MedIT

Encryption Policy

What is Encryption?

Encryption is a method of protecting information by converting it to a format that's unreadable by anyone except those with a special key (usually a very long password). If a person doesn’t have the key required to decrypt that data, the information remains inaccessible.
 
The best way to protect data is not to place it at risk by storing it on local computer hard drives, personal computers or mobile computing devices that are volatile and can be lost or stolen.  Instead, using the Faculty’s secure data storage servers ensures data remains on protected servers with backup and high availability capabilities. Sensitive information should be retained on local devices only when necessary and only when the local device is encrypted.
 
The Faculty of Medicine & Dentistry is critically dependent on its information technology resources to fulfill its academic and business responsibilities and must comply with applicable government regulations. Failure to protect sensitive information can negatively affect the Faculty’s ability to fulfill these responsibilities, its mandate, and can be damaging to the reputations of the faculty and university.
 
The University of Alberta Encryption Procedure mandates all mobile devices storing University information must be encrypted.  
 
The Faculty of Medicine & Dentistry Encryption Policy mandates all personal computers storing sensitive information must be encrypted.   
 
The purpose of these policies is to define the requirements for protecting sensitive data. The use of encryption is intended to mitigate the risk of confidential information being inadvertently disclosed to unauthorized third parties. 
Read the full University of Alberta Encryption Procedure (PDF)
 
Read the full Faculty of Medicine & Dentistry Encryption Policy (PDF)
 
 
Best practices and standards for Mobile Computing
 
 
 

Ask a Question

If you have questions about encryption and/or the policy, please direct them to the MedIT Service Desk.