected by general privacy laws about you or anyone else, also known as personally identifiable information or "PII". PII includes Social Security Numbers, other national IDs, dates or places or birth, mothers' maiden names, credit card numbers, banking or investment account numbers, driver’s license numbers, health insurance policy IDs, passport and visa numbers, tax information, and any other identifying code that can be used for identity theft purposes.
NOTE - If a device (institutional OR personal) with University-entrusted PII is lost or stolen, the University must determine whose information is on the device and, for each individual, his or her permanent state/country of residence. The privacy laws in each state/country of residence may require the University to notify the state's/country's affected residents and, in some cases, to notify other parties (e.g., the Attorney General, the press) and/or to provide credit protection. However, most privacy laws waive or reduce these obligations, if it can be proven that the PII on the lost or stolen device is encrypted.
- Additional student information, e.g., student admission applications and supporting documents, student grading information, student dissertations, reader’s reports, student financial support documents, student health records, disciplinary information.
- Additional faculty/staff information: e.g., University and employee ID numbers, CVs, resumes, employment applications, personnel files, performance reviews, benefits information, salary, personal contact information.
- Alumni and donor contact information and non-public gift amounts
- Applications for employment (hired or not hired)
- Protected research
- Information covered by non-disclosure agreements
- Princeton internal memos and e-mail
- Completed Princeton forms, e.g., travel and expense documents
- Privileged attorney-client communications
- Digital copies of signatures
- Non-public University business documents, e.g., contracts, reports, budgets, plans, financial information, policies and procedure manuals
- Any data obtained through a University or departmental system that requires an ID and password for access
Frequently asked questions
Who will install encryption software on my computer?
An OIT representative or your local departmental support representative must install laptop encryption. Contact your local department support representative or the OIT Help Desk at 8-4357(HELP) to request encryption.
What changes will I see after encryption software is installed?
Nothing! After encryption software has been installed, you will log into your laptop with your NetID and password as before.
How much power and memory will encryption take while I am working?
Once the initial process of encrypting your hard drive is complete the impact of the encryption software is negligible.
Does the software encrypt as I type or when I click "Save"?
As soon as a new file is opened for creation, the encryption process begins because the entire hard drive is encrypted. This happens before the application does a “save” of the file.
What types of files will be encrypted?
Your entire local hard disk is encrypted – even unused, empty space. This means that while the operating system accesses any local files (reads/writes) those files are always in an encrypted state. If files are copied, moved, or backed up to network storage they are automatically decrypted as they are copied, moved or backed up. All local files are encrypted – text files, an access database file, a local SQL/Mysql/Oracle database file – all files!
Will people be able to read my e-mail attachments?
Yes. Attachments are encrypted when they are stored on your local hard drive. However once the file is attached to an e-mail it becomes decrypted (within the e-mail). This means the recipient will be able to open the file. The original attached local file is still encrypted.
What if I need the encryption software removed?
If a machine needed to be un-encrypted, please contact your local department support representative who will ensure the encryption is done properly according to standard procedures.
Will local databases (Oracle/Access) be encrypted?
Yes, as long as the file is located on the hard disk that is encrypted. If the file is located on a network database server, then NO. Database files that are encrypted and then moved to a network database server are decrypted as they are moved off the machine. There is no impact to files/tools used to run scripts (e.g. cognos, .cpg files)
Where can I go for additional help?
You are always welcome to contact the OIT Support and Operations Center. Call 258-HELP or email firstname.lastname@example.org.