What is encryption?
Encryption is a method of protecting information by converting it to a format that's unreadable by anyone except those with a special key (usually a very long password). If a person doesn’t have the key required to decrypt that data, the information remains inaccessible.
How will I know what information is sensitive?
Definition of “sensitive” or “confidential” information (from the University of Alberta Information Access and Privacy Office):
Sensitive or confidential information refers to all information that has been collected or compiled in the conduct of operating the programs and services of the University and may include, but is not limited to:
- Personal information about an individual as defined in the Alberta Freedom of Information and Protection of Privacy Act
- Health information as defined in the Alberta Health Information Act
- Confidential business information of third parties
- Confidential information collected or compiled in the process of hiring or evaluating employees of the University
- Information collected or compiled in the process of law enforcement investigations
- Advice, proposals or recommendations, consultations or deliberations of the governing and administrative authorities of the University
- Information, the disclosure of which would harm the economic interests of the University
- Any information to which legal privilege including client-solicitor privilege may apply
Do I need to encrypt my computer if it is used to work with sensitive emails?
If you use an email client such as Microsoft Outlook or Apple Mail and it is configured to store a cached copy of email locally, then you will need to encrypt your computer. Alternatively you can disable caching of local emails or use a web based interface which does not store any information locally.
I mostly work with email; can email be encrypted?
Email by its very nature is not secure. Even if your computer is encrypted, email is often unencrypted while in transit and could be intercepted. With that in mind, the scope of this policy does not include the transmission of email, only the location where it is stored.
What encryption solution does the Faculty use?
There is no single encryption product that works across all devices. MedIT provides a list of recommendations for all of the Faculty’s standard desktops and mobile devices.
Does every computer and mobile phone need to be encrypted?
All mobile devices must be encrypted as per the University of Alberta's Encryption Procedure. Any personal computer storing sensitive information needs to be encrypted.
Do I have to encrypt my personal home computer if I use it for faculty business?
You are responsible for implementing appropriate security measures for any device that is used to save sensitive data, including personal computers and mobile devices located at home or on campus.
Will encrypting my computer keep it secure?
Even with encryption, your computer is only as secure as your login password. Make sure you use a strong password and change it frequently. When you need to step away, lock the screen or put the computer to sleep. You should physically keep track of your laptops and mobile devices at all times by not letting them out of your sight.
What do I do if I am using a Alberta Health Services Computer?
If you are storing Faculty sensitive information on a Alberta Health Services (AHS) computer, this device needs to be encrypted. You can get started by contacting the AHS IT Service Desk.
If I have questions about encryption and/or the policy, who do I contact?
Please direct your encryption questions to the MedIT Service Desk.