Encryption is the process of encoding messages or information in such a way that only authorized parties with the correct decryption key can read it. Encryption does not in and of itself prevent interception of information, but it prevents the interceptor from reading it.
When to Encrypt Data
Your Own Files
Consider file encryption to prevent others from accessing your personal data should your device be lost or stolen. Remember to:
- Delete files securely when you no longer need them to prevent others from finding traces of them.
- Erase and dispose of devices securely when you no longer need them.
U-M Data on Personal Devices
- Do not store U-M data classified as Restricted on personal devices.
- Encryption required. If you are permitted to access or store university data classified as High on personal devices, you must encrypt those devices.
- Encryption recommended. If you are permitted to access or store university data classified as Moderate or Low on personal devices, it is recommended that you encrypt those devices.
- MiWorkspace. MiWorkspace-managed laptops are encrypted. Neighborhood IT staff can assist with encypting other devices as needed.
- Michigan Medicine. Health Information Technology & Services provides devices to Michigan Medicine faculty and staff and is primarily responsible for the maintenance and security standards of those devices, including encryption.
- Unit-Managed Devices. Please contact your unit's IT staff if you need assistance with encryption.
How to Encrypt Data
- Encrypt Your Mac with FileVault
- Encrypt Your Windows Computer With BitLocker
- Use Encrypted Thumb Drives
Why You Should Encrypt Your Data
Encryption protects confidential data from unauthorized disclosure if your mobile device is lost, stolen or confiscated. You have a responsibility to protect university data by using encryption in accordance with the U-M IT standard Encryption (DS-15).
Due to the potential impact on individuals—as well as the high costs and negative publicity of required notification and the potential fines and legal ramifications—of a sensitive data breach, encryption of sensitive data is important. When properly implemented, encryption is recognized as adequate protection, resulting in exemption from most notification laws if a device with sensitive data is lost or stolen.