The Electronic Data Encryption Policy promotes good practice to ensure all confidential data, data about individuals and sensitive electronic data is stored and transmitted in a secure manner. This data should be encrypted before storing on mobile devices, including laptops, or transmitting outside the University's secure wired network. Avoid problems by not downloading data about individuals or sensitive data. Whenever possible access the data online using the remote desktop.
Third party hosting must not be used for University data unless held in a physically secure data centre in a country with enacted adequate Data Protection legislation or signatory to the Safe Harbour scheme, and has also been authorised by the Director of IS&T or nominee. All University encryption keys used must be stored centrally with IS&T.
Key Points
- It is the user's responsibility to ensure all confidential, personal and sensitive electronic data is encrypted if used away from the University secure wired network
- The use of third party hosting must be authorised beforehand
- The University's encryption keys must be stored centrally.