UD IT | Encrypting Personally Identifiable Information (PII)
Encrypting Personally Identifiable Information (PII)
To better protect the sensitive data that the University of Delaware collects, all computer files that contain confidential, sensitive, or high-risk information must be encrypted.
Encryption is a process whose goal is to make
data usable only by those who are authorized to do so.
When you encrypt a file you use a
specific key to make a copy that is generally unreadable. The file can only be decoded using a matching decryption protocol
and an appropriate decryption
key. In essence, encryption is a form of digital lock that
prevents anyone from accessing data without one of these keys.
If a computer is stolen or used by someone without permission, encrypted files and folders will be inaccessible.
Use the tabs below to learn more about the University of Delaware's PII guidelines:
PII Storage and Encryption ⬇
Any files containing sensitive Personally Identifiable Information (PII),
including, but not limited to, Social Security numbers and
health information, must be stored safely, preferably on a central UD service that uses encryption.
Files containing sensitive PII stored on centrally managed servers,
departmental file servers,
personal computers, or other departmentally managed devices or
storage must be encrypted.
You must always re-encrypt a file if you've made any changes to it.
Delete unencrypted copies of a file after you've made an encrypted version.
AES Crypt, like some other encryption software, makes an
unencrypted copy when you open an encrypted file. Delete the unencrypted copy when you are done viewing a file.
Remember the key (password)
you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encrypted with AES Crypt. They will remain encrypted and inaccessible forever. (Click
Encryption Key Management below for more
Contact your department's or college's IT Professional or the
IT Support Center if you require assistance while working with
⬇ Encryption Key Management
Work with your unit administrator to decide how you will select encryption keys. You will do one of the following:
If IT encrypted one or more of your files with AES
Crypt, you can continue using the key IT provided.
If you choose to use your own key, you will need to choose a strong key that is impossible to guess. You are advised to use random letters, numbers, and symbols. Consider using a password generator to create a secure key.
Check with your unit administrator to understand how your unit will keep encryption keys secure and available for operational continuity. Your unit's encryption keys:
must be secured from loss, destruction, unauthorized access or modification at the same level as the data they protect
must not be stored or sent in clear text that
identifies them as encryption keys or that identifies the
file(s) they protect.
When sharing an encrypted file,
send the key using a different communication channel from the
one used to send or share the encrypted file. For example, do
not send the key in the same e-mail message that contains a link
to the encrypted file or that includes the encrypted file as an
attachment. Instead, communicate the key using a separate
e-mail, a phone call, or an in-person meeting.
Remember the key (password) you used to encrypt your files. If the key gets lost, there is NO way for IT, or anyone, to decrypt files encyrpted with AES Crypt. They will remain encrypted and inaccessible forever.
There are several ways to encrypt files containing PII. IT uses AES Crypt to encrypt files containing Social Security Numbers (SSNs) found during routine scans of University servers. If you see a file with the ".aes" file extension, it has been encrypted. To receive the password to decrypt the file, you must contact the IT Support Center.
In addition to AES Crypt, both Windows and Mac operating systems have built-in encryption functionality. Microsoft Office for both Windows and Mac also has built-in encryption specifically for Office documents.
Microsoft Office's built-in encryption allows you to directly and easily encrypt Office files from within their respective applications (Word, Powerpoint, Excel). The encryption is automatically updated with each save, which helps streamline your workflow while maintaining PII security.